Closed KodakMaciel closed 7 months ago
Are you using systemd? If yes, then remove management-hold
from your server configuration.
Are you using systemd? If yes, then remove
management-hold
from your server configuration.
Thanks for the quick solution.
After the adjustment, the service went up normally, but my client is in a loop and does not connect.
Does not open any web interface for login with oAUTH2.0.
client
dev tun
dev-node "OpenVPN"
proto udp
remote xx.xxx.216.14 1194
resolv-retry 60
nobind
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
persist-key
persist-tun
mute-replay-warnings
verb 6
2024-03-08 19:29:25 us=301894 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2024-03-08 19:29:25 us=301894 Current Parameter Settings:
2024-03-08 19:29:25 us=301894 config = 'OpenVPN-HML.ovpn'
2024-03-08 19:29:25 us=301894 mode = 0
2024-03-08 19:29:25 us=301894 show_ciphers = DISABLED
2024-03-08 19:29:25 us=301894 show_digests = DISABLED
2024-03-08 19:29:25 us=301894 show_engines = DISABLED
2024-03-08 19:29:25 us=301894 genkey = DISABLED
2024-03-08 19:29:25 us=301894 genkey_filename = '[UNDEF]'
2024-03-08 19:29:25 us=301894 key_pass_file = '[UNDEF]'
2024-03-08 19:29:25 us=301894 show_tls_ciphers = DISABLED
2024-03-08 19:29:25 us=301894 connect_retry_max = 0
2024-03-08 19:29:25 us=301894 Connection profiles [0]:
2024-03-08 19:29:25 us=301894 proto = udp
2024-03-08 19:29:25 us=301894 local = '[UNDEF]'
2024-03-08 19:29:25 us=301894 local_port = '[UNDEF]'
2024-03-08 19:29:25 us=301894 remote = 'xx.xxx.216.14'
2024-03-08 19:29:25 us=301894 remote_port = '1194'
2024-03-08 19:29:25 us=301894 remote_float = DISABLED
2024-03-08 19:29:25 us=301894 bind_defined = DISABLED
2024-03-08 19:29:25 us=301894 bind_local = DISABLED
2024-03-08 19:29:25 us=301894 bind_ipv6_only = DISABLED
2024-03-08 19:29:25 us=301894 connect_retry_seconds = 5
2024-03-08 19:29:25 us=301894 connect_timeout = 120
2024-03-08 19:29:25 us=301894 socks_proxy_server = '[UNDEF]'
2024-03-08 19:29:25 us=301894 socks_proxy_port = '[UNDEF]'
2024-03-08 19:29:25 us=301894 tun_mtu = 1500
2024-03-08 19:29:25 us=301894 tun_mtu_defined = ENABLED
2024-03-08 19:29:25 us=301894 link_mtu = 1500
2024-03-08 19:29:25 us=301894 link_mtu_defined = DISABLED
2024-03-08 19:29:25 us=301894 tun_mtu_extra = 0
2024-03-08 19:29:25 us=301894 tun_mtu_extra_defined = DISABLED
2024-03-08 19:29:25 us=301894 mtu_discover_type = -1
2024-03-08 19:29:25 us=301894 fragment = 0
2024-03-08 19:29:25 us=301894 mssfix = 1450
2024-03-08 19:29:25 us=301894 explicit_exit_notification = 0
2024-03-08 19:29:25 us=301894 tls_auth_file = '[UNDEF]'
2024-03-08 19:29:25 us=301894 key_direction = not set
2024-03-08 19:29:25 us=301894 tls_crypt_file = '[UNDEF]'
2024-03-08 19:29:25 us=301894 tls_crypt_v2_file = '[UNDEF]'
2024-03-08 19:29:25 us=301894 Connection profiles END
2024-03-08 19:29:25 us=301894 remote_random = DISABLED
2024-03-08 19:29:25 us=301894 ipchange = '[UNDEF]'
2024-03-08 19:29:25 us=301894 dev = 'tun'
2024-03-08 19:29:25 us=301894 dev_type = '[UNDEF]'
2024-03-08 19:29:25 us=301894 dev_node = 'OpenVPN'
2024-03-08 19:29:25 us=301894 lladdr = '[UNDEF]'
2024-03-08 19:29:25 us=301894 topology = 1
2024-03-08 19:29:25 us=301894 ifconfig_local = '[UNDEF]'
2024-03-08 19:29:25 us=301894 ifconfig_remote_netmask = '[UNDEF]'
