[求助]openvpn 使用user/pass 验证不成功(紧急)_OpenStack, 云计算等杂项讨论区_Weblogic技术|Tuxedo技术|中间件技术|Oracle论坛|JAVA论坛|Linux/Unix技术|hadoop论坛

总帖数

每页帖数

1/1页

返回列表

发起投票

查看: 4423 | 回复: 1

主题： [求助]openvpn 使用user/pass 验证不成功(紧急)

本主题由 Administrator 于 2014-11-6 22:13:53 移动

liru

注册用户

等级：下士
经验：192
发帖：35
精华：0
注册：2012-3-16
状态：离线
发送短消息息给liru

加好友发送短消息息给liru

发消息

发表于：

2014-11-6 10:12:54 | [全部帖] [楼主帖]

楼主

错误日志:

root@Clent1 openvpn]# cat /var/log/openvpn.log
Thu Jun 3 00:00:13 2010 OpenVPN 2.1.1 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 26 2010
Thu Jun 3 00:00:13 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jun 3 00:00:13 2010 PLUGIN_INIT: POST /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so] [login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Thu Jun 3 00:00:13 2010 Diffie-Hellman initialized with 1024 bit key
Thu Jun 3 00:00:13 2010 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Thu Jun 3 00:00:13 2010 TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 3 00:00:13 2010 ROUTE default_gateway=160.10.252.126
Thu Jun 3 00:00:13 2010 TUN/TAP device tun0 opened
Thu Jun 3 00:00:13 2010 TUN/TAP TX queue length set to 100
Thu Jun 3 00:00:13 2010 /sbin/ip link set dev tun0 up mtu 1500
Thu Jun 3 00:00:13 2010 /sbin/ip addr add dev tun0 local 172.16.0.1 peer 172.16.0.2
Thu Jun 3 00:00:13 2010 /sbin/ip route add 172.16.0.0/24 via 172.16.0.2
Thu Jun 3 00:00:13 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 3 00:00:14 2010 GID set to nobody
Thu Jun 3 00:00:14 2010 UID set to nobody
Thu Jun 3 00:00:14 2010 Listening for incoming TCP connection on [undef]:1194
Thu Jun 3 00:00:14 2010 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Jun 3 00:00:14 2010 TCPv4_SERVER link local (bound): [undef]:1194
Thu Jun 3 00:00:14 2010 TCPv4_SERVER link remote: [undef]
Thu Jun 3 00:00:14 2010 MULTI: multi_init called, r=256 v=256
Thu Jun 3 00:00:14 2010 IFCONFIG POOL: base=172.16.0.4 size=62
Thu Jun 3 00:00:14 2010 IFCONFIG POOL LIST
Thu Jun 3 00:00:14 2010 MULTI: TCP INIT maxclients=1024 maxevents=1028
Thu Jun 3 00:00:14 2010 Initialization Sequence Completed
Thu Jun 3 00:00:38 2010 MULTI: multi_create_instance called
Thu Jun 3 00:00:38 2010 Re-using SSL/TLS context
Thu Jun 3 00:00:38 2010 LZO compression initialized
Thu Jun 3 00:00:38 2010 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 3 00:00:38 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 3 00:00:38 2010 Local Options hash (VER=V4): 'c0103fa8'
Thu Jun 3 00:00:38 2010 Expected Remote Options hash (VER=V4): '69109d17'
Thu Jun 3 00:00:38 2010 TCP connection established with 160.10.252.124:1200
Thu Jun 3 00:00:38 2010 Socket Buffers: R=[131072->131072] S=[131072->131072]
Thu Jun 3 00:00:38 2010 TCPv4_SERVER link local: [undef]
Thu Jun 3 00:00:38 2010 TCPv4_SERVER link remote: 160.10.252.124:1200
Thu Jun 3 00:00:38 2010 160.10.252.124:1200 TLS: Initial packet from 160.10.252.124:1200, sid=8f14618c b6a2c896
AUTH-PAM: BACKGROUND: user 'client1' failed to authenticate: System error
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 PLUGIN_CALL: POST /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 TLS Auth Error: Auth Username/Password verification failed for peer
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Thu Jun 3 00:00:40 2010 160.10.252.124:1200 [] Peer Connection Initiated with 160.10.252.124:1200
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 Delayed exit in 5 seconds
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 Connection reset, restarting [0]
Thu Jun 3 00:00:42 2010 160.10.252.124:1200 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Jun 3 00:00:42 2010 TCP/UDP: Closing socket
[root@Clent1 openvpn]#

server配置:

[root@Clent1 openvpn]# cat server.conf
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 172.16.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
user nobody
group nobody
status openvpn-status.log
log /var/log/openvpn.log
log-append openvpn.log
push "redirect-gateway def1"
push "dhcp-option DNS 202.106.0.20"
push "dhcp-option DNS 202.96.199.133"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so login
client-cert-not-required
username-as-common-name
[root@Clent1 openvpn]#

client配置:

client
dev tun
proto tcp
remote 160.10.252.61 1194
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
ns-cert-type server
comp-lzo
verb 3

--转自