search

OpenVPN / openvpn

OpenVPN is an open source VPN daemon
http://openvpn.net
Other
10.68k stars 2.97k forks source link

The server does not generate the 'auth_pending_file' temporary file when the client connected #276

Closed mygithub-one closed 1 year ago

mygithub-one commented 1 year ago

server.log: 2023-03-14 00:53:17 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2023-03-14 00:53:17 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2023-03-14 00:53:17 TCP connection established with [AF_INET]192.168.197.151:52291 2023-03-14 00:53:17 192.168.197.151:52291 TLS: Initial packet from [AF_INET]192.168.197.151:52291, sid=7d22662c f324ce06 2023-03-14 00:53:17 192.168.197.151:52291 VERIFY OK: depth=1, CN=lgmcf 2023-03-14 00:53:17 192.168.197.151:52291 VERIFY OK: depth=0, CN=client 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_VER=2.6.0 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_PLAT=win 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_TCPNL=1 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_MTU=1600 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_NCP=2 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_PROTO=478 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_LZ4=1 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_LZ4v2=1 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_LZO=1 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_COMP_STUB=1 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_COMP_STUBv2=1 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_GUI_VER=OpenVPN_GUI_11 2023-03-14 00:53:17 192.168.197.151:52291 peer info: IV_SSO=openurl,webauth,crtext KeysView(environ({'auth_failed_reason_file': '/etc/openvpn/tmp/openvpn_afr_4e3e85d396b49b7d12d566989b14b234.tmp', 'auth_pending_file': '/etc/openvpn/tmp/openvpn_apf_64ee102e841c7be1763a80008ac449b3.tmp', 'auth_control_file': '/etc/openvpn/tmp/openvpn_acf_5b0f143d31ee95b0589fc940137e39a3.tmp', 'script_type': 'user-pass-verify', 'session_id': 'u5cee2SjkhiEnnCs', 'session_state': 'Initial', 'untrusted_port': '52291', 'untrusted_ip': '192.168.197.151', 'common_name': 'client', 'username': 'test', 'IV_SSO': 'openurl,webauth,crtext', 'IV_GUI_VER': 'OpenVPN_GUI_11', 'IV_COMP_STUBv2': '1', 'IV_COMP_STUB': '1', 'IV_LZO': '1', 'IV_LZ4v2': '1', 'IV_LZ4': '1', 'IV_PROTO': '478', 'IV_CIPHERS': 'AES-256-GCM:AES-128-GCM', 'IV_NCP': '2', 'IV_MTU': '1600', 'IV_TCPNL': '1', 'IV_PLAT': 'win', 'IV_VER': '2.6.0', 'tls_serial_hex_0': '38:1b:78:30:e4:e6:f9:c9:85:ea:9a:e8:9a:5e:a1:1a', 'tls_serial_0': '74579397542081782878200126148970455322', 'tls_digest_sha256_0': 'e8:1f:f2:5a:13:6e:dc:cb:d1:4f:da:ff:60:c7:b1:77:93:10:b9:dd:21:38:b7:1e:dc:a9:99:7f:b9:68:51:39', 'tls_digest_0': '5a:15:3e:1c:02:3e:46:35:5b:f6:4d:3a:cd:54:f2:83:cf:57:70:3e', 'tls_id_0': 'CN=client', 'X509_0_CN': 'client', 'tls_serial_hex_1': 