Yubico Forum :: View topic - Help on integration Yubico

Wed Sep 7 16:45:17 2011 us=525294 MULTI: multi_create_instance called
Wed Sep 7 16:45:17 2011 us=525381 192.168.1.13:33660 Re-using SSL/TLS context
Wed Sep 7 16:45:17 2011 us=525457 192.168.1.13:33660 LZO compression initialized
Wed Sep 7 16:45:17 2011 us=525514 192.168.1.13:33660 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 7 16:45:17 2011 us=525524 192.168.1.13:33660 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Sep 7 16:45:17 2011 us=525549 192.168.1.13:33660 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Sep 7 16:45:17 2011 us=525556 192.168.1.13:33660 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Sep 7 16:45:17 2011 us=525568 192.168.1.13:33660 Local Options hash (VER=V4): '530fdded'
Wed Sep 7 16:45:17 2011 us=525579 192.168.1.13:33660 Expected Remote Options hash (VER=V4): '41690919'
Wed Sep 7 16:45:17 2011 us=525601 192.168.1.13:33660 UDPv4 READ [14] from 192.168.1.13:33660: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Sep 7 16:45:17 2011 us=525612 192.168.1.13:33660 TLS: Initial packet from 192.168.1.13:33660, sid=fc4c103b 050db54c
Wed Sep 7 16:45:17 2011 us=525631 192.168.1.13:33660 UDPv4 WRITE [26] to 192.168.1.13:33660: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Wed Sep 7 16:45:17 2011 us=525995 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 0 ]
Wed Sep 7 16:45:17 2011 us=526031 192.168.1.13:33660 UDPv4 READ [114] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Wed Sep 7 16:45:17 2011 us=526058 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 1 ]
Wed Sep 7 16:45:17 2011 us=526093 192.168.1.13:33660 UDPv4 READ [27] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=13
Wed Sep 7 16:45:17 2011 us=528709 192.168.1.13:33660 UDPv4 WRITE [126] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ 2 ] pid=1 DATA len=100
Wed Sep 7 16:45:17 2011 us=528741 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Wed Sep 7 16:45:17 2011 us=528769 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Wed Sep 7 16:45:17 2011 us=528797 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Wed Sep 7 16:45:17 2011 us=529208 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 1 ]
Wed Sep 7 16:45:17 2011 us=529257 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Wed Sep 7 16:45:17 2011 us=529287 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 2 ]
Wed Sep 7 16:45:17 2011 us=529307 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Wed Sep 7 16:45:17 2011 us=529333 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 3 ]
Wed Sep 7 16:45:17 2011 us=529353 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Wed Sep 7 16:45:17 2011 us=529379 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 4 ]
Wed Sep 7 16:45:17 2011 us=529399 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Wed Sep 7 16:45:17 2011 us=529735 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 5 ]
Wed Sep 7 16:45:17 2011 us=529766 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Wed Sep 7 16:45:17 2011 us=529803 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 6 ]
Wed Sep 7 16:45:17 2011 us=529823 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Wed Sep 7 16:45:17 2011 us=529849 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 7 ]
Wed Sep 7 16:45:17 2011 us=529877 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Wed Sep 7 16:45:17 2011 us=529904 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 8 ]
Wed Sep 7 16:45:17 2011 us=529923 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Wed Sep 7 16:45:17 2011 us=530302 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 9 ]
Wed Sep 7 16:45:17 2011 us=530341 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Wed Sep 7 16:45:17 2011 us=530370 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 10 ]
Wed Sep 7 16:45:17 2011 us=530389 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Wed Sep 7 16:45:17 2011 us=530416 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 11 ]
Wed Sep 7 16:45:17 2011 us=530466 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Wed Sep 7 16:45:17 2011 us=530494 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 12 ]
Wed Sep 7 16:45:17 2011 us=530513 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Wed Sep 7 16:45:17 2011 us=530733 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 13 ]
Wed Sep 7 16:45:17 2011 us=530791 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Wed Sep 7 16:45:17 2011 us=530828 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 14 ]
Wed Sep 7 16:45:17 2011 us=530853 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Wed Sep 7 16:45:17 2011 us=530888 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 15 ]
