Solved: OpenVPN reconnect AUTH_FAILED



  • I have a problem with OpenVPN client to reconnect after link is down.
    The log shows:

    
    Mar 18 00:09:29 pfsense openvpn[61368]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 18 00:09:29 pfsense openvpn[61368]: TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:1198
    Mar 18 00:09:29 pfsense openvpn[61368]: UDPv4 link local (bound): [AF_INET]192.168.55.116:0
    Mar 18 00:09:29 pfsense openvpn[61368]: UDPv4 link remote: [AF_INET]X.X.X.X:1198
    Mar 18 00:09:29 pfsense openvpn[61368]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
    Mar 18 00:09:29 pfsense openvpn[61368]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
    Mar 18 00:09:29 pfsense openvpn[61368]: [b68c683a513c67dd1f209ce6ea079710] Peer Connection Initiated with [AF_INET]X.X.X.X:1198
    Mar 18 00:09:35 pfsense openvpn[61368]: AUTH: Received control message: AUTH_FAILED
    Mar 18 00:09:35 pfsense openvpn[61368]: SIGUSR1[soft,auth-failure] received, process restarting
    
    

    And continues indefinitely.

    But the moment I click "reconnect" button in GUI connection restores:

    
    Mar 18 00:09:40 pfsense openvpn[61368]: /usr/local/sbin/ovpn-linkdown ovpnc1 0 0 10.9.10.6 10.9.10.5 init
    Mar 18 00:09:40 pfsense openvpn[61368]: SIGTERM[hard,init_instance] received, process exiting
    Mar 18 00:09:41 pfsense openvpn[89959]: WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
    Mar 18 00:09:41 pfsense openvpn[89959]: OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 16 2017
    Mar 18 00:09:41 pfsense openvpn[89959]: library versions: OpenSSL 1.0.2m-freebsd  2 Nov 2017, LZO 2.10
    Mar 18 00:09:41 pfsense openvpn[90120]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 18 00:09:46 pfsense openvpn[90120]: TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:1198
    Mar 18 00:09:46 pfsense openvpn[90120]: UDPv4 link local (bound): [AF_INET]192.168.55.116:0
    Mar 18 00:09:46 pfsense openvpn[90120]: UDPv4 link remote: [AF_INET]X.X.X.X:1198
    Mar 18 00:09:46 pfsense openvpn[90120]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mar 18 00:09:46 pfsense openvpn[90120]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
    Mar 18 00:09:46 pfsense openvpn[90120]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
    Mar 18 00:09:46 pfsense openvpn[90120]: [e7af2ff71a364e941848f77d499f13c0] Peer Connection Initiated with [AF_INET]X.X.X.X:1198
    Mar 18 00:09:47 pfsense openvpn[90120]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Mar 18 00:09:47 pfsense openvpn[90120]: TUN/TAP device /dev/tun1 opened
    Mar 18 00:09:47 pfsense openvpn[90120]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mar 18 00:09:47 pfsense openvpn[90120]: /sbin/ifconfig ovpnc1 10.45.10.6 10.45.10.5 mtu 1500 netmask 255.255.255.255 up
    Mar 18 00:09:47 pfsense openvpn[90120]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.45.10.6 10.45.10.5 init
    Mar 18 00:09:47 pfsense openvpn[90120]: Initialization Sequence Completed
    
    

    What I can do to make it reconnect automatically?
    Thank you.



  • Nobody has the same problem?



  • what service are you connecting too?

    have you opened the opvn configuration file and matched it with your configuration?





  • correct i use the same command.  also if you follow the opvn file you can get rid of these messages as well:
    Mar 18 00:09:29 pfsense openvpn[61368]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
    Mar 18 00:09:29 pfsense openvpn[61368]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'



  • @bcruze:

    correct i use the same command.  also if you follow the opvn file you can get rid of these messages as well:
    Mar 18 00:09:29 pfsense openvpn[61368]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
    Mar 18 00:09:29 pfsense openvpn[61368]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'

    "Get rid of" log entries or actually solving it?
    To remove warnings from log file I can use:

    disable-occ
    


  • try adding:

    resolv-retry infinite
    persist-key
    persist-tun
    cipher aes-128-cbc
    auth sha128
    tls-client
    remote-cert-tls server
    reneg-sec 0

    i had to take several out as it would not allow the connection to start.  so play with it and see what works best for yours.    this is the strong encryption for PIA

    client
    dev tun
    proto udp
    remote us-newyorkcity.privateinternetaccess.com 1197
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    cipher aes-256-cbc
    auth sha256
    tls-client
    remote-cert-tls server
    auth-user-pass
    comp-lzo
    verb 1
    reneg-sec 0
    crl-verify crl.rsa.4096.pem
    ca ca.rsa.4096.crt
    disable-occ



  • Yes, it's all standard except for the "disable-occ".
    But my problem was with missing

    pull-filter ignore "auth-token"
    

Log in to reply