'f3:a6:8c:54:b4:62:5f:eb', 'tls_serial_1': '17556874492781944811', 'tls_digest_sha256_1': 'd2:e5:5c:99:9f:58:78:a4:f1:a1:b3:01:64:e8:55:29:7c:49:eb:ee:fa:dc:f3:8b:3d:dc:1a:80:d5:d6:5e:09', 'tls_digest_1': '40:41:c8:6d:76:b1:cd:65:ea:3c:57:c4:0d:34:97:62:de:be:ca:fb', 'tls_id_1': 'CN=lgmcf', 'X509_1_CN': 'lgmcf', 'remote_port_1': '1194', 'local_port_1': '1194', 'proto_1': 'tcp-server', 'daemon_pid': '4992', 'daemon_start_time': '1678725979', 'daemon_log_redirect': '1', 'daemon': '0', 'verb': '3', 'config': 'server.conf', 'ifconfig_local': '10.8.0.1', 'ifconfig_remote': '10.8.0.2', 'route_net_gateway': '192.168.197.1', 'route_vpn_gateway': '10.8.0.2', 'route_network_1': '192.168.40.128', 'route_netmask_1': '255.255.255.248', 'route_gateway_1': '10.8.0.2', 'route_network_2': '10.8.0.0', 'route_netmask_2': '255.255.255.0', 'route_gateway_2': '10.8.0.2', 'script_context': 'init', 'tun_mtu': '1500', 'dev': 'tun0', 'dev_type': 'tun', 'redirect_gateway': '0'})) 2023-03-14 00:53:18 192.168.197.151:52291 SENT CONTROL [UNDEF]: 'AUTH_PENDING,timeout 300' (status=1) 2023-03-14 00:53:18 192.168.197.151:52291 SENT CONTROL [UNDEF]: 'INFO_PRE,CR_TEXT:E,R:Please enter your TOTP code!' (status=1) 2023-03-14 00:53:18 192.168.197.151:52291 TLS: Username/Password authentication deferred for username 'test' 2023-03-14 00:53:18 192.168.197.151:52291 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 2023-03-14 00:53:18 192.168.197.151:52291 TLS: tls_multi_process: initial untrusted session promoted to semi-trusted 2023-03-14 00:53:18 192.168.197.151:52291 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256 2023-03-14 00:53:18 192.168.197.151:52291 [client] Peer Connection Initiated with [AF_INET]192.168.197.151:52291 2023-03-14 00:53:19 192.168.197.151:52291 PUSH: Received control message: 'PUSH_REQUEST' 2023-03-14 00:53:25 192.168.197.151:52291 PUSH: Received control message: 'PUSH_REQUEST' 2023-03-14 00:53:30 192.168.197.151:52291 PUSH: Received control message: 'PUSH_REQUEST' 2023-03-14 00:53:35 192.168.197.151:52291 PUSH: Received control message: 'PUSH_REQUEST' 2023-03-14 00:53:41 192.168.197.151:52291 PUSH: Received control message: 'PUSH_REQUEST' 2023-03-14 00:53:47 192.168.197.151:52291 PUSH: Received control message: 'PUSH_REQUEST' 2023-03-14 00:53:53 192.168.197.151:52291 NOTE: --mute triggered... 2023-03-14 00:54:20 192.168.197.151:52291 5 variation(s) on previous 20 message(s) suppressed by --mute 2023-03-14 00:54:20 192.168.197.151:52291 Delayed exit in 5 seconds 2023-03-14 00:54:20 192.168.197.151:52291 SENT CONTROL [client]: 'AUTH_FAILED' (status=1) 2023-03-14 00:54:20 192.168.197.151:52291 PUSH: Received control message: 'PUSH_REQUEST' 2023-03-14 00:54:20 192.168.197.151:52291 Connection reset, restarting [0] 2023-03-14 00:54:20 192.168.197.151:52291 SIGUSR1[soft,connection-reset] received, client-instance restarting