2024-03-08 19:29:25 us=301894 ifconfig_noexec = DISABLED
2024-03-08 19:29:25 us=301894 ifconfig_nowarn = DISABLED
2024-03-08 19:29:25 us=301894 ifconfig_ipv6_local = '[UNDEF]'
2024-03-08 19:29:25 us=311908 ifconfig_ipv6_netbits = 0
2024-03-08 19:29:25 us=311908 ifconfig_ipv6_remote = '[UNDEF]'
2024-03-08 19:29:25 us=311908 shaper = 0
2024-03-08 19:29:25 us=311908 mtu_test = 0
2024-03-08 19:29:25 us=311908 mlock = DISABLED
2024-03-08 19:29:25 us=311908 keepalive_ping = 0
2024-03-08 19:29:25 us=311908 keepalive_timeout = 0
2024-03-08 19:29:25 us=311908 inactivity_timeout = 0
2024-03-08 19:29:25 us=311908 ping_send_timeout = 0
2024-03-08 19:29:25 us=311908 ping_rec_timeout = 0
2024-03-08 19:29:25 us=311908 ping_rec_timeout_action = 0
2024-03-08 19:29:25 us=311908 ping_timer_remote = DISABLED
2024-03-08 19:29:25 us=311908 remap_sigusr1 = 0
2024-03-08 19:29:25 us=311908 persist_tun = ENABLED
2024-03-08 19:29:25 us=311908 persist_local_ip = DISABLED
2024-03-08 19:29:25 us=311908 persist_remote_ip = DISABLED
2024-03-08 19:29:25 us=311908 persist_key = ENABLED
2024-03-08 19:29:25 us=311908 passtos = DISABLED
2024-03-08 19:29:25 us=311908 resolve_retry_seconds = 60
2024-03-08 19:29:25 us=311908 resolve_in_advance = DISABLED
2024-03-08 19:29:25 us=311908 username = '[UNDEF]'
2024-03-08 19:29:25 us=311908 groupname = '[UNDEF]'
2024-03-08 19:29:25 us=311908 chroot_dir = '[UNDEF]'
2024-03-08 19:29:25 us=311908 cd_dir = '[UNDEF]'
2024-03-08 19:29:25 us=311908 writepid = '[UNDEF]'
2024-03-08 19:29:25 us=311908 up_script = '[UNDEF]'
2024-03-08 19:29:25 us=311908 down_script = '[UNDEF]'
2024-03-08 19:29:25 us=311908 down_pre = DISABLED
2024-03-08 19:29:25 us=311908 up_restart = DISABLED
2024-03-08 19:29:25 us=311908 up_delay = DISABLED
2024-03-08 19:29:25 us=311908 daemon = DISABLED
2024-03-08 19:29:25 us=311908 inetd = 0
2024-03-08 19:29:25 us=311908 log = ENABLED
2024-03-08 19:29:25 us=311908 suppress_timestamps = DISABLED
2024-03-08 19:29:25 us=311908 machine_readable_output = DISABLED
2024-03-08 19:29:25 us=311908 nice = 0
2024-03-08 19:29:25 us=311908 verbosity = 6
2024-03-08 19:29:25 us=311908 mute = 0
2024-03-08 19:29:25 us=311908 gremlin = 0
2024-03-08 19:29:25 us=311908 status_file = '[UNDEF]'
2024-03-08 19:29:25 us=311908 status_file_version = 1
2024-03-08 19:29:25 us=311908 status_file_update_freq = 60
2024-03-08 19:29:25 us=311908 occ = ENABLED
2024-03-08 19:29:25 us=311908 rcvbuf = 0
2024-03-08 19:29:25 us=311908 sndbuf = 0
2024-03-08 19:29:25 us=311908 sockflags = 0
2024-03-08 19:29:25 us=311908 fast_io = DISABLED
2024-03-08 19:29:25 us=311908 comp.alg = 0
2024-03-08 19:29:25 us=311908 comp.flags = 0
2024-03-08 19:29:25 us=311908 route_script = '[UNDEF]'
2024-03-08 19:29:25 us=311908 route_default_gateway = '[UNDEF]'
2024-03-08 19:29:25 us=311908 route_default_metric = 0
2024-03-08 19:29:25 us=311908 route_noexec = DISABLED
2024-03-08 19:29:25 us=311908 route_delay = 5
2024-03-08 19:29:25 us=311908 route_delay_window = 30
2024-03-08 19:29:25 us=311908 route_delay_defined = ENABLED
2024-03-08 19:29:25 us=311908 route_nopull = DISABLED
2024-03-08 19:29:25 us=311908 route_gateway_via_dhcp = DISABLED
2024-03-08 19:29:25 us=311908 allow_pull_fqdn = DISABLED
2024-03-08 19:29:25 us=311908 Pull filters:
