Messages

The Patch works also on our production system with 100 users. So I can confirm, that the patch solve the problem on systems with Auth via Password + TOTP + Client Cert. Thanks to @AdSchellevis!

@AdSchellevis Thanx! The Patch work on my testsystem.

It seems the bug wasn't reported yet. So I created an issue: https://github.com/opnsense/core/issues/6417

Hey, all.

Today I updated OPNSense from 23.1.1_2->23.1.3. Since then the OpenVPN users can not authenticate with the following message in the OpenVPN log file.

Code Select Expand

2023-03-11T01:52:15+01:00 firewall.name.local openvpn 19578 - [meta sequenceId="44"] user 'username' could not authenticate.
2023-03-11T01:52:15+01:00 firewall.name.local openvpn_server1 66835 - [meta sequenceId="45"] xx.xx.216.156:60711 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 1
2023-03-11T01:52:15+01:00 firewall.name.local openvpn_server1 66835 - [meta sequenceId="46"] xx.xx.216.156:60711 TLS Auth Error: Auth Username/Password verification failed for peer
2023-03-11T01:52:15+01:00 firewall.name.local openvpn_server1 66835 - [meta sequenceId="47"] xx.xx.216.156:60711 [username] Peer Connection Initiated with [AF_INET]xx.xx.216.156:60711


With the Server Mode "Remote Access (SSL/TLS)" instead "Remote Access (SSL/TLS + User Auth)" in OpenVPN Server configuration the login is functional. So the local User Auth Backend seems to be broken.

Has anyone a suggestion?

Thanks much!