[Solved] Openvpn PAM Plugin Issue

Samples of working configurations.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Locked
fleish
OpenVpn Newbie
Posts: 2
Joined: Tue Jan 14, 2020 2:20 am

[Solved] Openvpn PAM Plugin Issue

Post by fleish » Tue Jan 14, 2020 2:27 am

I'm trying to setup a new openvpn server to provide remote access to users who will be authenticating with username/password vs. certificates. I cannot get the server to startup, error pasted below:

Code: Select all

Jan 14 02:20:41 hostname ovpn-tun-server[12429]: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)]
 [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019
Jan 14 02:20:41 hostname ovpn-tun-server[12429]: library versions: OpenSSL 1.0.2s  28 May 2019, LZ
O 2.08
Jan 14 02:20:41 hostname ovpn-tun-server[12430]: PLUGIN_INIT: POST /usr/lib/x86_64-linux-gnu/openv
pn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-aut
h-pam.so]' intercepted=PLUGIN_UP|PLUGIN_DOWN|PLUGIN_ROUTE_UP|PLUGIN_IPCHANGE|PLUGIN_TLS_VERIFY|PLUGI
N_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT|PLUGIN_LEARN_ADDRESS|PLUGIN_C
LIENT_CONNECT|PLUGIN_TLS_FINAL|PLUGIN_ENABLE_PF|PLUGIN_ROUTE_PREDOWN
Jan 14 02:20:41 hostname ovpn-tun-server[12430]: PLUGIN_INIT: plugin initialization function failed: /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so
Jan 14 02:20:41 hostname ovpn-tun-server[12430]: Exiting due to fatal error
And server configuration:

Server Config
port 1195
proto udp
dev tun

ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret

dh keys/dh4096.pem

topology subnet

server 192.168.x.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 192.168.x.2 255.255.255.255"

keepalive 10 120

tls-auth keys/ta.key 0 # This file is secret

cipher AES-256-CBC

compress lz4-v2
push "compress lz4-v2"

persist-key
persist-tun

status openvpn-status.log

verb 3

explicit-exit-notify 1

plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so

verify-client-cert optional
username-as-common-name


If anyone can help point out how to fix this, I'd appreciate it.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn PAM Plugin Issue

Post by TinCanTech » Tue Jan 14, 2020 4:15 pm


fleish
OpenVpn Newbie
Posts: 2
Joined: Tue Jan 14, 2020 2:20 am

Re: Openvpn PAM Plugin Issue

Post by fleish » Thu Jan 16, 2020 8:12 pm

Doh! Thanks @tincantech ... looks like I dropped off "login" from the end of the plugin line by mistake.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn PAM Plugin Issue

Post by TinCanTech » Thu Jan 16, 2020 8:34 pm

Well spotted 8-)

Locked