Project

General

Profile

Actions
Copy link

Bug #63320

closed

VPN AUTH_FAILED

Added by Mark Nelson 6 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Yehuda Sadeh
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

per request:

sudo openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5
Wed Oct 25 09:43:36 2023 us=694381 WARNING: file 'sepia/tlsauth' is group or others accessible
Wed Oct 25 09:43:36 2023 us=694419 Current Parameter Settings:
Wed Oct 25 09:43:36 2023 us=694433   config = '/etc/openvpn/sepia.conf'
Wed Oct 25 09:43:36 2023 us=694443   mode = 0
Wed Oct 25 09:43:36 2023 us=694453   persist_config = DISABLED
Wed Oct 25 09:43:36 2023 us=694465   persist_mode = 1
Wed Oct 25 09:43:36 2023 us=694475   show_ciphers = DISABLED
Wed Oct 25 09:43:36 2023 us=694485   show_digests = DISABLED
Wed Oct 25 09:43:36 2023 us=694494   show_engines = DISABLED
Wed Oct 25 09:43:36 2023 us=694504   genkey = DISABLED
Wed Oct 25 09:43:36 2023 us=694542   key_pass_file = '[UNDEF]'
Wed Oct 25 09:43:36 2023 us=694550 NOTE: --mute triggered...
Wed Oct 25 09:43:36 2023 us=694561 272 variation(s) on previous 10 message(s) suppressed by --mute
Wed Oct 25 09:43:36 2023 us=694566 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Oct 25 09:43:36 2023 us=694577 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Wed Oct 25 09:43:36 2023 us=694937 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 25 09:43:36 2023 us=694951 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 25 09:43:36 2023 us=694958 LZO compression initializing
Wed Oct 25 09:43:36 2023 us=695011 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Wed Oct 25 09:43:36 2023 us=796802 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Oct 25 09:43:36 2023 us=796847 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Oct 25 09:43:36 2023 us=796856 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Oct 25 09:43:36 2023 us=797201 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194
Wed Oct 25 09:43:36 2023 us=797221 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Oct 25 09:43:36 2023 us=797228 UDP link local: (not bound)
Wed Oct 25 09:43:36 2023 us=797237 UDP link remote: [AF_INET]8.43.84.129:1194
Wed Oct 25 09:43:36 2023 us=797244 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
WRWed Oct 25 09:43:36 2023 us=846969 TLS: Initial packet from [AF_INET]8.43.84.129:1194, sid=95a03685 7c180d2d
WWed Oct 25 09:43:36 2023 us=847050 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
WRWRWed Oct 25 09:43:36 2023 us=895091 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia
Wed Oct 25 09:43:36 2023 us=895253 VERIFY KU OK
Wed Oct 25 09:43:36 2023 us=895263 Validating certificate extended key usage
Wed Oct 25 09:43:36 2023 us=895274 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Oct 25 09:43:36 2023 us=895280 VERIFY EKU OK
Wed Oct 25 09:43:36 2023 us=895284 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
WRWRWed Oct 25 09:43:37 2023 us=988908 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1550'
Wed Oct 25 09:43:37 2023 us=988939 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-GCM'
Wed Oct 25 09:43:37 2023 us=988950 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
Wed Oct 25 09:43:37 2023 us=988959 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
WWed Oct 25 09:43:37 2023 us=989009 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2432 bit RSA
Wed Oct 25 09:43:37 2023 us=989027 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
Wed Oct 25 09:43:39 2023 us=230320 SENT CONTROL [openvpn-sepia]: 'PUSH_REQUEST' (status=1)
WRRWed Oct 25 09:43:39 2023 us=275937 AUTH: Received control message: AUTH_FAILED
Wed Oct 25 09:43:39 2023 us=276023 TCP/UDP: Closing socket
Wed Oct 25 09:43:39 2023 us=276041 SIGTERM[soft,auth-failure] received, process exiting
Actions
Copy link
 #1

Updated by adam kraitman 6 months ago

  • Category set to User access
  • Status changed from New to In Progress
  • Assignee set to adam kraitman
Actions
Copy link
 #2

Updated by adam kraitman 6 months ago

Hey Mark please try now

Actions
Copy link
 #3

Updated by Mark Nelson 6 months ago

  • Category deleted (User access)
  • Status changed from In Progress to Resolved
  • Assignee changed from adam kraitman to Yehuda Sadeh
  • Severity deleted (3 - minor)

Fixed! Thanks Adam!

Actions
Copy link

Also available in: Atom PDF