Wed Sep 7 16:45:17 2011 us=530913 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Wed Sep 7 16:45:17 2011 us=530946 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 16 ]
Wed Sep 7 16:45:17 2011 us=530965 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Wed Sep 7 16:45:17 2011 us=531299 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 17 ]
Wed Sep 7 16:45:17 2011 us=531378 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Wed Sep 7 16:45:17 2011 us=531405 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 18 ]
Wed Sep 7 16:45:17 2011 us=531424 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100
Wed Sep 7 16:45:17 2011 us=531478 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 19 ]
Wed Sep 7 16:45:17 2011 us=531497 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=100
Wed Sep 7 16:45:17 2011 us=531557 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 20 ]
Wed Sep 7 16:45:17 2011 us=531578 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100
Wed Sep 7 16:45:17 2011 us=532311 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 21 ]
Wed Sep 7 16:45:17 2011 us=532333 192.168.1.13:33660 UDPv4 WRITE [91] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=25 DATA len=77
Wed Sep 7 16:45:17 2011 us=532360 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 22 ]
Wed Sep 7 16:45:17 2011 us=532380 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 23 ]
Wed Sep 7 16:45:17 2011 us=532398 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 24 ]
Wed Sep 7 16:45:17 2011 us=536955 192.168.1.13:33660 UDPv4 READ [126] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ 25 ] pid=3 DATA len=100
Wed Sep 7 16:45:17 2011 us=536997 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 3 ]
Wed Sep 7 16:45:17 2011 us=537035 192.168.1.13:33660 UDPv4 READ [112] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=98
Wed Sep 7 16:45:17 2011 us=539624 192.168.1.13:33660 UDPv4 WRITE [85] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ 4 ] pid=26 DATA len=59
Wed Sep 7 16:45:17 2011 us=540276 192.168.1.13:33660 UDPv4 READ [126] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ 26 ] pid=5 DATA len=100
Wed Sep 7 16:45:17 2011 us=540318 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 5 ]
Wed Sep 7 16:45:17 2011 us=540355 192.168.1.13:33660 UDPv4 READ [114] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Wed Sep 7 16:45:17 2011 us=540377 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 6 ]
Wed Sep 7 16:45:17 2011 us=540412 192.168.1.13:33660 UDPv4 READ [114] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Wed Sep 7 16:45:17 2011 us=540428 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 7 ]
Wed Sep 7 16:45:17 2011 us=540452 192.168.1.13:33660 UDPv4 READ [92] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=78
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: gboi
AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1
AUTH-PAM: BACKGROUND: user 'gboi' failed to authenticate: Module is unknown
Wed Sep 7 16:45:19 2011 us=468594 192.168.1.13:33660 PLUGIN_CALL: POST /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Wed Sep 7 16:45:19 2011 us=468615 192.168.1.13:33660 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so
Wed Sep 7 16:45:19 2011 us=468641 192.168.1.13:33660 TLS Auth Error: Auth Username/Password verification failed for peer
Wed Sep 7 16:45:19 2011 us=468762 192.168.1.13:33660 UDPv4 WRITE [126] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ 8 ] pid=27 DATA len=100
Wed Sep 7 16:45:19 2011 us=468801 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=28 DATA len=100
Wed Sep 7 16:45:19 2011 us=468825 192.168.1.13:33660 UDPv4 WRITE [80] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=29 DATA len=66
Wed Sep 7 16:45:19 2011 us=469245 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 27 ]
Wed Sep 7 16:45:19 2011 us=469274 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 28 ]
Wed Sep 7 16:45:19 2011 us=469462 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 29 ]
Wed Sep 7 16:45:19 2011 us=469478 192.168.1.13:33660 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Wed Sep 7 16:45:19 2011 us=469497 192.168.1.13:33660 [] Peer Connection Initiated with 192.168.1.13:33660
Wed Sep 7 16:45:21 2011 us=649895 192.168.1.13:33660 UDPv4 READ [104] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=90
Wed Sep 7 16:45:21 2011 us=649969 192.168.1.13:33660 PUSH: Received control message: 'PUSH_REQUEST'
Wed Sep 7 16:45:21 2011 us=649986 192.168.1.13:33660 Delayed exit in 5 seconds