2024-03-08 19:29:25 us=311908 ignore "route-method"
2024-03-08 19:29:25 us=311908 management_addr = '127.0.0.1'
2024-03-08 19:29:25 us=311908 management_port = '25341'
2024-03-08 19:29:25 us=311908 management_user_pass = 'stdin'
2024-03-08 19:29:25 us=311908 management_log_history_cache = 250
2024-03-08 19:29:25 us=311908 management_echo_buffer_size = 100
2024-03-08 19:29:25 us=311908 management_write_peer_info_file = '[UNDEF]'
2024-03-08 19:29:25 us=311908 management_client_user = '[UNDEF]'
2024-03-08 19:29:25 us=311908 management_client_group = '[UNDEF]'
2024-03-08 19:29:25 us=311908 management_flags = 6
2024-03-08 19:29:25 us=311908 shared_secret_file = '[UNDEF]'
2024-03-08 19:29:25 us=311908 key_direction = not set
2024-03-08 19:29:25 us=311908 ciphername = 'AES-256-CBC'
2024-03-08 19:29:25 us=311908 ncp_enabled = ENABLED
2024-03-08 19:29:25 us=311908 ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-256-CBC'
2024-03-08 19:29:25 us=311908 authname = 'SHA1'
2024-03-08 19:29:25 us=311908 prng_hash = 'SHA1'
2024-03-08 19:29:25 us=311908 prng_nonce_secret_len = 16
2024-03-08 19:29:25 us=311908 keysize = 0
2024-03-08 19:29:25 us=311908 engine = DISABLED
2024-03-08 19:29:25 us=311908 replay = ENABLED
2024-03-08 19:29:25 us=311908 mute_replay_warnings = ENABLED
2024-03-08 19:29:25 us=311908 replay_window = 64
2024-03-08 19:29:25 us=311908 replay_time = 15
2024-03-08 19:29:25 us=311908 packet_id_file = '[UNDEF]'
2024-03-08 19:29:25 us=311908 test_crypto = DISABLED
2024-03-08 19:29:25 us=311908 tls_server = DISABLED
2024-03-08 19:29:25 us=311908 tls_client = ENABLED
2024-03-08 19:29:25 us=311908 ca_file = 'ca.crt'
2024-03-08 19:29:25 us=311908 ca_path = '[UNDEF]'
2024-03-08 19:29:25 us=311908 dh_file = '[UNDEF]'
2024-03-08 19:29:25 us=311908 cert_file = 'client.crt'
2024-03-08 19:29:25 us=311908 extra_certs_file = '[UNDEF]'
2024-03-08 19:29:25 us=311908 priv_key_file = 'client.key'
2024-03-08 19:29:25 us=311908 pkcs12_file = '[UNDEF]'
2024-03-08 19:29:25 us=311908 cryptoapi_cert = '[UNDEF]'
2024-03-08 19:29:25 us=311908 cipher_list = '[UNDEF]'
2024-03-08 19:29:25 us=311908 cipher_list_tls13 = '[UNDEF]'
2024-03-08 19:29:25 us=311908 tls_cert_profile = '[UNDEF]'
2024-03-08 19:29:25 us=311908 tls_verify = '[UNDEF]'
2024-03-08 19:29:25 us=311908 tls_export_cert = '[UNDEF]'
2024-03-08 19:29:25 us=311908 verify_x509_type = 0
2024-03-08 19:29:25 us=311908 verify_x509_name = '[UNDEF]'
2024-03-08 19:29:25 us=311908 crl_file = '[UNDEF]'
2024-03-08 19:29:25 us=311908 ns_cert_type = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_ku[i] = 0
2024-03-08 19:29:25 us=311908 remote_cert_eku = '[UNDEF]'
2024-03-08 19:29:25 us=311908 ssl_flags = 0
2024-03-08 19:29:25 us=311908 tls_timeout = 2
2024-03-08 19:29:25 us=311908 renegotiate_bytes = -1
2024-03-08 19:29:25 us=311908 renegotiate_packets = 0
2024-03-08 19:29:25 us=311908 renegotiate_seconds = 3600
2024-03-08 19:29:25 us=311908 handshake_window = 60
2024-03-08 19:29:25 us=311908 transition_window = 3600
2024-03-08 19:29:25 us=311908 single_session = DISABLED
2024-03-08 19:29:25 us=311908 push_peer_info = DISABLED
2024-03-08 19:29:25 us=311908 tls_exit = DISABLED
2024-03-08 19:29:25 us=311908 tls_crypt_v2_metadata = '[UNDEF]'
