Yubico Forum ...visit our web-store at 2010-09-22T11:21:21+01:00 https://forum.yubico.com/feed.php?f=4&t=565 2010-09-22T11:21:21+01:00 2010-09-22T11:21:21+01:00 https://forum.yubico.com/viewtopic.php?t=565&p=2360#p2360 <![CDATA[Re: Yubikey + OpenVPN + PAM - Issues]]>
reneg-sec 0

Statistics: Posted by Timbo — Wed Sep 22, 2010 11:21 am

]]> 2010-09-03T13:33:48+01:00 2010-09-03T13:33:48+01:00 https://forum.yubico.com/viewtopic.php?t=565&p=2329#p2329 <![CDATA[Yubikey + OpenVPN + PAM - Issues]]>
We have a issue whereby after an hour of being connected to the VPN, it disconnects with the following errors.

__________________________________

Fri Sep 3 11:48:27 2010 us=540 twilliams/xxx.xxx.xxx.xxx:41113 TLS: soft reset sec=0 bytes=5783662/0 pkts=7614/0
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: twilliams
AUTH-PAM: BACKGROUND: my_conv[0] query='Yubikey for `twilliams': ' style=1
AUTH-PAM: BACKGROUND: user 'twilliams' failed to authenticate: Authentication failure
Fri Sep 3 11:48:27 2010 us=592473 twilliams/xxx.xxx.xxx.xxx:41113 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Fri Sep 3 11:48:27 2010 us=592493 twilliams/xxx.xxx.xxx.xxx:41113 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-pam.so
Fri Sep 3 11:48:27 2010 us=592569 twilliams/xxx.xxx.xxx.xxx:41113 TLS Auth Error: Auth Username/Password verification failed for peer

__________________________________

server config

plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn

port 1194
proto udp
dev tun

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

duplicate-cn
username-as-common-name
ns-cert-type server
client-cert-not-required

server 10.5.128.0 255.255.255.0

push redirect-gateway
push "dhcp-option DOMAIN domain.co.uk"
push "dhcp-option DNS xxx.xxx.xxx.xxx"

keepalive 10 120
ping 10
ping restart 60

persist-key
persist-tun

log /var/log/openvpn.log
status /var/log/openvpn-status.log
verb 4

__________________________________

/etc/pam.d/openvpn

auth required /usr/local/lib/security/pam_yubico.so id=1 authfile=/etc/yubikey_mapping url=http://10.68.130.198/wsapi/verify?id=%d&otp=%s
auth required pam_radius_auth.so try_first_pass

#@include common-auth
#@include common-account
@include common-password
@include common-session

__________________________________

client config

remote xxx.xxx.xxx.xxx 1194
client
proto udp
dev tun

persist-key
persist-tun

ping restart 60
ping-timer-rem
#resolv-retry 86400
ping 10

ca groupnbt-ca.crt
auth-user-pass
pull

__________________________________

Any help would be gratefully appreciated.

Statistics: Posted by Timbo — Fri Sep 03, 2010 1:33 pm

]]>