Wed Sep 7 16:45:21 2011 us=650015 192.168.1.13:33660 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Wed Sep 7 16:45:21 2011 us=650029 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 9 ]
Wed Sep 7 16:45:21 2011 us=650067 192.168.1.13:33660 UDPv4 WRITE [104] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=30 DATA len=90
Wed Sep 7 16:45:23 2011 us=721918 192.168.1.13:33660 UDPv4 WRITE [104] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=30 DATA len=90
Wed Sep 7 16:45:23 2011 us=722260 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Sep 7 16:45:26 2011 us=795152 192.168.1.13:33660 SIGTERM[soft,delayed-exit] received, client-instance exiting

Author:	Rougemarteau [ Wed Sep 07, 2011 3:54 pm ]
Post subject:	Help on integration Yubico_pam + openvpn
Hi, I'm trying to get working Yubico PAM module to provide two-factor legacy Username + password + YubiKey OTP authentication for OpenVPN I followed the instructions of this page : http://code.google.com/p/yubico-pam/wik ... nVPNviaPAM Openvpn server is a CentOS 5 64bits Openvpn client is a Fedora FC15. Another OpenVPN client is using Windows 7 64bits. When I try to use the VPN client (on both clients windows & linux), it failed while trying to authenticate. Here is the output of openvpn.log Code: Wed Sep 7 16:45:17 2011 us=525294 MULTI: multi_create_instance called Wed Sep 7 16:45:17 2011 us=525381 192.168.1.13:33660 Re-using SSL/TLS context Wed Sep 7 16:45:17 2011 us=525457 192.168.1.13:33660 LZO compression initialized Wed Sep 7 16:45:17 2011 us=525514 192.168.1.13:33660 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Sep 7 16:45:17 2011 us=525524 192.168.1.13:33660 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Wed Sep 7 16:45:17 2011 us=525549 192.168.1.13:33660 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Wed Sep 7 16:45:17 2011 us=525556 192.168.1.13:33660 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Wed Sep 7 16:45:17 2011 us=525568 192.168.1.13:33660 Local Options hash (VER=V4): '530fdded' Wed Sep 7 16:45:17 2011 us=525579 192.168.1.13:33660 Expected Remote Options hash (VER=V4): '41690919' Wed Sep 7 16:45:17 2011 us=525601 192.168.1.13:33660 UDPv4 READ [14] from 192.168.1.13:33660: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0 Wed Sep 7 16:45:17 2011 us=525612 192.168.1.13:33660 TLS: Initial packet from 192.168.1.13:33660, sid=fc4c103b 050db54c Wed Sep 7 16:45:17 2011 us=525631 192.168.1.13:33660 UDPv4 WRITE [26] to 192.168.1.13:33660: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0 Wed Sep 7 16:45:17 2011 us=525995 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 0 ] Wed Sep 7 16:45:17 2011 us=526031 192.168.1.13:33660 UDPv4 READ [114] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100 Wed Sep 7 16:45:17 2011 us=526058 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 1 ] Wed Sep 7 16:45:17 2011 us=526093 192.168.1.13:33660 UDPv4 READ [27] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=13 Wed Sep 7 16:45:17 2011 us=528709 192.168.1.13:33660 UDPv4 WRITE [126] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ 2 ] pid=1 DATA len=100 Wed Sep 7 16:45:17 2011 us=528741 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100 Wed Sep 7 16:45:17 2011 us=528769 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100 Wed Sep 7 16:45:17 2011 us=528797 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100 Wed Sep 7 16:45:17 2011 us=529208 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 1 ] Wed Sep 7 16:45:17 2011 us=529257 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100 Wed Sep 7 16:45:17 2011 us=529287 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 2 ] Wed Sep 7 16:45:17 2011 us=529307 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100 Wed Sep 7 16:45:17 2011 us=529333 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 3 ] Wed Sep 7 16:45:17 2011 us=529353 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100 Wed Sep 7 16:45:17 2011 us=529379 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 4 ] Wed Sep 7 16:45:17 2011 us=529399 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100 Wed Sep 7 16:45:17 2011 us=529735 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 5 ] Wed Sep 7 16:45:17 2011 us=529766 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100 Wed Sep 7 16:45:17 2011 us=529803 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 6 ] Wed Sep 7 16:45:17 2011 us=529823 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100 Wed Sep 7 16:45:17 2011 us=529849 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 7 ] Wed Sep 7 16:45:17 2011 us=529877 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100 Wed Sep 7 