OPNsense Forum
English Forums => General Discussion => Topic started by: slonick81 on March 31, 2017, 04:15:02 pm
-
Hello! Some noob/beginners questions about OpenVPN.
My config:
1) Mikrotik CRS109-8G-1S-2HnD-IN connected to ISP, sharing inet access via WiFi to guests (192.168.1.0/24 net with DHCP).
2) OPNsense running in Proxmox VM, connected to Mikrotik on static IP (so 192.168.1.17 is WAN interface for OPNsense), serving as gate for local wired network (192.168.2.0/24, static IPs)
Some guys need to get access to local network from mobile devices (OSX/Win laptops).
I implemented config from this tutorial:
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
setting 192.168.1.17 as WAN IP, 192.168.2.0/24 as LAN network, 10.0.0.0/24 as SSL VPN network, and no DHCP for internal network.
Tried to connect with Tunnelblick/OSX and OpenVPN/Android and failed. OPNsense log output:
Mar 31 17:07:03 openvpn[46602]: 192.168.1.64:39504 SIGTERM[soft,delayed-exit] received, client-instance exiting
Mar 31 17:06:58 openvpn[46602]: 192.168.1.64:39504 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Mar 31 17:06:58 openvpn[46602]: 192.168.1.64:39504 Delayed exit in 5 seconds
Mar 31 17:06:58 openvpn[46602]: 192.168.1.64:39504 PUSH: Received control message: 'PUSH_REQUEST'
Mar 31 17:06:56 openvpn[46602]: 192.168.1.64:39504 Peer Connection Initiated with [AF_INET]192.168.1.64:39504
Mar 31 17:06:56 openvpn[46602]: 192.168.1.64:39504 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
Mar 31 17:06:56 openvpn[46602]: 192.168.1.64:39504 TLS Auth Error: Auth Username/Password verification failed for peer
Mar 31 17:06:56 openvpn[46602]: 192.168.1.64:39504 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255
Mar 31 17:06:56 openvpn: user 'vova' could not authenticate.
Mar 31 17:06:56 openvpn[46602]: 192.168.1.64:39504 TLS: Initial packet from [AF_INET]192.168.1.64:39504, sid=9fd4363a b82b833dSomething is wrong with authentification but what's exactly? I'll be really grateful if someone could clear this issue...