Announcement

Collapse
No announcement yet.

OpenVPN authentication with Active Directory

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • OpenVPN authentication with Active Directory

    Hi,

    Below are the configuration of server and client. Goal: OpenVPN authentication with Active Directory. But I face a problem in which when I run

    --------------------------------------------------------------------------------------------------------
    server.ovpn configuration:

    port 1194
    proto udp
    dev tun

    ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
    cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
    key "C:\\Program Files\\OpenVPN\\config\\server.key"
    dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"

    server 10.88.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    keepalive 10 120
    comp-lzo

    persist-tun
    status openvpn-status.log
    verb 3

    script-security 3
    auth-user-pass-verify "C:/Windows/System32/cscript.exe /H:cscript C:/Program Files/OpenVPN/config/Auth4OpenVPN.vbs" via-env
    --------------------------------------------------------------------------------------------------------

    --------------------------------------------------------------------------------------------------------
    client.ovpn

    client
    dev tun
    proto udp

    remote [server ip address] 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun

    ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
    cert "C:\\Program Files\\OpenVPN\\config\\client01.crt"
    key "C:\\Program Files\\OpenVPN\\config\\client01.key"

    ns-cert-type server
    comp-lzo
    verb 3

    auth-user-pass
    auth-retry interact

    --------------------------------------------------------------------------------------------------------
    Auth4OpenVPN.ini configuration

    Server = "ip address of AD"

    Domain = "company domain"

    DN = "dc="abc",dc="com",dc="my"

    Group = "vpnusers"

    Logging = "On"

    --------------------------------------------------------------------------------------------------------

    when I run the script using this syntax: auth4openvpn.vbs <user> <password>, the result is "Authentication Successful" but when I connect the client to the server

    there is an error as below:

    ****
    Fri Feb 28 15:20:22 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client01.log: Access is denied. (errno=5)
    Fri Feb 28 15:20:22 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
    Fri Feb 28 15:20:22 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    Fri Feb 28 15:20:22 2014 Need hold release from management interface, waiting...
    Fri Feb 28 15:20:22 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'state on'
    Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'log all on'
    Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold off'
    Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold release'
    Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'username "Auth" "nuruljannah"'
    Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'password [...]'
    Fri Feb 28 15:20:33 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Fri Feb 28 15:20:33 2014 UDPv4 link local: [undef]
    Fri Feb 28 15:20:33 2014 UDPv4 link remote: [AF_INET]192.168.xxx.xxx:1194
    Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,WAIT,,,
    Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,AUTH,,,
    Fri Feb 28 15:20:33 2014 TLS: Initial packet from [AF_INET]192.168.xxx.xxx:1194, sid=49293fda 7d5594f8
    Fri Feb 28 15:20:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Fri Feb 28 15:20:33 2014 VERIFY OK: depth=1, C=MY, ST=SE, L=PJ, O=ECSM, OU=xxx, CN=ecsvpn, name=admin, [email protected]
    Fri Feb 28 15:20:33 2014 VERIFY OK: nsCertType=SERVER
    Fri Feb 28 15:20:33 2014 VERIFY OK: depth=0, C=MY, ST=SE, L=PJ, O=ECSM, OU=xxx, CN=ecsvpn, name=admin, [email protected]
    Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Fri Feb 28 15:20:33 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Fri Feb 28 15:20:33 2014 [ecsvpn] Peer Connection Initiated with [AF_INET][b]server ip address:1194
    Fri Feb 28 15:20:34 2014 MANAGEMENT: >STATE:1393572034,GET_CONFIG,,,
    Fri Feb 28 15:20:35 2014 SENT CONTROL [ecsvpn]: 'PUSH_REQUEST' (status=1)
    Fri Feb 28 15:20:35 2014 AUTH: Received control message: AUTH_FAILED
    Fri Feb 28 15:20:35 2014 SIGUSR1[soft,auth-failure] received, process restarting
    Fri Feb 28 15:20:35 2014 MANAGEMENT: >STATE:1393572035,RECONNECTING,auth-failure,,
    Fri Feb 28 15:20:35 2014 Restart pause, 2 second(s)
Working...
X