Open heycarl opened 1 month ago
May 18 21:11:55 gate-grvt-cloud openvpn-auth-oauth2[1188432]: time=2024-05-18T21:11:55.277Z level=WARN msg="OpenVPN Client does not support SSO authentication via webauth" ip=yyy.yyy.yyy.yyy:50331 cid=58 kid=1 common_name="Mutex OpenVPN Client" reason=CONNECT session_id=RHq1L9DD3Ky7wqJS session_state=Initial
The error is: OpenVPN Client does not support SSO authentication via webauth
. OpenVPN client must advertise that they support web authentication. If the flag IV_SSO is not present, is connection deny.
Normally Viscosity fully supports WebAuth, no clue whats going wrong here.
You could try to set verb 3
on your OpenVPN server config.
If you observe a line with peer info: IV_SSO=openurl,webauth
, then the error is inside openvpn-auth-oauth2. If the line is not present, there is an issue with that client.
Hi! I had updated my Viscosity client to 1.11.1 (1683) and got an new error message:
2024-05-28 03:00:52: SENT CONTROL [Mutex OpenVPN Server]: 'PUSH_REQUEST' (status=1)
2024-05-28 03:00:52: AUTH_PENDING received, extending handshake timeout from 60s to 180s
2024-05-28 03:00:52: Info command was pushed by server ('WEB_AUTH::http://my_idm')
2024-05-28 03:00:52: Error: Invalid URL in information request received from server.
2024-05-28 03:00:52: State changed to Disconnecting (Web Auth URL Error)
I'm a bit disappointed about this error, maybe someone has fixed this issue?
Sure just share your settings
Hi, I tested with: Viscosity 1.11.1 (1683) and it works fine.
2024-05-28 03:00:52: Info command was pushed by server ('WEB_AUTH::http://my_idm')
Viscosity only accepts HTTPS URLs, a plain HTTP URL will be rejected, which is likely what is going on here. Keep in mind the Web Auth traffic takes place outside of the VPN connection, so plain HTTP traffic could be intercepted.
Thanks for the info, I added this to the notes.
Thanks you! I will try to make connection secured
Current Behavior
When I try to connect to the OpenVPN server using openvpn-auth-oauth2 on macOS using the Viscosity client, OAuth promt is not displayed, but an error appears:
Expected Behavior
Authentication prompt.
Steps To Reproduce
No response
Environment
openvpn-auth-oauth2 logs