Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgrade to 21.02 -> Client Cert on LDAP server no Longer Accepted

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 735 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mjsengineer
      last edited by

      I have two authentication servers configured. Both use the same CA which was generated by Samba4. Both are using SSL/TLS Encrypted transport.

      One server has nothing defined for the "client certificate" and the other has a certificate which was imported from Samba.

      Pre-upgrade, both configurations worked. Post-upgrade, the configuration with the Samba generated cert can no longer authenticate.

      When connecting via OpenVPN, the now non-working configuration logs the following:

      2021-02-19 09:04:43 AUTH: Received control message: AUTH_FAILED
      2021-02-19 09:04:44 SIGUSR1[soft,auth-failure] received, process restarting
      2021-02-19 09:04:53 ERROR: could not read Auth username/password/ok/string from management interface
      2021-02-19 09:04:53 Exiting due to fatal error

      Has anyone seen anything similar?

      1 Reply Last reply Reply Quote 0
      • A
        Airwave
        last edited by Airwave

        Hi,

        same issue here after updating pfsense to 2.5.0-RELEASE from before 2.4.5-RELEASE-p1 but with Authentication Servers --> Local Database.
        Found out, when you try the same connection and put in user admin credentials, it works perfectly.
        So maybe the certificates could not be the issue?

        Thanks

        A 1 Reply Last reply Reply Quote 0
        • A
          Airwave @Airwave
          last edited by Airwave

          Hello,

          anyone has an idea so far with that issue, workaround etc.?

          I updated to 2.5.1 AND now it works and a connection is established and traffic is been delivered, but ONLY ONCE after openvpn service start.
          When I then disconnect and reconnect, again I get a connection, but the communication / traffic (ping etc.) is not working. Only in the first connection traffic works. When I restart the openvpn service then, its again working once...

          Anyone could help, guide?

          Thanks in advance.

          Cheers

          A 1 Reply Last reply Reply Quote 0
          • A
            Airwave @Airwave
            last edited by Airwave

            @airwave said in Upgrade to 21.02 -> Client Cert on LDAP server no Longer Accepted:

            I updated to 2.5.1 AND now it works and a connection is established and traffic is been delivered, but ONLY ONCE after openvpn service start.
            When I then disconnect and reconnect, again I get a connection, but the communication / traffic (ping etc.) is not working. Only in the first connection traffic works. When I restart the openvpn service then, its again working once...

            Hi all,

            I tested a bit deeper and found out, that the attribute "explicit-exit-notify" in the openvpn client configuration seems to remove my issue with "no communication on reconnect".

            So then I guess this problem is fixed with 2.5.1 and explicit-exit-notify.

            Cheers

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.