19,614
社区成员
发帖
与我相关
我的任务
分享请教OpenVPN,username-password验证失败(急)
客户端连接的时候提示输入用户名密码后,验证不成功又跳出输入用户名密码的对话框,请大虾帮忙,谢谢。下面是服务器的输入信息:
Sat Dec 12 17:11:32 2009 MULTI: multi_create_instance called
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Re-using SSL/TLS context
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Control Channel MTU parms [ L:1541 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Local Options hash (VER=V4): 'a2e2498c'
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Expected Remote Options hash (VER=V4): '70f5b3af'
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 TLS: Initial packet from 202.201.12.218:1654, sid=a7c122f9 ab578883
AUTH-PAM: BACKGROUND: user 'tom' failed to authenticate: Module is unknown
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 PLUGIN_CALL: POST /etc/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /etc/openvpn/openvpn-auth-pam.so
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 TLS Auth Error: Auth Username/Password verification failed for peer
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 [] Peer Connection Initiated with 202.201.12.218:1654
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 PUSH: Received control message: 'PUSH_REQUEST'
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 Delayed exit in 5 seconds
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Sat Dec 12 17:11:36 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec 12 17:11:38 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec 12 17:11:39 2009 202.201.12.218:1654 SIGTERM[soft,delayed-exit] received, client-instance exiting
另外:我的OpenVPN用生成的key文件可以正常连接服务器,而且testsaslauth -u tom -p foo -s openvpn能验证成功,返回:0: OK "Success."。
我认为是关键地方是这句:AUTH-PAM: BACKGROUND: user 'tom' failed to authenticate: Module is unknown,但不知道怎样解决,openvpn-auth-pam.so的权限也是755.请大虾帮忙,非常感谢!
server.conf内容如下:
local 202.201.12.238
port 1194
proto udp
dev tun
ca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/examples/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem
tls-auth /etc/openvpn/examples/easy-rsa/2.0/keys/ta.key 0
server 10.1.0.0 255.255.255.0
client-to-client
#duplicate-cn
keepalive 10 120
plugin /etc/openvpn/openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
#comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /etc/openvpn/easy-rsa/keys/openvpn-status.log
verb 3
push "dhcp-option DNS 10.1.0.1"
push "dhcp-option DNS 202.201.0.131"
push "dhcp-option DNS 202.201.0.132"
客户端的log:
Sat Dec 12 17:11:23 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Dec 12 17:11:30 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Dec 12 17:11:31 2009 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Dec 12 17:11:31 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Control Channel MTU parms [ L:1541 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 12 17:11:31 2009 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sat Dec 12 17:11:31 2009 Local Options hash (VER=V4): '70f5b3af'
Sat Dec 12 17:11:31 2009 Expected Remote Options hash (VER=V4): 'a2e2498c'
Sat Dec 12 17:11:31 2009 UDPv4 link local: [undef]
Sat Dec 12 17:11:31 2009 UDPv4 link remote: 202.201.12.238:1194
Sat Dec 12 17:11:31 2009 TLS: Initial packet from 202.201.12.238:1194, sid=a173f547 5de99457
Sat Dec 12 17:11:31 2009 VERIFY OK: depth=1, /C=CN/ST=Lanzhou/L=Lanzhou/O=LZU/OU=LZU/CN=server/emailAddress=defeattroy@gmail.com
Sat Dec 12 17:11:31 2009 VERIFY OK: nsCertType=SERVER
Sat Dec 12 17:11:31 2009 VERIFY OK: depth=0, /C=CN/ST=Lanzhou/L=Lanzhou/O=LZU/OU=LZU/CN=server/emailAddress=defeattroy@gmail.com
Sat Dec 12 17:11:31 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 12 17:11:31 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 12 17:11:31 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Dec 12 17:11:31 2009 [server] Peer Connection Initiated with 202.201.12.238:1194
Sat Dec 12 17:11:32 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Dec 12 17:11:32 2009 AUTH: Received AUTH_FAILED control message
Sat Dec 12 17:11:32 2009 TCP/UDP: Closing socket
Sat Dec 12 17:11:32 2009 SIGTERM[soft,auth-failure] received, process exiting
Sat Dec 12 17:11:33 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Dec 12 17:11:32 2009 MULTI: multi_create_instance called
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Re-using SSL/TLS context
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Control Channel MTU parms [ L:1541 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Local Options hash (VER=V4): 'a2e2498c'
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Expected Remote Options hash (VER=V4): '70f5b3af'
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 TLS: Initial packet from 202.201.12.218:1654, sid=a7c122f9 ab578883
AUTH-PAM: BACKGROUND: user 'tom' failed to authenticate: Module is unknown
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 PLUGIN_CALL: POST /etc/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /etc/openvpn/openvpn-auth-pam.so
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 TLS Auth Error: Auth Username/Password verification failed for peer
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 [] Peer Connection Initiated with 202.201.12.218:1654
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 PUSH: Received control message: 'PUSH_REQUEST'
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 Delayed exit in 5 seconds
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Sat Dec 12 17:11:36 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec 12 17:11:38 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec 12 17:11:39 2009 202.201.12.218:1654 SIGTERM[soft,delayed-exit] received, client-instance exiting
另外:我的OpenVPN用生成的key文件可以正常连接服务器,而且testsaslauth -u tom -p foo -s openvpn能验证成功,返回:0: OK "Success."。
我认为是关键地方是这句:AUTH-PAM: BACKGROUND: user 'tom' failed to authenticate: Module is unknown,但不知道怎样解决,openvpn-auth-pam.so的权限也是755.请大虾帮忙,非常感谢!
