OpenVPN can't verify user after update

Started by crally, November 04, 2022, 05:53:01 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 04, 2022, 05:53:01 AM Last Edit: November 04, 2022, 01:14:10 PM by crally
Hello,

after my update to 22.7.4 (meanwhile 22.7.7) I can't connect via OpenVPN when using user authentication.

user and server are active and valid.

When testing user via "System: Access: Examiner" it says its valid.

I have had activated the "VPN: OpenVPN: Server: Server mode" to "SSL/TLS + user auth", but that doesn't work anymore.
When changing to just "SSL/TLS" everything is working again.

The logs said:

Code Select

2022-11-04T05:35:29 Notice openvpn 2a01:xxxxxxxxx [vpn_user] Peer Connection Initiated with [AF_INET6]2a01:xxxxxxxxx
2022-11-04T05:35:29 Error openvpn 2a01:xxxxxxxxx TLS Auth Error: Auth Username/Password verification failed for peer
2022-11-04T05:35:29 Warning openvpn 2a01:xxxxxxxxx WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255
2022-11-04T05:35:29 Warning openvpn user 'vpn_user' could not authenticate.
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_SSO=webauth,openurl,crtext
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_GUI_VER=net.openvpn.connect.ios_3.3.2-5086
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_PROTO=30
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_TCPNL=1
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_NCP=2
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_PLAT=ios
2022-11-04T05:35:28 Notice openvpn 2a01:xxxxxxxxx peer info: IV_VER=3.git::08aaaaaa

(changed IP, MAC, and user name)


Created new user and client cert, but got the same error.

I didn't try to create new Server so far.

Seems to me, that the Server can't proof the user with the local database.
November 04, 2022, 10:01:43 PM #1
we are having the same issue after upgrading to 22.7.7_1 today  :-\
November 05, 2022, 11:41:05 AM #2
Update: we were able to fix the issue by creating a new CA, Server/Client Certificates and CRL
November 06, 2022, 07:53:26 AM #3
Quote from: schadom on November 05, 2022, 11:41:05 AM
Update: we were able to fix the issue by creating a new CA, Server/Client Certificates and CRL

Ok thanks. Will try that, too.

Print
Go Up Pages1
User actions