If you are an enterprise user with a valid maintenance open a ticket with the Endian support on https://help.endian.com

Hello,

I have the following problem:

Up to now 3 users have been created on the UTM25 Mini and were able to establish a VPN connection from their Windows 7/10 computers at any time.

Suddenly, a user could no longer log in with the note in the client log:

AUTH: Received control message: AUTH_FAILED

Mon Nov 12 20:15:44 2018 us=725000 TCP/UDP: Closing socket

Mon Nov 12 20:15:44 2018 us=725000 SIGUSR1[soft,auth-failure] received, process restarting

Mon Nov 12 20:15:44 2018 us=725000 MANAGEMENT: >STATE:1542050144,RECONNECTING,auth-failure,,,,,

Mon Nov 12 20:15:44 2018 us=725000 Restart pause, 5 second(s)

Mon Nov 12 20:15:51 2018 us=729936 MANAGEMENT: Client disconnected

Mon Nov 12 20:15:51 2018 us=729936 ERROR: could not read Auth username/password/ok/string from management interface

Mon Nov 12 20:15:51 2018 us=729936 Exiting due to fatal error

The server has the following message:

Nov 12 20:15:44    local     peer info: IV_GUI_VER=OpenVPN_GUI_11
Nov 12 20:15:44    local     WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 1
Nov 12 20:15:44    local     TLS Auth Error: Auth Username/Password verification failed for peer

Even several newly created users could not log in with exactly the same messages.

On the client side, Openvpn + GUI is used


I turned the internet on the left but the few tips I found were so far without result.


Maybe someone of you has an idea.


Thanks in advance.

Olaf

I'd like to install mc and apcupsd on my endian 3.2.5
do you know if is it possible in some way? can i Install make, gcc, etc.?
or create binary in some distro and then move to endian ?

Ok. small update.
Today I tried without the "f" option, but only with 'd'. It worked.
(Only with "debug" mode and not "forced" mode)

I tried two times and found that it downloads the file only if it has changed from the previous download, so the second trial was correctly unsuccesful. (No changes in the remote list).

I don't know when anacron daily triggers the download command, but I guess it will be after 24h from the previous command. So I will check again tomorrow at this time or so.

Hello, thank you!
I just tried what you told me and with the option -fd it seems to work....

The list has been updated and obviously the log is ok...

Don't know why it didn't worked without the -fd option...

I will check tomorrow if the list now will update daily or not.

Strange that RDP work but not the ping and share access.
Do you have the VPN Firewall enabled under "Firewall > VPN Firewall" ?? In case is off, please check the Windows Firewall on the PCs usually Windows Firewall reply to the ping and allow share access only from PC in the same subnets

Hello!

did you tried to run getblackholedns with debug and force option?

/usr/local/bin/getblackholedns -fd

After launch it, try to check /var/log/endian/jobsengine

Hello,
I noticed that on my EFW 3.2.5 the anti spyware list don't update any more.

I set the update on daily basis (from Proxy-DNS-AntiSpyware) and found the task  "blackholedns" in /etc/anacron.daily
(If I change to weekly basis, the task moves correctly to /etc/anacron.monthly)

But even If I run manually the "blackholedns" task, which in reality is a link to /usr/local/bin/getblackholedns, nothing seems to happen and anit-spyware list is always stuck at September 2018.
(I see it from the main page of the web UI, or even from the date of the file  /var/signature/dnsmasq/phishtank.csv which seems to be the file that needs to be updated regularly)

My knowledge stops when looking at the "usr/local/bin/getblackholedns" which use a so-called "internal engine" and send a command "restart getblackholedns" but I can't see if it works or not.

Do somebody have some hints for me? What could I have to check furtherly?

Hi, I have two office branches where I installed a pc on each site with efw community and updated them through ssh.. After installation I proceeded to configure an ipsec vpn. Both ends are connected and I was able to connect through Windows Remote Desktop to a computer on the other end without issues.
The problem I am having is that I'm getting "Request timed out" when pinging from site to site. Also, I'm unable to access shared folders.
Thank you for your help.

Only the DHCP it will not work if you want it per each sub-zones