Hi there,
I have trouble getting two factor authentication to work in endian 2.4.1.
PSK is working and so is
certificate only.
The client conf:
tls-client
dev tap
proto udp
remote server 1194
resolv-retry 2
nobind
user nobody
group nogroup
persist-key
persist-tun
pkcs12 client.p12
auth-user-pass
pull
comp-lzo
verb 3
The server conf:
daemon
mode server
tls-server
proto udp
port 1194
multihome
user nobody
group nobody
cd /var/openvpn
client-config-dir clients
script-security 2 system
dev tap0
server-bridge ip mask ip_from ip_to
push "route-gateway ip"
passtos
comp-lzo
management 127.0.0.1 5555
keepalive 8 30
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
persist-local-ip
persist-remote-ip
writepid /var/run/openvpn/openvpn.pid
ifconfig-pool-persist openvpn.leases
status /var/log/openvpn/openvpn-status.log
verb 1
client-connect "/usr/local/bin/dir.d-exec /etc/openvpn/client-connect.d/"
client-disconnect "/usr/local/bin/dir.d-exec /etc/openvpn/client-disconnect.d/"
dh /var/efw/openvpn/dh1024.pem
pkcs12 /var/efw/openvpn/pkcs12.p12
auth-user-pass-verify "/usr/bin/openvpn-auth" via-file
username-as-common-name
I generated the certificates with the easy-rsa folder of the openvpn installation; then I imported the p12 file from the endian web-interface.
I manually copied the dh file to /var/efw/openvpn/ but didn't help.
Here is the end of the log I am getting:
[server Peer Connection Initiated with [AF_INET]ip_address:1194
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
AUTH: Received AUTH_FAILED control message
TCP/UDP: Closing socket
SIGTERM[soft,auth-failure] received, process exiting
many thanks for any help.