server.conf内容如下:
local 202.201.12.238
port 1194
proto udp
dev tun
ca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/examples/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem
tls-auth /etc/openvpn/examples/easy-rsa/2.0/keys/ta.key 0
server 10.1.0.0 255.255.255.0
client-to-client
#duplicate-cn
keepalive 10 120
plugin /etc/openvpn/openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
#comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /etc/openvpn/easy-rsa/keys/openvpn-status.log
verb 3
push "dhcp-option DNS 10.1.0.1"
push "dhcp-option DNS 202.201.0.131"
push "dhcp-option DNS 202.201.0.132"
客户端的log:
Sat Dec 12 17:11:23 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Dec 12 17:11:30 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Dec 12 17:11:31 2009 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Dec 12 17:11:31 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Control Channel MTU parms [ L:1541 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 12 17:11:31 2009 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sat Dec 12 17:11:31 2009 Local Options hash (VER=V4): '70f5b3af'
Sat Dec 12 17:11:31 2009 Expected Remote Options hash (VER=V4): 'a2e2498c'
Sat Dec 12 17:11:31 2009 UDPv4 link local: [undef]
Sat Dec 12 17:11:31 2009 UDPv4 link remote: 202.201.12.238:1194
Sat Dec 12 17:11:31 2009 TLS: Initial packet from 202.201.12.238:1194, sid=a173f547 5de99457
Sat Dec 12 17:11:31 2009 VERIFY OK: depth=1, /C=CN/ST=Lanzhou/L=Lanzhou/O=LZU/OU=LZU/CN=server/emailAddress=defeattroy@gmail.com
Sat Dec 12 17:11:31 2009 VERIFY OK: nsCertType=SERVER
Sat Dec 12 17:11:31 2009 VERIFY OK: depth=0, /C=CN/ST=Lanzhou/L=Lanzhou/O=LZU/OU=LZU/CN=server/emailAddress=defeattroy@gmail.com
Sat Dec 12 17:11:31 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 12 17:11:31 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 12 17:11:31 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Dec 12 17:11:31 2009 [server] Peer Connection Initiated with 202.201.12.238:1194
Sat Dec 12 17:11:32 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Dec 12 17:11:32 2009 AUTH: Received AUTH_FAILED control message
Sat Dec 12 17:11:32 2009 TCP/UDP: Closing socket
Sat Dec 12 17:11:32 2009 SIGTERM[soft,auth-failure] received, process exiting
Sat Dec 12 17:11:33 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
...全文
请发表友善的回复…
发表回复
cangzhubai 2010-06-04
- 打赏
- 举报
[Quote=引用 4 楼 linqingming12 的回复:]
建议你首先测试一下验证能否成功,testsaslauth -u username -p password -s openvpn
如果能验证成功,你可以尝试一下去掉验证模块,直接连接vpn,看能不能成功,另外,验证的时候你试下明文传递看行吗,也就是对用户名和密码不加密。首先将错误定位,看是哪部分出了问题,然后再去解决。
root@Clent1 openvpn]# cat /var/log/openvpn.log
Thu Jun 3 00:00:13 2010 OpenVPN 2.1.1 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 26 2010
Thu Jun 3 00:00:13 2010 NOTE: the cu……
[/Quote]
建议你首先测试一下验证能否成功,testsaslauth -u username -p password -s openvpn
如果能验证成功,你可以尝试一下去掉验证模块,直接连接vpn,看能不能成功,另外,验证的时候你试下明文传递看行吗,也就是对用户名和密码不加密。首先将错误定位,看是哪部分出了问题,然后再去解决。
root@Clent1 openvpn]# cat /var/log/openvpn.log
Thu Jun 3 00:00:13 2010 OpenVPN 2.1.1 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 26 2010
Thu Jun 3 00:00:13 2010 NOTE: the cu……
[/Quote]
linqingming12 2010-06-03
- 打赏
- 举报