16:45:17 2011 us=529904 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 8 ] Wed Sep 7 16:45:17 2011 us=529923 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100 Wed Sep 7 16:45:17 2011 us=530302 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 9 ] Wed Sep 7 16:45:17 2011 us=530341 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100 Wed Sep 7 16:45:17 2011 us=530370 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 10 ] Wed Sep 7 16:45:17 2011 us=530389 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100 Wed Sep 7 16:45:17 2011 us=530416 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 11 ] Wed Sep 7 16:45:17 2011 us=530466 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100 Wed Sep 7 16:45:17 2011 us=530494 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 12 ] Wed Sep 7 16:45:17 2011 us=530513 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100 Wed Sep 7 16:45:17 2011 us=530733 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 13 ] Wed Sep 7 16:45:17 2011 us=530791 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100 Wed Sep 7 16:45:17 2011 us=530828 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 14 ] Wed Sep 7 16:45:17 2011 us=530853 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100 Wed Sep 7 16:45:17 2011 us=530888 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 15 ] Wed Sep 7 16:45:17 2011 us=530913 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100 Wed Sep 7 16:45:17 2011 us=530946 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 16 ] Wed Sep 7 16:45:17 2011 us=530965 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100 Wed Sep 7 16:45:17 2011 us=531299 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 17 ] Wed Sep 7 16:45:17 2011 us=531378 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100 Wed Sep 7 16:45:17 2011 us=531405 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 18 ] Wed Sep 7 16:45:17 2011 us=531424 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100 Wed Sep 7 16:45:17 2011 us=531478 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 19 ] Wed Sep 7 16:45:17 2011 us=531497 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=100 Wed Sep 7 16:45:17 2011 us=531557 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 20 ] Wed Sep 7 16:45:17 2011 us=531578 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100 Wed Sep 7 16:45:17 2011 us=532311 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 21 ] Wed Sep 7 16:45:17 2011 us=532333 192.168.1.13:33660 UDPv4 WRITE [91] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=25 DATA len=77 Wed Sep 7 16:45:17 2011 us=532360 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 22 ] Wed Sep 7 16:45:17 2011 us=532380 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 23 ] Wed Sep 7 16:45:17 2011 us=532398 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 24 ] Wed Sep 7 16:45:17 2011 us=536955 192.168.1.13:33660 UDPv4 READ [126] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ 25 ] pid=3 DATA len=100 Wed Sep 7 16:45:17 2011 us=536997 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 3 ] Wed Sep 7 16:45:17 2011 us=537035 192.168.1.13:33660 UDPv4 READ [112] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=98 Wed Sep 7 16:45:17 2011 us=539624 192.168.1.13:33660 UDPv4 WRITE [85] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ 4 ] pid=26 DATA len=59 Wed Sep 7 16:45:17 2011 us=540276 192.168.1.13:33660 UDPv4 READ [126] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ 26 ] pid=5 DATA len=100 Wed Sep 7 16:45:17 2011 us=540318 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 5 ] Wed Sep 7 16:45:17 2011 us=540355 192.168.1.13:33660 UDPv4 READ [114] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100 Wed Sep 7 16:45:17 2011 us=540377 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 6 ] Wed Sep 7 16:45:17 2011 us=540412 192.168.1.13:33660 UDPv4 READ [114] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100 Wed Sep 7 16:45:17 2011 us=540428 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 7 ] Wed Sep 7 16:45:17 2011 us=540452 192.168.1.13:33660 UDPv4 READ [92] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=78 AUTH-PAM: BACKGROUND: received command code: 0 AUTH-PAM: BACKGROUND: USER: gboi AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1 AUTH-PAM: BACKGROUND: user 'gboi' failed to authenticate: Module is unknown Wed Sep 7 16:45:19 2011 us=468594 192.168.1.13:33660 PLUGIN_CALL: POST /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 Wed Sep 7 16:45:19 2011 us=468615 192.168.1.13:33660 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so Wed Sep 