OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

I add 'auth-user-pass-verify' to server.conf but now I can't connect.

https://forums.openvpn.net/viewtopic.php?t=22797

Page 1 of 1

I add 'auth-user-pass-verify' to server.conf but now I can't connect.

Posted: Mon Nov 14, 2016 11:31 am
by chineseman
As the title said .
server.conf:
proto tcp-server
port 1194
dev tun1
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir ccd
push "route 192.168.1.0 255.255.255.0"
auth SHA1
cipher none
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.1"
ca /etc/storage/openvpn/server/ca.crt
dh /etc/storage/openvpn/server/dh1024.pem
cert /etc/storage/openvpn/server/server.crt
key /etc/storage/openvpn/server/server.key
persist-key
persist-tun
user nobody
group nogroup
script-security 2
tmp-dir /tmp/openvpn
writepid /var/run/openvpn_svr.pid
client-connect ovpns.script
client-disconnect ovpns.script
username-as-common-name
auth-user-pass-verify /home/root/liukong/checkpsw.sh via-env

checkpsw.sh:
PASSFILE="/home/root/liukong/pw"
LOG_FILE="/home/root/liukong/log.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`


if [ ! -r "${PASSFILE}" ]; then
echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
exit 1
fi

CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`

if [ "${CORRECT_PASSWORD}" = "" ]; then
echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
fi

if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
exit 0
fi

echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1

I get a error in openvpn client 'Transport pause'

client.ovpn

client
dev tun
proto tcp-client
remote 110.86.72.83 1194
resolv-retry infinite
;float
nobind
persist-key
persist-tun
auth SHA1
cipher none
nice 0
verb 3
mute 10
auth-user-pass


Please help me !!

Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.

Posted: Mon Nov 14, 2016 1:14 pm
by TinCanTech
Please see:
HOWTO: Request Help !

Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.

Posted: Mon Nov 14, 2016 1:38 pm
by chineseman
TinCanTech wrote:Please see:
HOWTO: Request Help !
Hmm,I 'm new in there,cloud you tell me what i should do?

Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.

Posted: Mon Nov 14, 2016 5:00 pm
by TinCanTech
chinaman wrote:Hmm,I 'm new in there
You are not that new ..

If you expect us to debug your script then you must fully document your openvpn installation as per the link above .. at the very least your logs would help.

Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.

Posted: Tue Nov 15, 2016 11:32 am
by chineseman
TinCanTech wrote:
chinaman wrote:Hmm,I 'm new in there
You are not that new ..

If you expect us to debug your script then you must fully document your openvpn installation as per the link above .. at the very least your logs would help.

thx.I seem to know the reason for this problem.But I don't know how to solve it .Look at the following log.


Code: Select all

Tue Nov 15 19:26:20 2016 GID set to nogroup
Tue Nov 15 19:26:20 2016 UID set to nobody
Tue Nov 15 19:26:20 2016 Listening for incoming TCP connection on [undef]
Tue Nov 15 19:26:20 2016 TCPv4_SERVER link local (bound): [undef]
Tue Nov 15 19:26:20 2016 TCPv4_SERVER link remote: [undef]
Tue Nov 15 19:26:20 2016 Initialization Sequence Completed
Tue Nov 15 19:29:14 2016 TCP connection established with [AF_INET]192.168.1.98:49509
Tue Nov 15 19:29:14 2016 192.168.1.98:49509 WARNING: Failed running command (--auth-user-pass-verify): could not execute external program
Tue Nov 15 19:29:14 2016 192.168.1.98:49509 TLS Auth Error: Auth Username/Password verification failed for peer

By the way,I set up openvpn in openwrt.

Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.

Posted: Tue Nov 15, 2016 1:05 pm
by TinCanTech
Your Server.conf

Try removing this:

Code: Select all

user nobody
group nogroup
And I think you need this:

Code: Select all

script-security 3 # Not 2

Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.

Posted: Tue Nov 15, 2016 9:44 pm
by Pippin
script-security 2 is working here.

Is your script chmod 0755?
I do not see shebang?

Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.

Posted: Tue Nov 15, 2016 10:26 pm
by TinCanTech
Pippin wrote:script-security 2 is working here
It should not because that would exclude $password from being passed .. :?:

Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.

Posted: Wed Nov 16, 2016 2:00 pm
by Pippin
Yes, you are correct.
I not use password in auth-user-pass-verify :roll:

Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.

Posted: Wed Nov 16, 2016 3:06 pm
by TinCanTech
That is clearly not the same as the OP ..

eg:
chineseman wrote:echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
However,
chineseman wrote:I get a error in openvpn client 'Transport pause'
Maybe the auth-user-pass-verify /home/root/liukong/checkpsw.sh via-env takes too long ..
TinCanTech wrote:Please see:
HOWTO: Request Help !
As above .. logs please.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/