Upgrade to 21.02 -> Client Cert on LDAP server no Longer Accepted
-
I have two authentication servers configured. Both use the same CA which was generated by Samba4. Both are using SSL/TLS Encrypted transport.
One server has nothing defined for the "client certificate" and the other has a certificate which was imported from Samba.
Pre-upgrade, both configurations worked. Post-upgrade, the configuration with the Samba generated cert can no longer authenticate.
When connecting via OpenVPN, the now non-working configuration logs the following:
2021-02-19 09:04:43 AUTH: Received control message: AUTH_FAILED
2021-02-19 09:04:44 SIGUSR1[soft,auth-failure] received, process restarting
2021-02-19 09:04:53 ERROR: could not read Auth username/password/ok/string from management interface
2021-02-19 09:04:53 Exiting due to fatal errorHas anyone seen anything similar?
-
Hi,
same issue here after updating pfsense to 2.5.0-RELEASE from before 2.4.5-RELEASE-p1 but with Authentication Servers --> Local Database.
Found out, when you try the same connection and put in user admin credentials, it works perfectly.
So maybe the certificates could not be the issue?Thanks
-
Hello,
anyone has an idea so far with that issue, workaround etc.?
I updated to 2.5.1 AND now it works and a connection is established and traffic is been delivered, but ONLY ONCE after openvpn service start.
When I then disconnect and reconnect, again I get a connection, but the communication / traffic (ping etc.) is not working. Only in the first connection traffic works. When I restart the openvpn service then, its again working once...Anyone could help, guide?
Thanks in advance.
Cheers
-
@airwave said in Upgrade to 21.02 -> Client Cert on LDAP server no Longer Accepted:
I updated to 2.5.1 AND now it works and a connection is established and traffic is been delivered, but ONLY ONCE after openvpn service start.
When I then disconnect and reconnect, again I get a connection, but the communication / traffic (ping etc.) is not working. Only in the first connection traffic works. When I restart the openvpn service then, its again working once...Hi all,
I tested a bit deeper and found out, that the attribute "explicit-exit-notify" in the openvpn client configuration seems to remove my issue with "no communication on reconnect".
So then I guess this problem is fixed with 2.5.1 and explicit-exit-notify.
Cheers