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_protected_authentication = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_private_mode = 00000000
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_cert_private = DISABLED
2024-03-08 19:29:25 us=311908 pkcs11_pin_cache_period = -1
2024-03-08 19:29:25 us=311908 pkcs11_id = '[UNDEF]'
2024-03-08 19:29:25 us=311908 pkcs11_id_management = DISABLED
2024-03-08 19:29:25 us=311908 server_network = 0.0.0.0
2024-03-08 19:29:25 us=311908 server_netmask = 0.0.0.0
2024-03-08 19:29:25 us=311908 server_network_ipv6 = ::
2024-03-08 19:29:25 us=311908 server_netbits_ipv6 = 0
2024-03-08 19:29:25 us=311908 server_bridge_ip = 0.0.0.0
2024-03-08 19:29:25 us=311908 server_bridge_netmask = 0.0.0.0
2024-03-08 19:29:25 us=311908 server_bridge_pool_start = 0.0.0.0
2024-03-08 19:29:25 us=311908 server_bridge_pool_end = 0.0.0.0
2024-03-08 19:29:25 us=311908 ifconfig_pool_defined = DISABLED
2024-03-08 19:29:25 us=311908 ifconfig_pool_start = 0.0.0.0
2024-03-08 19:29:25 us=311908 ifconfig_pool_end = 0.0.0.0
2024-03-08 19:29:25 us=311908 ifconfig_pool_netmask = 0.0.0.0
2024-03-08 19:29:25 us=311908 ifconfig_pool_persist_filename = '[UNDEF]'
2024-03-08 19:29:25 us=311908 ifconfig_pool_persist_refresh_freq = 600
2024-03-08 19:29:25 us=311908 ifconfig_ipv6_pool_defined = DISABLED
2024-03-08 19:29:25 us=311908 ifconfig_ipv6_pool_base = ::
2024-03-08 19:29:25 us=311908 ifconfig_ipv6_pool_netbits = 0
2024-03-08 19:29:25 us=311908 n_bcast_buf = 256
2024-03-08 19:29:25 us=311908 tcp_queue_limit = 64
2024-03-08 19:29:25 us=311908 real_hash_size = 256
2024-03-08 19:29:25 us=311908 virtual_hash_size = 256
2024-03-08 19:29:25 us=311908 client_connect_script = '[UNDEF]'
2024-03-08 19:29:25 us=311908 learn_address_script = '[UNDEF]'
2024-03-08 19:29:25 us=311908 client_disconnect_script = '[UNDEF]'
2024-03-08 19:29:25 us=311908 client_config_dir = '[UNDEF]'
2024-03-08 19:29:25 us=311908 ccd_exclusive = DISABLED
2024-03-08 19:29:25 us=311908 tmp_dir = 'C:\Users\pram\AppData\Local\Temp\'
2024-03-08 19:29:25 us=311908 push_ifconfig_defined = DISABLED
2024-03-08 19:29:25 us=311908 push_ifconfig_local = 0.0.0.0
2024-03-08 19:29:25 us=311908 push_ifconfig_remote_netmask = 0.0.0.0
2024-03-08 19:29:25 us=311908 push_ifconfig_ipv6_defined = DISABLED
2024-03-08 19:29:25 us=311908 push_ifconfig_ipv6_local = ::/0
2024-03-08 19:29:25 us=311908 push_ifconfig_ipv6_remote = ::
2024-03-08 19:29:25 us=311908 enable_c2c = DISABLED
2024-03-08 19:29:25 us=311908 duplicate_cn = DISABLED
2024-03-08 19:29:25 us=311908 cf_max = 0
2024-03-08 19:29:25 us=311908 cf_per = 0
2024-03-08 19:29:25 us=311908 max_clients = 1024
2024-03-08 19:29:25 us=311908 max_routes_per_client = 256
2024-03-08 19:29:25 us=317048 auth_user_pass_verify_script = '[UNDEF]'
2024-03-08 19:29:25 us=317048 auth_user_pass_verify_script_via_file = DISABLED
2024-03-08 19:29:25 us=317048 auth_token_generate = DISABLED
2024-03-08 19:29:25 us=317048 auth_token_lifetime = 0
2024-03-08 19:29:25 us=317048 auth_token_secret_file = '[UNDEF]'
2024-03-08 19:29:25 us=317048 vlan_tagging = DISABLED
2024-03-08 19:29:25 us=317048 vlan_accept = all
2024-03-08 19:29:25 us=317048 vlan_pvid = 1
2024-03-08 19:29:25 us=317048 client = ENABLED
2024-03-08 19:29:25 us=317048 pull = ENABLED
2024-03-08 19:29:25 us=317048 auth_user_pass_file = '[UNDEF]'
