Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 7:20 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Fri Sep 03, 2010 1:33 pm 
Offline

Joined: Fri Sep 03, 2010 1:16 pm
Posts: 2
Hi,

We have a issue whereby after an hour of being connected to the VPN, it disconnects with the following errors.

__________________________________

Fri Sep 3 11:48:27 2010 us=540 twilliams/xxx.xxx.xxx.xxx:41113 TLS: soft reset sec=0 bytes=5783662/0 pkts=7614/0
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: twilliams
AUTH-PAM: BACKGROUND: my_conv[0] query='Yubikey for `twilliams': ' style=1
AUTH-PAM: BACKGROUND: user 'twilliams' failed to authenticate: Authentication failure
Fri Sep 3 11:48:27 2010 us=592473 twilliams/xxx.xxx.xxx.xxx:41113 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Fri Sep 3 11:48:27 2010 us=592493 twilliams/xxx.xxx.xxx.xxx:41113 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-pam.so
Fri Sep 3 11:48:27 2010 us=592569 twilliams/xxx.xxx.xxx.xxx:41113 TLS Auth Error: Auth Username/Password verification failed for peer

__________________________________

server config

plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn

port 1194
proto udp
dev tun

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

duplicate-cn
username-as-common-name
ns-cert-type server
client-cert-not-required

server 10.5.128.0 255.255.255.0

push redirect-gateway
push "dhcp-option DOMAIN domain.co.uk"
push "dhcp-option DNS xxx.xxx.xxx.xxx"

keepalive 10 120
ping 10
ping restart 60

persist-key
persist-tun

log /var/log/openvpn.log
status /var/log/openvpn-status.log
verb 4

__________________________________

/etc/pam.d/openvpn

auth required /usr/local/lib/security/pam_yubico.so id=1 authfile=/etc/yubikey_mapping url=http://10.68.130.198/wsapi/verify?id=%d&otp=%s
auth required pam_radius_auth.so try_first_pass

#@include common-auth
#@include common-account
@include common-password
@include common-session

__________________________________

client config

remote xxx.xxx.xxx.xxx 1194
client
proto udp
dev tun

persist-key
persist-tun

ping restart 60
ping-timer-rem
#resolv-retry 86400
ping 10

ca groupnbt-ca.crt
auth-user-pass
pull

__________________________________

Any help would be gratefully appreciated.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Sep 22, 2010 11:21 am 
Offline

Joined: Fri Sep 03, 2010 1:16 pm
Posts: 2
This issue was resolved by adding the following line to the openvpn server and client config files.

reneg-sec 0


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group