Koozali.org: home of the SME Server

Contribs.org Forums => Koozali SME Server 10.x Contribs => Topic started by: nicolatiana on February 16, 2024, 03:05:10 PM

Title: openvpn-routed - DB configuration
Post by: nicolatiana on February 16, 2024, 03:05:10 PM

I've installed the contrib following Wiki directions, over a previously configurated openvpn-bridge.Trying to connect via OpenVPN GUI I experienced client-side a connection error. Looking at logs on server I can find:

Quote

Thu Feb 15 23:50:18 2024 192.168.35.100:64491 TLS Error: Auth Username/Password was not provided by peer

Quote

Thu Feb 15 23:50:18 2024 192.168.35.100:64491 TLS Error: TLS handshake failed

Quote

Thu Feb 15 23:50:18 2024 192.168.35.100:64491 SIGUSR1[soft,tls-error] received, client-instance restarting

username and password are required instead of certificate and password
Looking at the conf file in /etc/openvpn/routed I can find this row:

Quote

plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login

As test, disabling the plugin commenting the line and restarting openvpn service I can connect correctly.

Is it possible to configure it via DB ?

Quote

Authentication   CrtWithPass

This should be defaulted to authenticate with certificate and password.
This is the configuration in DB:

Quote

openvpn-routed=service
    Cipher=AES-128-CBC
    Compression=disabled
    CrlUrl=http://localhost:940/phpki/index.php?stage=dl_crl_pem=
    HMAC=SHA256
    ManagementPassword=NonbVTTqZsRf1egl3p59LM7TNnM
    Network=10.10.10.0/255.255.255.0
    UDPPort=1195
    access=public
    status=enabled

Title: Re: openvpn-routed - DB configuration
Post by: ReetP on February 16, 2024, 06:04:05 PM

Personally I use a per user individual cert without a password, and then a user+password from the server users.

Better to get it right and use both methods rather than disabling user authent.