2024-03-08 19:29:25 us=317048 show_net_up = DISABLED
2024-03-08 19:29:25 us=317048 route_method = 3
2024-03-08 19:29:25 us=317048 block_outside_dns = DISABLED
2024-03-08 19:29:25 us=317048 ip_win32_defined = DISABLED
2024-03-08 19:29:25 us=317048 ip_win32_type = 3
2024-03-08 19:29:25 us=317048 dhcp_masq_offset = 0
2024-03-08 19:29:25 us=317048 dhcp_lease_time = 31536000
2024-03-08 19:29:25 us=317048 tap_sleep = 0
2024-03-08 19:29:25 us=317048 dhcp_options = DISABLED
2024-03-08 19:29:25 us=317048 dhcp_renew = DISABLED
2024-03-08 19:29:25 us=317048 dhcp_pre_release = DISABLED
2024-03-08 19:29:25 us=317048 domain = '[UNDEF]'
2024-03-08 19:29:25 us=317048 netbios_scope = '[UNDEF]'
2024-03-08 19:29:25 us=317048 netbios_node_type = 0
2024-03-08 19:29:25 us=317048 disable_nbt = DISABLED
2024-03-08 19:29:25 us=317048 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2024-03-08 19:29:25 us=317048 Windows version 10.0 (Windows 10 or greater) 64bit
2024-03-08 19:29:25 us=317048 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2024-03-08 19:29:25 us=318463 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
2024-03-08 19:29:25 us=321063 Need hold release from management interface, waiting...
2024-03-08 19:29:25 us=708346 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
2024-03-08 19:29:25 us=814144 MANAGEMENT: CMD 'state on'
2024-03-08 19:29:25 us=816462 MANAGEMENT: CMD 'log all on'
2024-03-08 19:29:26 us=371423 MANAGEMENT: CMD 'echo all on'
2024-03-08 19:29:26 us=371423 MANAGEMENT: CMD 'bytecount 5'
2024-03-08 19:29:26 us=387160 MANAGEMENT: CMD 'hold off'
2024-03-08 19:29:26 us=387160 MANAGEMENT: CMD 'hold release'
2024-03-08 19:29:26 us=387160 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2024-03-08 19:29:26 us=387160 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2024-03-08 19:29:26 us=387160 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2024-03-08 19:29:26 us=387160 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2024-03-08 19:29:26 us=387160 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2024-03-08 19:29:26 us=387160 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.216.14:1194
2024-03-08 19:29:26 us=387160 Socket Buffers: R=[65536->65536] S=[65536->65536]
2024-03-08 19:29:26 us=387160 UDP link local: (not bound)
2024-03-08 19:29:26 us=387160 UDP link remote: [AF_INET]xx.xxx.216.14:1194
2024-03-08 19:29:26 us=387160 MANAGEMENT: >STATE:1709936966,WAIT,,,,,,
2024-03-08 19:29:26 us=387160 UDP WRITE [14] to [AF_INET]xx.xxx.216.14:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
2024-03-08 19:29:26 us=387160 UDP READ [0] from [AF_UNSPEC]: DATA UNDEF len=-1
2024-03-08 19:29:26 us=561267 UDP READ [26] from [AF_INET]xx.xxx.216.14:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
2024-03-08 19:29:26 us=561267 MANAGEMENT: >STATE:1709936966,AUTH,,,,,,
2024-03-08 19:29:26 us=561267 TLS: Initial packet from [AF_INET]xx.xxx.216.14:1194, sid=e561a45d 33a5e911
2024-03-08 19:29:26 us=561267 UDP WRITE [22] to [AF_INET]xx.xxx.216.14:1194: P_ACK_V1 kid=0 [ 0 ]
2024-03-08 19:29:26 us=561267 UDP WRITE [291] to [AF_INET]xx.xxx.216.14:1194: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=277
2024-03-08 19:29:26 us=735849 UDP READ [1200] from [AF_INET]xx.xxx.216.14:1194: P_CONTROL_V1 kid=0 [ 1 ] pid=1 DATA len=1174