root@Clent1 openvpn]# cat /var/log/openvpn.log
Thu Jun 3 00:00:13 2010 OpenVPN 2.1.1 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 26 2010
Thu Jun 3 00:00:13 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jun 3 00:00:13 2010 PLUGIN_INIT: POST /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so] [login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Thu Jun 3 00:00:13 2010 Diffie-Hellman initialized with 1024 bit key
Thu Jun 3 00:00:13 2010 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Thu Jun 3 00:00:13 2010 TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 3 00:00:13 2010 ROUTE default_gateway=160.10.252.126
Thu Jun 3 00:00:13 2010 TUN/TAP device tun0 opened
Thu Jun 3 00:00:13 2010 TUN/TAP TX queue length set to 100
Thu Jun 3 00:00:13 2010 /sbin/ip link set dev tun0 up mtu 1500
Thu Jun 3 00:00:13 2010 /sbin/ip addr add dev tun0 local 172.16.0.1 peer 172.16.0.2
Thu Jun 3 00:00:13 2010 /sbin/ip route add 172.16.0.0/24 via 172.16.0.2
Thu Jun 3 00:00:13 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 3 00:00:14 2010 GID set to nobody
Thu Jun 3 00:00:14 2010 UID set to nobody
Thu Jun 3 00:00:14 2010 Listening for incoming TCP connection on [undef]:1194
Thu Jun 3 00:00:14 2010 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Jun 3 00:00:14 2010 TCPv4_SERVER link local (bound): [undef]:1194
Thu Jun 3 00:00:14 2010 TCPv4_SERVER link remote: [undef]
Thu Jun 3 00:00:14 2010 MULTI: multi_init called, r=256 v=256
Thu Jun 3 00:00:14 2010 IFCONFIG POOL: base=172.16.0.4 size=62
Thu Jun 3 00:00:14 2010 IFCONFIG POOL LIST
Thu Jun 3 00:00:14 2010 MULTI: TCP INIT maxclients=1024 maxevents=1028
Thu Jun 3 00:00:14 2010 Initialization Sequence Completed
Thu Jun 3 00:00:38 2010 MULTI: multi_create_instance called
Thu Jun 3 00:00:38 2010 Re-using SSL/TLS context
Thu Jun 3 00:00:38 2010 LZO compression initialized
Thu Jun 3 00:00:38 2010 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 3 00:00:38 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 3 00:00:38 2010 Local Options hash (VER=V4): 'c0103fa8'
Thu Jun 3 00:00:38 2010 Expected Remote Options hash (VER=V4): '69109d17'
Thu Jun 3 00:00:38 2010 TCP connection established with 160.10.252.124:1200
Thu Jun 3 00:00:38 2010 Socket Buffers: R=[131072->131072] S=[131072->131072]
Thu Jun 3 00:00:38 2010 TCPv4_SERVER link local: [undef]
Thu Jun 3 00:00:38 2010 TCPv4_SERVER link remote: 160.10.252.124:1200
Thu Jun 3 00:00:38 2010 160.10.252.124:1200 TLS: Initial packet from 160.10.252.124:1200, sid=8f14618c b6a2c896
AUTH-PAM: BACKGROUND: user 'client1' failed to authenticate: System error
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 PLUGIN_CALL: POST /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 TLS Auth Error: Auth Username/Password verification failed for peer
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 [] Peer Connection Initiated with 160.10.252.124:1200
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 Delayed exit in 5 seconds
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 Connection reset, restarting [0]
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Jun 3 00:00:42 2010 TCP/UDP: Closing socket
[root@Clent1 openvpn]#
这是我的错误..请帮我看看.怎么搞定.