7 16:45:19 2011 us=468641 192.168.1.13:33660 TLS Auth Error: Auth Username/Password verification failed for peer Wed Sep 7 16:45:19 2011 us=468762 192.168.1.13:33660 UDPv4 WRITE [126] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ 8 ] pid=27 DATA len=100 Wed Sep 7 16:45:19 2011 us=468801 192.168.1.13:33660 UDPv4 WRITE [114] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=28 DATA len=100 Wed Sep 7 16:45:19 2011 us=468825 192.168.1.13:33660 UDPv4 WRITE [80] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=29 DATA len=66 Wed Sep 7 16:45:19 2011 us=469245 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 27 ] Wed Sep 7 16:45:19 2011 us=469274 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 28 ] Wed Sep 7 16:45:19 2011 us=469462 192.168.1.13:33660 UDPv4 READ [22] from 192.168.1.13:33660: P_ACK_V1 kid=0 [ 29 ] Wed Sep 7 16:45:19 2011 us=469478 192.168.1.13:33660 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA Wed Sep 7 16:45:19 2011 us=469497 192.168.1.13:33660 [] Peer Connection Initiated with 192.168.1.13:33660 Wed Sep 7 16:45:21 2011 us=649895 192.168.1.13:33660 UDPv4 READ [104] from 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=90 Wed Sep 7 16:45:21 2011 us=649969 192.168.1.13:33660 PUSH: Received control message: 'PUSH_REQUEST' Wed Sep 7 16:45:21 2011 us=649986 192.168.1.13:33660 Delayed exit in 5 seconds Wed Sep 7 16:45:21 2011 us=650015 192.168.1.13:33660 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1) Wed Sep 7 16:45:21 2011 us=650029 192.168.1.13:33660 UDPv4 WRITE [22] to 192.168.1.13:33660: P_ACK_V1 kid=0 [ 9 ] Wed Sep 7 16:45:21 2011 us=650067 192.168.1.13:33660 UDPv4 WRITE [104] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=30 DATA len=90 Wed Sep 7 16:45:23 2011 us=721918 192.168.1.13:33660 UDPv4 WRITE [104] to 192.168.1.13:33660: P_CONTROL_V1 kid=0 [ ] pid=30 DATA len=90 Wed Sep 7 16:45:23 2011 us=722260 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Wed Sep 7 16:45:26 2011 us=795152 192.168.1.13:33660 SIGTERM[soft,delayed-exit] received, client-instance exiting And here is the content of /etc/pam.d/openvpn : Code: auth required pam_yubico.so id=16 debug authfile=/etc/etc/yubikey_passwd auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session include system-auth And here is the content of /etc/openvpn/openvpn.conf Code: port 1194 proto udp dev tun0 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/sv-inf-int-vpn-01.crt key /etc/openvpn/keys/sv-inf-int-vpn-01.key dh /etc/openvpn/keys/dh1024.pem server 10.8.42.0 255.255.255.0 ifconfig-pool-persist ipp.txt client-to-client keepalive 10 120 comp-lzo max-clients 100 user root group root # of the privilege downgrade. persist-key persist-tun status /var/log/openvpn-status.log log-append /var/log/openvpn.log verb 6 # Ne requiert pas de certificat pour les clients client-cert-not-required # Seuls les users locaux du serveur peuvent se connecter au vpn (login) # plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so login # Enable PAM modules openvpn (yubikey) plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so openvpn push "redirect-gateway def1" push "dhcp-option DNS 192.168.1.1" Could you please tell me how to get it work ? Regards,

Author:	Fredrik-at-Yubico [ Wed Dec 07, 2011 2:55 pm ]
Post subject:	Re: Help on integration Yubico_pam + openvpn
Enable debug logging of the PAM module as per the ReadMe : touch /var/run/pam-debug.log chmod go+w /var/run/pam-debug.log tail -f /var/run/pam-debug.log and also, it seems your /etc/pam.d/openvpn file contains an extra /etc in the filename of the authfile parameter auth required pam_yubico.so id=16 debug authfile=/etc/etc/yubikey_passwd /Fredrik

Author:	mako [ Fri Mar 08, 2013 5:27 pm ]
Post subject:	Re: Help on integration Yubico_pam + openvpn
According to man pam_nologin directive account required pam_nologin.so will allow only root user. It is good to note, because lot of user want to make connection for common users, and they are confused. For me, better solution is to replace (/etc/pam.d/openvpn) line above with account required pam_succeed_if.so uid = 1000 quiet and define UID exactly my Ubuntu config, redhat has system-auth auth required pam_yubico.so mode=client try_first_pass id=16 debug authfile=/etc/yubikey_mappings auth include common-auth #account required pam_nologin.so account required pam_succeed_if.so uid = 1000 quiet account include common-auth password include common-auth session include common-auth

Yubico Forum https://forum.yubico.com/

Help on integration Yubico_pam + openvpn https://forum.yubico.com/viewtopic.php?f=3&t=706	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/