image

mygithub-one commented 1 year ago

server config:

port 1194 proto tcp dev tun mode server ca server/ca.crt cert openvpn.crt key openvpn.key dh dh.pem tls-auth ta.key

tmp-dir /etc/openvpn/tmp server 10.8.0.0 255.255.255.0 push "route 192.168.10.0 255.255.255.0" push "route 192.168.20.0 255.255.255.0" route 192.168.40.128 255.255.255.248 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220"

duplicate-cn keepalive 10 120 cipher AES-256-CBC comp-lzo

user root group root

persist-key persist-tun

status openvpn-status.log log openvpn.log verb 3

mute 20 script-security 3

client-crresponse /etc/openvpn/script/totpauth.py auth-user-pass-verify /etc/openvpn/script/totpauth.py via-file auth-user-pass-optional auth-gen-token 60 120

client config:

client remote 192.168.197.104 port 1194 proto tcp dev tun

keepalive 10 120

persist-key persist-tun cipher AES-256-CBC comp-lzo nobind verb 1

status client-status.log route-method exe route-delay 2

auth-user-pass

static-challenge "Please enter token PIN" 0

-----BEGIN CERTIFICATE----- MIIDITCCAgmgAwIBAgIJAPOmjFS0Yl/rMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV BAMMBWxnbWNmMB4XDTIyMTEwMzE0Mjk1MloXDTQzMDUxNzE0Mjk1MlowEDEOMAwG A1UEAwwFbGdtY2YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj84z1 MRG+K5xsP4HsErddIHF8kCBbMcy57O04cANF93znnYK/mQ5OzP4rAkBLULS5ive0 mecBry0GVwJIlnCYXB6IU9EdPzQFTRVAA9J93v9jeuL1cXq2G6Y+VuXvS7PeHeIh oYE1TFS2qZ+PU0XxN916M9SswLlxS7m9GMuGKnCOLs3Udfn2nmyN+TRttWQTIHjC buklHaUx0uLtjTFCx3nNwqWuum22LK9luuuDjc2AA578M3PiEotwbouHD39wF241 rftKC3VpOSbnyY/DGt8eroeaZcXyzWHVbG2nllXI05dXA9nso71PzHgHtH3VbI15 dXT+n7HLRv4nYVIvAgMBAAGjfjB8MB0GA1UdDgQWBBSi0oh2wasXwVh1r8KRCLT0 uHxKeDBABgNVHSMEOTA3gBSi0oh2wasXwVh1r8KRCLT0uHxKeKEUpBIwEDEOMAwG A1UEAwwFbGdtY2aCCQDzpoxUtGJf6zAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB BjANBgkqhkiG9w0BAQsFAAOCAQEAlmqwyjgKPE2n1a+lVXhlMDBT0o6vUkAUUTpU MgWmaNu4f7E9vjlyEG19wW3rRmzffQ5hwoOF+rWBN89GPgbqAzT315scnEc2M5U2 RIfR8AK5oRHZPqogdScg7MpPF9VbbW7jGgNslaQhTRFVmyIL2NKRf33NCEVwPq37 N7LL5CJYDewN9CM3ZAcLZRI/KKt2Snapod+37TFSlzekLUy/CvpalMghmkU8qkRb QDBK0R8Q5hG1OrBx0SqV1gWxjWgUE1W4Jr4Y3nqXCpbmRv6R0kpmX0tpW5OQY/5z RjF2e3GJkvSzz+wK9mYYMfnG8wqVS48OXDNPL+u9lI4MxZPEEg== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 38:1b:78:30:e4:e6:f9:c9:85:ea:9a:e8:9a:5e:a1:1a Signature Algorithm: sha256WithRSAEncryption Issuer: CN=lgmcf Validity Not Before: Nov 3 14:34:43 2022 GMT Not After : Oct 31 14:34:43 2032 GMT Subject: CN=client Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:bf:54:b6:3f:d5:93:e8:21:c1:7d:6c:8b:bb:ce: f7:e8:83:d2:c8:a4:6e:7a:2f:d5:be:37:7e:95:00: 43:6a:f5:94:bc:bd:8f:b7:9d:43:39:ac:f7:c9:bd: 87:94:48:af:ce:37:35:2d:a9:4d:30:df:db:52:8d: f1:bb:a5:f2:7d:e6:ff:f6:f5:a7:75:f3:f0:e6:d9: 99:04:72:98:95:20:22:c4:bf:78:be:57:34:8c:e6: 15:86:64:a1:a7:64:fb:1d:3b:20:b8:df:ef:63:79: e8:d0:f7:7c:63:2a:8f:85:e2:7e:6d:18:a5:34:37: 66:14:60:e9:fc:9c:30:6b:be:cb:39:5c:1a:58:1c: fc:2b:76:2d:9b:0f:c2:c5:f7:6b:1f:14:8e:89:96: 0b:64:ad:b6:d6:ea:e6:4c:f1:4a:f6:9c:85:9f:c3: b1:d8:c0:16:8b:4a:24:e5:18:9c:8a:b9:ed:1d:63: 30:10:49:b8:e6:2a:8a:66:a4:74:6e:7b:26:c7:5f: 46:29:d7:17:42:04:65:1d:c8:52:b8:38:76:ee:c9: c0:96:a8:b2:bc:6c:ed:29:13:35:f4:c4:14:ec:14: 91:52:48:00:2e:10:c1:ed:11:9c:84:35:9a:b1:18: 1e:bc:38:ee:43:27:bb:f4:9e:3c:b6:60:70:93:7a: 2e:ab Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 1F:4F:E0:20:DA:F8:54:31:2F:B4:ED:9B:7D:19:88:B0:73:13:C0:2B X509v3 Authority Key Identifier: keyid:A2:D2:88:76:C1:AB:17:C1:58:75:AF:C2:91:08:B4:F4:B8:7C:4A:78 DirName:/CN=lgmcf serial:F3:A6:8C:54:B4:62:5F:EB X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature Signature Algorithm: sha256WithRSAEncryption d0:ba:88:51:62:67:43:6e:63:ec:fe:b8:d9:94:e3:0c:e8:f2: d0:f7:8d:77:19:e2:b0:a4:1c:54:de:60:96:fb:f0:d1:38:97: 8b:5d:0e:b4:ae:a2:cb:12:8a:87:60:c4:b1:ee:65:56:00:28: 51:fb:0f:ce:db:4b:8a:80:70:99:d5:f2:c9:b9:de:e4:00:6f: 9b:36:f3:0f:f5:27:62:7a:64:78:d9:27:73:2e:88:2b:c1:7c: 5b:13:60:ed:98:52:40:81:27:d0:95:b2:6c:7f:96:b4:93:e2: 44:80:91:f2:b2:dd:21:2d:56:bf:fb:5d:57:6e:ea:7d:0f:e7: c9:f8:ed:3e:db:09:e9:17:77:eb:ca:fd:c2:b4:0f:3c:04:d2: b3:15:a8:7b:c1:28:99:31:6d:2d:11:bb:50:2a:e9:97:25:70: 3f:2e:ce:40:bb:87:98:da:ac:2a:20:48:5e:78:06:fc:a1:e5: 91:c6:ed:8b:e2:1b:eb:c4:53:75:ac:06:c6:fa:d3:8e:dc:ab: af:3b:a8:b7:29:64:82:af:fe:ba:29:58:1a:11:59:71:17:f4: 20:71:eb:0f:c7:75:45:58:85:a1:06:72:05:63:66:9f:22:94: 2d:08:56:b8:37:61:19:2c:00:bd:5c:d0:2a:3c:18:66:86:7b: 4c:bd:6f:8c -----BEGIN CERTIFICATE----- MIIDPTCCAiWgAwIBAgIQOBt4MOTm+cmF6proml6hGjANBgkqhkiG9w0BAQsFADAQ MQ4wDAYDVQQDDAVsZ21jZjAeFw0yMjExMDMxNDM0NDNaFw0zMjEwMzExNDM0NDNa MBExDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAL9Utj/Vk+ghwX1si7vO9+iD0sikbnov1b43fpUAQ2r1lLy9j7edQzms98m9 h5RIr843NS2pTTDf21KN8bul8n3m//b1p3Xz8ObZmQRymJUgIsS/eL5XNIzmFYZk oadk+x07ILjf72N56ND3fGMqj4Xifm0YpTQ3ZhRg6fycMGu+yzlcGlgc/Ct2LZsP wsX3ax8UjomWC2Stttbq5kzxSvachZ/DsdjAFotKJOUYnIq57R1jMBBJuOYqimak dG57JsdfRinXF0IEZR3IUrg4du7JwJaosrxs7SkTNfTEFOwUkVJIAC4Qwe0RnIQ1 mrEYHrw47kMnu/SePLZgcJN6LqsCAwEAAaOBkTCBjjAJBgNVHRMEAjAAMB0GA1Ud DgQWBBQfT+Ag2vhUMS+07Zt9GYiwcxPAKzBABgNVHSMEOTA3gBSi0oh2wasXwVh1 r8KRCLT0uHxKeKEUpBIwEDEOMAwGA1UEAwwFbGdtY2aCCQDzpoxUtGJf6zATBgNV HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEB ANC6iFFiZ0NuY+z+uNmU4wzo8tD3jXcZ4rCkHFTeYJb78NE4l4tdDrSuossSiodg xLHuZVYAKFH7D87bS4qAcJnV8sm53uQAb5s28w/1J2J6ZHjZJ3MuiCvBfFsTYO2Y