OPNsense Forum

English Forums => Virtual private networks => Topic started by: crally on November 04, 2022, 05:53:01 am

Title: OpenVPN can't verify user after update
Post by: crally on November 04, 2022, 05:53:01 am

Hello,

after my update to 22.7.4 (meanwhile 22.7.7) I can't connect via OpenVPN when using user authentication.

user and server are active and valid.

When testing user via "System: Access: Examiner" it says its valid.

I have had activated the "VPN: OpenVPN: Server: Server mode" to "SSL/TLS + user auth", but that doesn't work anymore.
When changing to just "SSL/TLS" everything is working again.

The logs said:

Code: [Select]

2022-11-04T05:35:29 Notice openvpn 2a01:xxxxxxxxx [vpn_user] Peer Connection Initiated with [AF_INET6]2a01:xxxxxxxxx
2022-11-04T05:35:29 Error openvpn 2a01:xxxxxxxxx TLS Auth Error: Auth Username/Password verification failed for peer
2022-11-04T05:35:29 Warning openvpn 2a01:xxxxxxxxx WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255
2022-11-04T05:35:29 Warning openvpn user 'vpn_user' could not authenticate.
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_SSO=webauth,openurl,crtext
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_GUI_VER=net.openvpn.connect.ios_3.3.2-5086
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_PROTO=30
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_TCPNL=1
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_NCP=2
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_PLAT=ios
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_VER=3.git::08aaaaaa
(changed IP, MAC, and user name)


Created new user and client cert, but got the same error.

I didn't try to create new Server so far.

Seems to me, that the Server can't proof the user with the local database.

Title: Re: OpenVPN can't verify user after update
Post by: guest30814 on November 04, 2022, 10:01:43 pm

we are having the same issue after upgrading to 22.7.7_1 today  :-\

Title: Re: OpenVPN can't verify user after update
Post by: guest30814 on November 05, 2022, 11:41:05 am

Update: we were able to fix the issue by creating a new CA, Server/Client Certificates and CRL

Title: Re: OpenVPN can't verify user after update
Post by: crally on November 06, 2022, 07:53:26 am

Quote from: schadom on November 05, 2022, 11:41:05 am

Update: we were able to fix the issue by creating a new CA, Server/Client Certificates and CRL

Ok thanks. Will try that, too.