2024-03-08 19:29:26 us=735849 UDP WRITE [22] to [AF_INET]xx.xxx.216.14:1194: P_ACK_V1 kid=0 [ 1 ]
2024-03-08 19:29:26 us=735849 UDP READ [1188] from [AF_INET]xx.xxx.216.14:1194: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=1174
2024-03-08 19:29:26 us=735849 VERIFY OK: depth=0, CN=orca-server
2024-03-08 19:29:26 us=735849 UDP WRITE [22] to [AF_INET]xx.xxx.216.14:1194: P_ACK_V1 kid=0 [ 2 ]
2024-03-08 19:29:26 us=735849 UDP READ [58] from [AF_INET]xx.xxx.216.14:1194: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=44
2024-03-08 19:29:26 us=735849 UDP WRITE [1200] to [AF_INET]xx.xxx.216.14:1194: P_CONTROL_V1 kid=0 [ 3 ] pid=2 DATA len=1174
2024-03-08 19:29:26 us=735849 UDP WRITE [1188] to [AF_INET]xx.xxx.216.14:1194: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=1174
2024-03-08 19:29:26 us=735849 UDP WRITE [234] to [AF_INET]xx.xxx.216.14:1194: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=220
2024-03-08 19:29:26 us=909175 UDP READ [22] from [AF_INET]xx.xxx.216.14:1194: P_ACK_V1 kid=0 [ 2 ]
2024-03-08 19:29:26 us=909175 UDP READ [184] from [AF_INET]xx.xxx.216.14:1194: P_CONTROL_V1 kid=0 [ 3 ] pid=4 DATA len=158
2024-03-08 19:29:26 us=916698 UDP WRITE [22] to [AF_INET]xx.xxx.216.14:1194: P_ACK_V1 kid=0 [ 4 ]
2024-03-08 19:29:26 us=916698 UDP READ [245] from [AF_INET]xx.xxx.216.14:1194: P_CONTROL_V1 kid=0 [ 4 ] pid=5 DATA len=219
2024-03-08 19:29:26 us=916698 UDP WRITE [22] to [AF_INET]xx.xxx.216.14:1194: P_ACK_V1 kid=0 [ 5 ]
2024-03-08 19:29:26 us=916698 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2024-03-08 19:29:26 us=916698 [orca-server] Peer Connection Initiated with [AF_INET]xx.xxx.216.14:1194
2024-03-08 19:29:28 us=53451 MANAGEMENT: >STATE:1709936968,GET_CONFIG,,,,,,
it sounds like to didnt start openvpn-auth-oauth2?
it sounds like to didnt start openvpn-auth-oauth2?
The service is not starting, how can I debug it and where are the logs stored?
My settings are the same as in previous comments, do I need to make any other adjustments?
× openvpn-auth-oauth2.service - OpenVPN authenticator
Loaded: loaded (/usr/lib/systemd/system/openvpn-auth-oauth2.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Fri 2024-03-08 23:49:03 UTC; 3s ago
Duration: 40ms
Docs: https://github.com/jkroepke/openvpn-auth-oauth2
Process: 2482 ExecStart=/usr/bin/openvpn-auth-oauth2 (code=exited, status=1/FAILURE)
Main PID: 2482 (code=exited, status=1/FAILURE)
CPU: 37ms
Mar 08 23:49:03 ip-xxx-xx-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Main process exited, code=exited, status=1/FAILURE
Mar 08 23:49:03 ip-xxx-xx-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Failed with result 'exit-code'.
Mar 08 23:49:03 ip-xxx-xx-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Scheduled restart job, restart counter is at 5.
Mar 08 23:49:03 ip-xxx-xx-1-150.ec2.internal systemd[1]: Stopped OpenVPN authenticator.
Mar 08 23:49:03 ip-xxx-xx-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Start request repeated too quickly.
Mar 08 23:49:03 ip-xxx-xx-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Failed with result 'exit-code'.
Mar 08 23:49:03 ip-xxx-xx-1-150.ec2.internal systemd[1]: Failed to start OpenVPN authenticator.
how can I debug it and where are the logs stored?
