[转帖]请教OpenVPN，username-password验证失败_OpenStack, 云计算等杂项讨论区_Weblogic技术|Tuxedo技术|中间件技术|Oracle论坛|JAVA论坛|Linux/Unix技术|hadoop论坛

总帖数

每页帖数

1/1页

返回列表

发起投票

查看: 5841 | 回复: 1

主题： [转帖]请教OpenVPN，username-password验证失败

本主题由 Administrator 于 2014-11-5 16:24:45 移动

学海无涯

注册用户

等级：新兵
经验：66
发帖：16
精华：0
注册：2012-2-26
状态：离线
发送短消息息给学海无涯

加好友发送短消息息给学海无涯

发消息

发表于：

2014-11-5 14:39:10 | [全部帖] [楼主帖]

楼主

客户端连接的时候提示输入用户名密码后，验证不成功又跳出输入用户名密码的对话框，请大虾帮忙，谢谢。下面是服务器的输入信息：

Sat Dec 12 17:11:32 2009 MULTI: multi_create_instance called
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Re-using SSL/TLS context
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Control Channel MTU parms [ L:1541 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Local Options hash (VER=V4): 'a2e2498c'
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 Expected Remote Options hash (VER=V4): '70f5b3af'
Sat Dec 12 17:11:32 2009 202.201.12.218:1654 TLS: Initial packet from 202.201.12.218:1654, sid=a7c122f9 ab578883
AUTH-PAM: BACKGROUND: user 'tom' failed to authenticate: Module is unknown
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 PLUGIN_CALL: POST /etc/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /etc/openvpn/openvpn-auth-pam.so
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 TLS Auth Error: Auth Username/Password verification failed for peer
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Sat Dec 12 17:11:33 2009 202.201.12.218:1654 [] Peer Connection Initiated with 202.201.12.218:1654
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 PUSH: Received control message: 'PUSH_REQUEST'
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 Delayed exit in 5 seconds
Sat Dec 12 17:11:34 2009 202.201.12.218:1654 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Sat Dec 12 17:11:36 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec 12 17:11:38 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Sat Dec 12 17:11:39 2009 202.201.12.218:1654 SIGTERM[soft,delayed-exit] received, client-instance exiting

另外：我的OpenVPN用生成的key文件可以正常连接服务器，而且testsaslauth -u tom -p foo -s openvpn能验证成功，返回：0: OK "Success."。

我认为是关键地方是这句：AUTH-PAM: BACKGROUND: user 'tom' failed to authenticate: Module is unknown，但不知道怎样解决，openvpn-auth-pam.so的权限也是755.请大虾帮忙，非常感谢！

server.conf内容如下：

local 202.201.12.238
port 1194
proto udp
dev tun
ca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/examples/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem
tls-auth /etc/openvpn/examples/easy-rsa/2.0/keys/ta.key 0
server 10.1.0.0 255.255.255.0
client-to-client
#duplicate-cn
keepalive 10 120
plugin /etc/openvpn/openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
#comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /etc/openvpn/easy-rsa/keys/openvpn-status.log
verb 3
push "dhcp-option DNS 10.1.0.1"
push "dhcp-option DNS 202.201.0.131"
push "dhcp-option DNS 202.201.0.132"

客户端的log：

Sat Dec 12 17:11:23 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Dec 12 17:11:30 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Dec 12 17:11:31 2009 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Dec 12 17:11:31 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Control Channel MTU parms [ L:1541 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Dec 12 17:11:31 2009 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sat Dec 12 17:11:31 2009 Local Options hash (VER=V4): '70f5b3af'
Sat Dec 12 17:11:31 2009 Expected Remote Options hash (VER=V4): 'a2e2498c'
Sat Dec 12 17:11:31 2009 UDPv4 link local: [undef]
Sat Dec 12 17:11:31 2009 UDPv4 link remote: 202.201.12.238:1194
Sat Dec 12 17:11:31 2009 TLS: Initial packet from 202.201.12.238:1194, sid=a173f547 5de99457
Sat Dec 12 17:11:31 2009 VERIFY OK: depth=1, /C=CN/ST=Lanzhou/L=Lanzhou/O=LZU/OU=LZU/CN=server/emailAddress=defeattroy@gmail.com
Sat Dec 12 17:11:31 2009 VERIFY OK: nsCertType=SERVER
Sat Dec 12 17:11:31 2009 VERIFY OK: depth=0, /C=CN/ST=Lanzhou/L=Lanzhou/O=LZU/OU=LZU/CN=server/emailAddress=defeattroy@gmail.com
Sat Dec 12 17:11:31 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 12 17:11:31 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Dec 12 17:11:31 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 12 17:11:31 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Dec 12 17:11:31 2009 [server] Peer Connection Initiated with 202.201.12.238:1194
Sat Dec 12 17:11:32 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Dec 12 17:11:32 2009 AUTH: Received AUTH_FAILED control message
Sat Dec 12 17:11:32 2009 TCP/UDP: Closing socket
Sat Dec 12 17:11:32 2009 SIGTERM[soft,auth-failure] received, process exiting
Sat Dec 12 17:11:33 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006

--转自