19,613
社区成员
发帖
与我相关
我的任务
分享请教OpenVPN,username-password验证失败(急)
之前看到了这个帖子https://bbs.csdn.net/topics/320243668,解决了我的问题,但是那个帖子比较久了,不能回复了,所以我这里再开一个,希望能帮助到需要的人
客户端连接的时候提示输入用户名密码后,验证不成功又跳出输入用户名密码的对话框,请大虾帮忙,谢谢。下面是服务器的输入信息:
客户端连接的时候提示输入用户名密码后,验证不成功又跳出输入用户名密码的对话框,请大虾帮忙,谢谢。下面是服务器的输入信息:
Sat Dec 12 17:11:32 2009 MULTI: multi_create_instance called
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Re-using SSL/TLS context
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Control Channel MTU parms [ L:1541 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Local Options hash (VER=V4): 'a2e2498c'
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Expected Remote Options hash (VER=V4): '70f5b3af'
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 TLS: Initial packet from 202.201.12.218:1654, sid=a7c122f9 ab578883
AUTH-PAM: BACKGROUND: user 'tom' failed to authenticate: Module is unknown
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 PLUGIN_CALL: POST /etc/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /etc/openvpn/openvpn-auth-pam.so
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 TLS Auth Error: Auth Username/Password verification failed for peer
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 [] Peer Connection Initiated with 202.201.12.218:1654
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 PUSH: Received control message: 'PUSH_REQUEST'
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 Delayed exit in 5 seconds
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Sat Dec 12 17:11:36 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec 12 17:11:38 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec 12 17:11:39 2009 202.201.12.218:1654 SIGTERM[soft,delayed-exit] received, client-instance exiting
另外:我的OpenVPN用生成的key文件可以正常连接服务器,而且testsaslauth -u tom -p foo -s openvpn能验证成功,返回:0: OK "Success."。
我认为是关键地方是这句:AUTH-PAM: BACKGROUND: user 'tom' failed to authenticate: Module is unknown,但不知道怎样解决,openvpn-auth-pam.so的权限也是755.请大虾帮忙,非常感谢!
server.conf内容如下:
local 202.201.12.238
port 1194
proto udp
dev tun
ca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/examples/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem
tls-auth /etc/openvpn/examples/easy-rsa/2.0/keys/ta.key 0
server 10.1.0.0 255.255.255.0
client-to-client
#duplicate-cn
keepalive 10 120
plugin /etc/openvpn/openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
#comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /etc/openvpn/easy-rsa/keys/openvpn-status.log
verb 3
push "dhcp-option DNS 10.1.0.1"
push "dhcp-option DNS 202.201.0.131"
push "dhcp-option DNS 202.201.0.132"
客户端的log:
Sat Dec 12 17:11:23 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Dec 12 17:11:30 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Dec 12 17:11:31 2009 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Dec 12 17:11:31 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Control Channel MTU parms [ L:1541 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 12 17:11:31 2009 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sat Dec 12 17:11:31 2009 Local Options hash (VER=V4): '70f5b3af'
Sat Dec 12 17:11:31 2009 Expected Remote Options hash (VER=V4): 'a2e2498c'
Sat Dec 12 17:11:31 2009 UDPv4 link local: [undef]
Sat Dec 12 17:11:31 2009 UDPv4 link remote: 202.201.12.238:1194
Sat Dec 12 17:11:31 2009 TLS: Initial packet from 202.201.12.238:1194, sid=a173f547 5de99457
Sat Dec 12 17:11:31 2009 VERIFY OK: depth=1, /C=CN/ST=Lanzhou/L=Lanzhou/O=LZU/OU=LZU/CN=server/emailAddress=defeattroy@gmail.com
Sat Dec 12 17:11:31 2009 VERIFY OK: nsCertType=SERVER
Sat Dec 12 17:11:31 2009 VERIFY OK: depth=0, /C=CN/ST=Lanzhou/L=Lanzhou/O=LZU/OU=LZU/CN=server/emailAddress=defeattroy@gmail.com
Sat Dec 12 17:11:31 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 12 17:11:31 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 12 17:11:31 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Dec 12 17:11:31 2009 [server] Peer Connection Initiated with 202.201.12.238:1194
Sat Dec 12 17:11:32 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Dec 12 17:11:32 2009 AUTH: Received AUTH_FAILED control message
Sat Dec 12 17:11:32 2009 TCP/UDP: Closing socket
Sat Dec 12 17:11:32 2009 SIGTERM[soft,auth-failure] received, process exiting
Sat Dec 12 17:11:33 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
...全文
请发表友善的回复…
发表回复
