After upgrade openvpn doesn't accept authentication
-
I'm running the following version:
2.0-BETA4 (i386) built on Mon Nov 15 16:00:39 EST 2010After an upgrade, my openvpn clients can no longer connect to the openvpn server and the following error is shown in the openvpn log.
openvpn: Username does not match certificate common name (UID != ServCertName), access denied.I can eventually get it to work if I disable and then re-enable the openvpn server. This doesn't only affect the latest snapshot as I've had this problem for a while now. Anyone else aware of this?
-
Do you have the box by "Strict User/CN Matching" checked in your OpenVPN configuration? If so, did you want it checked? Note that if you are using that option, you need users and certificates that were created to match up properly for it.
-
No, I do not have that option checked.
-
There could be a bug in the way it is setting that in the configuration or the way it is checking the value of the setting when doing authentication. Someone will need to review the code responsible for it.
-
Thanks, just lemme know if there is anything else I can do to help.
-
It should be fixed by this commit: https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/53d41b688552cddc4941031635e31f528468f4c1
It won't be in the next build that shows up, but should be in the one after that.
-
I just upgraded my pfSense FW to the following build: "Sat Nov 27 03:13:22 EST 2010". After the reboot I can't get my openvpn clients to authenticate. I keep getting an error as if the password is incorrect:
TLS Auth Error: Auth Username/Password verification failed for peerHowever, this is the same user/pass/certs that I was using before the upgrade.
-
You either have to fix manually or upgrade after the fix mentioned http://redmine.pfsense.org/issues/1037 is in snapshots.
-
@ermal:
You either have to fix manually or upgrade after the fix mentioned http://redmine.pfsense.org/issues/1037 is in snapshots.
Ahh, thank you for pointing that out.