Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN give auth_fail after rebooting pfsense server

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 329 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      KingSteve032
      last edited by

      Afternoon,

      So I've recently just setup opnevpn through the wizard and configured it as a tap server that authenticates people via LDAP. Worked perfectly until I rebooted pfsense. Once I did that I get AUTH_FAILED error when trying to connect to the openvpn server. So I verified that pfsense was able to talk to the LDAP server with the Diag Authentication option and it worked fine. Also did a remove and readd of the server but that didnt work. After that I reinstalled pfsense and set up openvpn again and it work just fine until I rebooted again. Same thing.

      These logs here are from when it worked fine.
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 TLS: Initial packet from [AF_INET]98.186.210.15:9299, sid=c5cfc3ad 265b7739
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_VER=2.5.2
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_PLAT=win
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_PROTO=6
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_NCP=2
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_LZ4=1
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_LZ4v2=1
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_LZO=1
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_COMP_STUB=1
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_COMP_STUBv2=1
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_TCPNL=1
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 peer info: IV_GUI_VER=OpenVPN_GUI_11
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 TLS: Username/Password authentication deferred for username 'TestUser'
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 [] Peer Connection Initiated with [AF_INET]98.186.210.15:9299
      Nov 3 20:01:57 openvpn 32735 user 'TestUser' authenticated
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 MULTI_sva: pool returned IPv4=10.0.0.100, IPv6=(Not enabled)
      Nov 3 20:01:57 openvpn 33127 openvpn server 'ovpns1' user 'TestUser' address '98.186.210.15' - connected
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_6be32b985720d9237462f60173ca8e75.tmp
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 Data Channel: using negotiated cipher 'AES-256-GCM'
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
      Nov 3 20:01:57 openvpn 74802 98.186.210.15:9299 SENT CONTROL [UNDEF]: 'PUSH_REPLY,route-gateway 10.0.0.7,route 10.1.0.0 255.255.255.0,route 10.2.0.0 255.255.255.0,route 10.3.0.0 255.255.255.0,dhcp-option DOMAIN internal.w4car.org,dhcp-option DNS 10.2.0.2,dhcp-option DNS 8.8.8.8,route-gateway 10.0.0.7,ping 10,ping-restart 60,ifconfig 10.0.0.100 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
      Nov 3 20:01:58 openvpn 74802 98.186.210.15:9299 MULTI: Learn: 00:ff:53:0a:d0:77@0 -> 98.186.210.15:9299
      Nov 3 20:01:58 openvpn 74802 MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock
      Nov 3 20:01:59 openvpn 74802 MANAGEMENT: CMD 'status 2'
      Nov 3 20:01:59 openvpn 74802 MANAGEMENT: CMD 'quit'
      Nov 3 20:01:59 openvpn 74802 MANAGEMENT: Client disconnected

      This was from after the reboot
      Nov 3 20:14:10 openvpn 55549 TLS Error: tls-crypt unwrapping failed from [AF_INET]128.82.14.253:44436
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 TLS: Initial packet from [AF_INET]20.119.39.11:52265, sid=260e0736 e861836a
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_VER=2.5.2
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_PLAT=win
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_PROTO=6
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_NCP=2
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_LZ4=1
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_LZ4v2=1
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_LZO=1
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_COMP_STUB=1
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_COMP_STUBv2=1
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_TCPNL=1
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 peer info: IV_GUI_VER=OpenVPN_GUI_11
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 TLS: Username/Password authentication deferred for username 'TestUser'
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
      Nov 3 20:14:33 openvpn 55549 20.119.39.11:52265 [] Peer Connection Initiated with [AF_INET]20.119.39.11:52265
      Nov 3 20:14:33 openvpn 56191 user 'TestUser' authenticated
      Nov 3 20:14:35 openvpn 55549 20.119.39.11:52265 PUSH: Received control message: 'PUSH_REQUEST'
      Nov 3 20:14:35 openvpn 55549 20.119.39.11:52265 Delayed exit in 5 seconds
      Nov 3 20:14:35 openvpn 55549 20.119.39.11:52265 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
      Nov 3 20:14:40 openvpn 55549 20.119.39.11:52265 SIGTERM[soft,delayed-exit] received, client-instance exiting

      Does anyone know why it would do this?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.