Thu Jun 3 00:00:13 2010 OpenVPN 2.1.1 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 26 2010
Thu Jun 3 00:00:13 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jun 3 00:00:13 2010 PLUGIN_INIT: POST /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so] [login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Thu Jun 3 00:00:13 2010 Diffie-Hellman initialized with 1024 bit key
Thu Jun 3 00:00:13 2010 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Thu Jun 3 00:00:13 2010 TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 3 00:00:13 2010 ROUTE default_gateway=160.10.252.126
Thu Jun 3 00:00:13 2010 TUN/TAP device tun0 opened
Thu Jun 3 00:00:13 2010 TUN/TAP TX queue length set to 100
Thu Jun 3 00:00:13 2010 /sbin/ip link set dev tun0 up mtu 1500
Thu Jun 3 00:00:13 2010 /sbin/ip addr add dev tun0 local 172.16.0.1 peer 172.16.0.2
Thu Jun 3 00:00:13 2010 /sbin/ip route add 172.16.0.0/24 via 172.16.0.2
Thu Jun 3 00:00:13 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 3 00:00:14 2010 GID set to nobody
Thu Jun 3 00:00:14 2010 UID set to nobody
Thu Jun 3 00:00:14 2010 Listening for incoming TCP connection on [undef]:1194
Thu Jun 3 00:00:14 2010 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Jun 3 00:00:14 2010 TCPv4_SERVER link local (bound): [undef]:1194
Thu Jun 3 00:00:14 2010 TCPv4_SERVER link remote: [undef]
Thu Jun 3 00:00:14 2010 MULTI: multi_init called, r=256 v=256
Thu Jun 3 00:00:14 2010 IFCONFIG POOL: base=172.16.0.4 size=62
Thu Jun 3 00:00:14 2010 IFCONFIG POOL LIST
Thu Jun 3 00:00:14 2010 MULTI: TCP INIT maxclients=1024 maxevents=1028
Thu Jun 3 00:00:14 2010 Initialization Sequence Completed
Thu Jun 3 00:00:38 2010 MULTI: multi_create_instance called
Thu Jun 3 00:00:38 2010 Re-using SSL/TLS context
Thu Jun 3 00:00:38 2010 LZO compression initialized
Thu Jun 3 00:00:38 2010 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 3 00:00:38 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 3 00:00:38 2010 Local Options hash (VER=V4): 'c0103fa8'
Thu Jun 3 00:00:38 2010 Expected Remote Options hash (VER=V4): '69109d17'
Thu Jun 3 00:00:38 2010 TCP connection established with 160.10.252.124:1200
Thu Jun 3 00:00:38 2010 Socket Buffers: R=[131072->131072] S=[131072->131072]
Thu Jun 3 00:00:38 2010 TCPv4_SERVER link local: [undef]
Thu Jun 3 00:00:38 2010 TCPv4_SERVER link remote: 160.10.252.124:1200
Thu Jun 3 00:00:38 2010 160.10.252.124:1200 TLS: Initial packet from 160.10.252.124:1200, sid=8f14618c b6a2c896
AUTH-PAM: BACKGROUND: user 'client1' failed to authenticate: System error
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 PLUGIN_CALL: POST /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 TLS Auth Error: Auth Username/Password verification failed for peer
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 [] Peer Connection Initiated with 160.10.252.124:1200
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 Delayed exit in 5 seconds
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 Connection reset, restarting [0]
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Jun 3 00:00:42 2010 TCP/UDP: Closing socket
[root@Clent1 openvpn]#
这是我的错误..请帮我看看.怎么搞定.
cangzhubai 2009-12-15
- 打赏
- 举报
问题终于解决了,是由于openvpn-pam.so的问题,openvpn的版本为2.1-rc11,但相应的openvpn-pam.so不能用,在2.09版本源码的plugin/auth-pam/目录下,make,生成openvpn-pam.so,替换原来的,就能正常连接了。
cangzhubai 2009-12-13
- 打赏
- 举报
谢谢1楼,openvpn-auth-pam.so的权限我已经提到了,是755,我用key文件验证时正确的,所以我认为防火墙和虚拟IP不存在问题。
[Quote=引用 1 楼 wenxy1 的回复:]
chown 0755 /etc/openvpn/openvpn-auth-pam.so 试试,
另外把防火墙关闭,检查虚拟IP配置是否正确。
[/Quote]
Wenxy1 2009-12-12
- 打赏
- 举报
chown 0755 /etc/openvpn/openvpn-auth-pam.so 试试,
另外把防火墙关闭,检查虚拟IP配置是否正确。
另外把防火墙关闭,检查虚拟IP配置是否正确。