Logs are stored in journald, if systemd is used.
journalctl -u openvpn-auth-oauth2
do I need to make any other adjustments?
Without any additional modifications, openvpn-auth-oauth2 runs with different user permissions compared to OpenVPN. By default, only files inside /etc/openvpn-auth-oauth2/
are readable, if the group of the files is openvpn-auth-oauth2. too.
CONFIG_HTTP_CERT=/etc/openvpn/server/orca-server.crt CONFIG_HTTP_KEY=/etc/openvpn/server/orca-server.key
I expect, that openvpn-auth-oauth2 failes to start, because its unable to read the crt/key files from /etc/openvpn/server/
directory. This is an security design decision. If an attacker exploit openvpn-auth-oauth2, if wont get any keys from OpenVPN server.
See also: https://github.com/jkroepke/openvpn-auth-oauth2/wiki/Configuration#filesystem-permissions
como posso depurá-lo e onde os logs estão armazenados?
Os logs são armazenados em journald, se o systemd for usado.
journalctl -u openvpn-auth-oauth2
I reconfigured the openvpn-auth-oauth2 file with the settings below, but the service is still not going up, follow the newspaperctl below as well.
CONFIG_OPENVPN_ADDR=unix:///run/openvpn-server/server.sock
CONFIG_OPENVPN_PASSWORD=*******
CONFIG_OAUTH2_ISSUER=https://login.microsoftonline.com/***Tenant ID***/v2.0
CONFIG_OAUTH2_CLIENT_ID=***Client ID***
CONFIG_HTTP_LISTEN=127.0.0.1:9000
CONFIG_OAUTH2_CLIENT_SECRET=***Client-Secret***
CONFIG_HTTP_SECRET=***Random Key 16 digits***
CONFIG_HTTP_BASEURL=https://openvpnhml.*****.com.br:9000
#CONFIG_HTTP_BASE_URL=https://openvpnhml.*****.com.br:9000
CONFIG_LOG_FORMAT=debug
CONFIG_HTTP_BASEURL=
or
CONFIG_HTTP_BASE_URL=
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal systemd[1]: Started OpenVPN authenticator.
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal openvpn-auth-oauth2[6398]: time=2024-03-10T00:33:02.165Z level=ERROR msg="error configure logging: unknown log format: deb>
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Main process exited, code=exited, status=1/FAILURE
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Failed with result 'exit-code'.
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Scheduled restart job, restart counter is at 5.
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal systemd[1]: Stopped OpenVPN authenticator.
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Start request repeated too quickly.
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Failed with result 'exit-code'.
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal systemd[1]: Failed to start OpenVPN authenticator.
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal openvpn-auth-oauth2[6398]: time=2024-03-10T00:33:02.165Z level=ERROR msg="error configure logging: unknown log format: deb>
There is no debug log format. there is only a debug level:
Wrong:
CONFIG_LOG_FORMAT=debug
Right
CONFIG_LOG_LEVEL=debug
Please read your own logs.
The error below regarding OpenVPN version is being returned, but my version is the latest available for Alma Linux 9 2.5.9.
Any alternative to fix this?
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.864Z level=INFO msg="start HTTP server listener on 127.0.0.1:9000 with base url https://openvpnhml.xxxx.com.br:9000"
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.864Z level=INFO msg="connect to openvpn management interface unix:///run/openvpn-server/server.sock"
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.864Z level=DEBUG msg="password probe: ENTER PASSWORD:"
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.864Z level=DEBUG msg=xxxxxxxx
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.864Z level=INFO msg="connection to OpenVPN management interface established."
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.865Z level=DEBUG msg=version
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.865Z level=INFO msg="OpenVPN Version: OpenVPN 2.5.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 9 2023 - Management Version: 3"
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.865Z level=INFO msg="shutdown OpenVPN management connection"
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.865Z level=ERROR msg="OpenVPN: OpenVPN management error: openvpn-auth-oauth2 requires OpenVPN management interface version 5 or higher"
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.865Z level=INFO msg="start graceful shutdown of http listener"
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal openvpn-auth-oauth2[1685]: time=2024-03-11T14:46:32.865Z level=INFO msg="http listener successfully terminated"
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Main process exited, code=exited, status=1/FAILURE
Mar 11 14:46:32 ip-xx-xx-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Failed with result 'exit-code'.
Mar 11 14:46:33 ip-xx-xx-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Scheduled restart job, restart counter is at 5.
Mar 11 14:46:33 ip-xx-xx-1-150.ec2.internal systemd[1]: Stopped OpenVPN authenticator.