UkCBJ9CVsmx/lrST4kSAkfKy3SEtVr/7XVdu6n0P58n47T7bCekXd+vK/cK0DzwE 0rMVqHvBKJkxbS0Ru1Aq6ZclcD8uzkC7h5jarCogSF54Bvyh5ZHG7YviG+vEU3Ws Bsb6047cq687qLcpZIKv/ropWBoRWXEX9CBx6w/HdUVYhaEGcgVjZp8ilC0IVrg3 YRksAL1c0Co8GGaGe0y9b4w= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/VLY/1ZPoIcF9 bIu7zvfog9LIpG56L9W+N36VAENq9ZS8vY+3nUM5rPfJvYeUSK/ONzUtqU0w39tS jfG7pfJ95v/29ad18/Dm2ZkEcpiVICLEv3i+VzSM5hWGZKGnZPsdOyC43+9jeejQ 93xjKo+F4n5tGKU0N2YUYOn8nDBrvss5XBpYHPwrdi2bD8LF92sfFI6JlgtkrbbW 6uZM8Ur2nIWfw7HYwBaLSiTlGJyKue0dYzAQSbjmKopmpHRueybHX0Yp1xdCBGUd yFK4OHbuycCWqLK8bO0pEzX0xBTsFJFSSAAuEMHtEZyENZqxGB68OO5DJ7v0njy2 YHCTei6rAgMBAAECggEBAKiomRs+P2qSTwksJSVCNeC+S5HY+RY2kpliO/BG0ic4 IowaIdU/COKPqcIpk5lQVcFXg0YkBsp9ms10GNJMX61CcwKU27CrgAFPcYatKfnS 4TNEgcBwCP/nVrQogyOXbZD/7UFrDZBIB8YlU33rJ6di2AV9gyu7Zf2yzLCEUl62 w/lQCrQMf9znl7ero4XTCPEGFD8mg8gzsVtVNE98T4S2Ft0en3kXuZXHmNIYQxB+ vFojunLUb6Pv2PSzIkupayceLZIfQE/Xv+ocEJHtLoQs9tJtwWnmbUwal7N6+GDe f6Ru4NGygngqIg6GfahlNKypKL8EWO4O7Di5gfrAXoECgYEA5DsXlbdxod/8i3qX OVt+H2943LIq5lTFXtoo0TZemv/1L2opzPqLAEI18QSiggBXP9qtgFz1uQ4j44F/ aTAtCSXRVv1Qpwzlggvj0qCe60HXgiv5X/xnO7GsxXTmKNZPaFJOLIM6bMHj3Uhb 6heh+9hOViGllevmv7/kNqJhzsECgYEA1pxD44X05jKb8Shf64yXnrgdvRCeYS/n YS/Do6uzarYRwYwtcceiLY5tgzqw3cVcxCGKiUh+o7zkGygJ/s9h45QsxnQXXJgd iVmnKNFno3KmiQZM4OBYQrQ4V3QZTVbZPrNCVJj6SZUQ7Me0Lr7XChbGaBPEPK9c RxWYF3KNxGsCgYEAkQxpMdKTWlCTHUX9JAvcvTfINWLaVuZbRawastP+Dj5L4iVz iX1VqAVsaNAMQ9jZmpBtIh5yYHj3IBjmE8D1blHlmIaHopNUrXDHCs7gER4YS/eM lo9AQLTr29YujJefgeqFGk8Qa5xSKAlbuQvp+7f+GUlrBjwVu5nF/V74EEECgYBL nWViHgmqrfw53QLm6HNnjfGUcu2KyqkYmg6xdUbS+3GII07DvxYKPRui2CQHD4ne 5P593lgYcu5gDxxudj1ERSn9hlvQ2RvXEAqQnC+K7FN3BgxCU2lln0AWuCZOFKKY r+pYCkptcKM0+iwnKEB2Io4nj4dd5l96AEbFRCxlHwKBgQC30xZmtN0aFhFWIZzS dmQBaxgloQFIZockClDcKstSLNbllehy3H+KLx666mDKWNRwWhBGqKS45CTr5kXl 6dddu0ppisDMYImcvJgZUUQe+bySnPTktuVGzyG6hP9NNqUhLhmnTuMYGvBJTXVp F8UFojHeHOrS//gpjHLnZPIbAg== -----END PRIVATE KEY----- # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- cc83b1c3fbb590a8bf21f1588636e032 ee6bcb9f1f103c402b36192feb73c94d 6b92e178d07668927ad7974aaed59930 963c66b0391555c5f9e4f2e678b1999c a6dc5a7ac3050134843e5cbf04ec531e 64a146ca78654ec4b05ad00f617e941d 442e9457bec0ab28301c3c9ecb04f00c 9ec329e7cbff60068ee6bca73515af88 95fa7008f157d810e0c8e4c91792eb08 8b3586f000865236c7129155621fdfa3 3b1aecd219d2c0f324f82b887e69f4e7 2120f55acd755818023eaafa1e0cd7df 4dc96797fe80174cd86815bd5615fee0 d47fcc7fbe483cb3897cf2e6c97dc4ad e869c2da52428b2e3aa207ec47f2c1e4 415b79b480944efb630f26ade1cc0616 -----END OpenVPN Static key V1-----
schwabe commented 1 year ago

I think your report is a duplicate of #256. Can you try the linked patches in that issue to see if they resolve your issue?