Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    After upgrade openvpn doesn't accept authentication

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    9 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      phospher
      last edited by

      I'm running the following version:

      2.0-BETA4 (i386)
      built on Mon Nov 15 16:00:39 EST 2010 
      

      After an upgrade, my openvpn clients can no longer connect to the openvpn server and the following error is shown in the openvpn log.

      openvpn: Username does not match certificate common name (UID != ServCertName), access denied.
      

      I can eventually get it to work if I disable and then re-enable the openvpn server. This doesn't only affect the latest snapshot as I've had this problem for a while now.  Anyone else aware of this?

      1 Reply Last reply Reply Quote 0
      • E
        Efonnes
        last edited by

        Do you have the box by "Strict User/CN Matching" checked in your OpenVPN configuration?  If so, did you want it checked?  Note that if you are using that option, you need users and certificates that were created to match up properly for it.

        1 Reply Last reply Reply Quote 0
        • P
          phospher
          last edited by

          No, I do not have that option checked.

          1 Reply Last reply Reply Quote 0
          • E
            Efonnes
            last edited by

            There could be a bug in the way it is setting that in the configuration or the way it is checking the value of the setting when doing authentication.  Someone will need to review the code responsible for it.

            1 Reply Last reply Reply Quote 0
            • P
              phospher
              last edited by

              Thanks, just lemme know if there is anything else I can do to help.

              1 Reply Last reply Reply Quote 0
              • E
                Efonnes
                last edited by

                It should be fixed by this commit: https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/53d41b688552cddc4941031635e31f528468f4c1

                It won't be in the next build that shows up, but should be in the one after that.

                1 Reply Last reply Reply Quote 0
                • P
                  phospher
                  last edited by

                  I just upgraded my pfSense FW to the following build: "Sat Nov 27 03:13:22 EST 2010". After the reboot I can't get my openvpn clients to authenticate. I keep getting an error as if the password is incorrect:

                   TLS Auth Error: Auth Username/Password verification failed for peer
                  

                  However, this is the same user/pass/certs that I was using before the upgrade.

                  1 Reply Last reply Reply Quote 0
                  • E
                    eri--
                    last edited by

                    You either have to fix manually or upgrade after the fix mentioned http://redmine.pfsense.org/issues/1037 is in snapshots.

                    1 Reply Last reply Reply Quote 0
                    • P
                      phospher
                      last edited by

                      @ermal:

                      You either have to fix manually or upgrade after the fix mentioned http://redmine.pfsense.org/issues/1037 is in snapshots.

                      Ahh, thank you for pointing that out.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.