Mar 11 14:46:33 ip-xx-xx-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Start request repeated too quickly.
Mar 11 14:46:33 ip-xx-xx-1-150.ec2.internal systemd[1]: openvpn-auth-oauth2.service: Failed with result 'exit-code'.
Mar 11 14:46:33 ip-xx-xx-1-150.ec2.internal systemd[1]: Failed to start OpenVPN authenticator.
[root@ip-xx-xx-1-150 ~]# cat /etc/os-release
NAME="AlmaLinux"
VERSION="9.3 (Shamrock Pampas Cat)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.3"
PLATFORM_ID="platform:el9"
PRETTY_NAME="AlmaLinux 9.3 (Shamrock Pampas Cat)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:9::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"
ALMALINUX_MANTISBT_PROJECT="AlmaLinux-9"
ALMALINUX_MANTISBT_PROJECT_VERSION="9.3"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.3"
Mar 10 00:33:02 ip-172-39-1-150.ec2.internal openvpn-auth-oauth2[6398]: time=2024-03-10T00:33:02.165Z level=ERROR msg="error configure logging: unknown log format: deb>
There is no debug log format. there is only a debug level:
Wrong:
CONFIG_LOG_FORMAT=debug
Right
CONFIG_LOG_LEVEL=debug
Please read your own logs.
Any alternative to fix this?
You could try to use RPMs from Fedora (https://rpmfind.net/linux/rpm2html/search.php?query=openvpn) or using Debian.
Sorry, but if you are using enterprise based distributions, its up to your problem to bring new software on it. You can consider to run OpenVPN inside a docker container.
openvpn-auth-oauth2 requires at 2.6.0 at minimum. I can't change it.
Any alternative to fix this?
You could try to use RPMs from Fedora (https://rpmfind.net/linux/rpm2html/search.php?query=openvpn) or using Debian.
Sorry, but if you are using enterprise based distributions, its up to your problem to bring new software on it. You can consider to run OpenVPN inside a docker container.
openvpn-auth-oauth2 requires at 2.6.0 at minimum. I can't change it.
After days of trying to adjust, I managed to get the redirection to be carried out correctly in the browser, but I am receiving the "Access denied" message after logging in with my azure account.
My user already has permissions within the application as an administrator, but the error is still returned, what can I validate?
Is there a need for another user base besides Azure?
Check server logs
Verifique os logs do servidor
I managed to configure Azure correctly, now I'm configuring another SSO, but the message below is being returned in the logs.
level=WARN msg="Invalid State: base64 decode 0: illegal base64 data at input byte 0" error_id=3ac3423cd4b3082210773c203386513ea63ff488504769bfa298a15d8806e3f6
I am using:
CONFIG_OAUTH2_ENDPOINT_TOKEN
CONFIG_OAUTH2_ENDPOINT_AUTH
#CONFIG_OAUTH2_SCOPES=read
It seems like that the other SSO provider does not return the state provider back. What you are using?
Hi, @jkroepke . I am configuring my own SSO, errors are being returned in the callback.
https://xxx.xxx.216.14:9000/oauth2/callback?state=cat0rA03A4yaS5akNjBbAjHgQfMg-J71F_sGiZSEk44TzpTwZGCc7P1VAdjG3QQ91qQfsuO7tr_QBoElP5Um4q4V&code=6d368bccc783dc4f6d8fbc1b5fdbaef0882692f7cbdb9d954ed121e9c172493560ce8112172b411008c1535e7e6e1d8edc3003e6489bce2bb29fda3b3e8316c9
Mar 13 18:38:34 ip-xxx-xx-1-150 openvpn-auth-oauth2[16235]: time=2024-03-13T18:38:34.201Z level=WARN msg="Unauthorized: failed to exchange token: oauth2: cannot parse json: invalid character '<' looking for beginning of value" ip=201.86.245.164:53083 cid=1 kid=1 common_name=client error_id=32f0e893faa7f1a56a6a9839a7172eeef0c58f92c8a9d36b8136b6aaaa8b2aeb
Note: The code is the access token to obtain user data in my application.
it seem like openvpn-auth-oauth2[ is trying to call the token endpoint, but a html based error message will be returned.
Problem Statement
Hello, I'm trying to configure OAUTH2 for use in conjunction with AZURE SSO, the service is not starting, it just dies, could you help me? Below are my settings:
server.conf
openvpn-auth-oauth2
openvpn.log
Environment