Yubico Forum :: View topic - Yubikey + OpenVPN + PAM

Yubico Forum https://forum.yubico.com/

Yubikey + OpenVPN + PAM - Issues https://forum.yubico.com/viewtopic.php?f=4&t=565	Page 1 of 1

Author:	Timbo [ Fri Sep 03, 2010 1:33 pm ]
Post subject:	Yubikey + OpenVPN + PAM - Issues
Hi, We have a issue whereby after an hour of being connected to the VPN, it disconnects with the following errors. __________________________________ Fri Sep 3 11:48:27 2010 us=540 twilliams/xxx.xxx.xxx.xxx:41113 TLS: soft reset sec=0 bytes=5783662/0 pkts=7614/0 AUTH-PAM: BACKGROUND: received command code: 0 AUTH-PAM: BACKGROUND: USER: twilliams AUTH-PAM: BACKGROUND: my_conv[0] query='Yubikey for `twilliams': ' style=1 AUTH-PAM: BACKGROUND: user 'twilliams' failed to authenticate: Authentication failure Fri Sep 3 11:48:27 2010 us=592473 twilliams/xxx.xxx.xxx.xxx:41113 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 Fri Sep 3 11:48:27 2010 us=592493 twilliams/xxx.xxx.xxx.xxx:41113 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-pam.so Fri Sep 3 11:48:27 2010 us=592569 twilliams/xxx.xxx.xxx.xxx:41113 TLS Auth Error: Auth Username/Password verification failed for peer __________________________________ server config plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key # This file should be kept secret dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem duplicate-cn username-as-common-name ns-cert-type server client-cert-not-required server 10.5.128.0 255.255.255.0 push redirect-gateway push "dhcp-option DOMAIN domain.co.uk" push "dhcp-option DNS xxx.xxx.xxx.xxx" keepalive 10 120 ping 10 ping restart 60 persist-key persist-tun log /var/log/openvpn.log status /var/log/openvpn-status.log verb 4 __________________________________ /etc/pam.d/openvpn auth required /usr/local/lib/security/pam_yubico.so id=1 authfile=/etc/yubikey_mapping url=http://10.68.130.198/wsapi/verify?id=%d&otp=%s auth required pam_radius_auth.so try_first_pass #@include common-auth #@include common-account @include common-password @include common-session __________________________________ client config remote xxx.xxx.xxx.xxx 1194 client proto udp dev tun persist-key persist-tun ping restart 60 ping-timer-rem #resolv-retry 86400 ping 10 ca groupnbt-ca.crt auth-user-pass pull __________________________________ Any help would be gratefully appreciated.

Author:	Timbo [ Wed Sep 22, 2010 11:21 am ]
Post subject:	Re: Yubikey + OpenVPN + PAM - Issues
This issue was resolved by adding the following line to the openvpn server and client config files. reneg-sec 0

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/