Actions
Bug #63320
closedVPN AUTH_FAILED
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
per request:
sudo openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5 Wed Oct 25 09:43:36 2023 us=694381 WARNING: file 'sepia/tlsauth' is group or others accessible Wed Oct 25 09:43:36 2023 us=694419 Current Parameter Settings: Wed Oct 25 09:43:36 2023 us=694433 config = '/etc/openvpn/sepia.conf' Wed Oct 25 09:43:36 2023 us=694443 mode = 0 Wed Oct 25 09:43:36 2023 us=694453 persist_config = DISABLED Wed Oct 25 09:43:36 2023 us=694465 persist_mode = 1 Wed Oct 25 09:43:36 2023 us=694475 show_ciphers = DISABLED Wed Oct 25 09:43:36 2023 us=694485 show_digests = DISABLED Wed Oct 25 09:43:36 2023 us=694494 show_engines = DISABLED Wed Oct 25 09:43:36 2023 us=694504 genkey = DISABLED Wed Oct 25 09:43:36 2023 us=694542 key_pass_file = '[UNDEF]' Wed Oct 25 09:43:36 2023 us=694550 NOTE: --mute triggered... Wed Oct 25 09:43:36 2023 us=694561 272 variation(s) on previous 10 message(s) suppressed by --mute Wed Oct 25 09:43:36 2023 us=694566 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022 Wed Oct 25 09:43:36 2023 us=694577 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 Wed Oct 25 09:43:36 2023 us=694937 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 25 09:43:36 2023 us=694951 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 25 09:43:36 2023 us=694958 LZO compression initializing Wed Oct 25 09:43:36 2023 us=695011 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] Wed Oct 25 09:43:36 2023 us=796802 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ] Wed Oct 25 09:43:36 2023 us=796847 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' Wed Oct 25 09:43:36 2023 us=796856 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' Wed Oct 25 09:43:36 2023 us=797201 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194 Wed Oct 25 09:43:36 2023 us=797221 Socket Buffers: R=[212992->212992] S=[212992->212992] Wed Oct 25 09:43:36 2023 us=797228 UDP link local: (not bound) Wed Oct 25 09:43:36 2023 us=797237 UDP link remote: [AF_INET]8.43.84.129:1194 Wed Oct 25 09:43:36 2023 us=797244 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay WRWed Oct 25 09:43:36 2023 us=846969 TLS: Initial packet from [AF_INET]8.43.84.129:1194, sid=95a03685 7c180d2d WWed Oct 25 09:43:36 2023 us=847050 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this WRWRWed Oct 25 09:43:36 2023 us=895091 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia Wed Oct 25 09:43:36 2023 us=895253 VERIFY KU OK Wed Oct 25 09:43:36 2023 us=895263 Validating certificate extended key usage Wed Oct 25 09:43:36 2023 us=895274 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Wed Oct 25 09:43:36 2023 us=895280 VERIFY EKU OK Wed Oct 25 09:43:36 2023 us=895284 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia WRWRWed Oct 25 09:43:37 2023 us=988908 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1550' Wed Oct 25 09:43:37 2023 us=988939 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-GCM' Wed Oct 25 09:43:37 2023 us=988950 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]' Wed Oct 25 09:43:37 2023 us=988959 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256' WWed Oct 25 09:43:37 2023 us=989009 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2432 bit RSA Wed Oct 25 09:43:37 2023 us=989027 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194 Wed Oct 25 09:43:39 2023 us=230320 SENT CONTROL [openvpn-sepia]: 'PUSH_REQUEST' (status=1) WRRWed Oct 25 09:43:39 2023 us=275937 AUTH: Received control message: AUTH_FAILED Wed Oct 25 09:43:39 2023 us=276023 TCP/UDP: Closing socket Wed Oct 25 09:43:39 2023 us=276041 SIGTERM[soft,auth-failure] received, process exiting
Updated by adam kraitman 6 months ago
- Category set to User access
- Status changed from New to In Progress
- Assignee set to adam kraitman
Updated by Mark Nelson 6 months ago
- Category deleted (
User access) - Status changed from In Progress to Resolved
- Assignee changed from adam kraitman to Yehuda Sadeh
- Severity deleted (
3 - minor)
Fixed! Thanks Adam!
Actions