troubleshooting Question


Avatar of RichardPWolf
RichardPWolfFlag for United States of America asked on
23 Comments1 Solution1898 ViewsLast Modified:
Trying to setup an OpenVPN server that will authenticate users against active directory.
I currently have it running using client/server certificates and all is good. When I add the approprate settings for user authentication I can't connect.
I'm using IPFIRE 3.2.48-ipfire-pae. Not sure what flavor linux it's built around. Website is

Server.conf ->
#OpenVPN Server conf

daemon openvpnserver
writepid /var/run/
#DAN prepare OpenVPN for listening on blue and orange
dev tun
proto udp
port 1194
script-security 3 system
ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600
client-config-dir /var/ipfire/ovpn/ccd
ca /var/ipfire/ovpn/ca/cacert.pem
cert /var/ipfire/ovpn/certs/servercert.pem
key /var/ipfire/ovpn/certs/serverkey.pem
dh /var/ipfire/ovpn/ca/dh1024.pem
tun-mtu 1500
push "route"
push "route"
push "route"
push "route"
push "route"
push "route"
push "route"
push "route"
mtu-disc maybe
keepalive 10 60
status-version 1
status /var/log/ovpnserver.log 30
cipher AES-256-CBC
push "redirect-gateway def1"
push "dhcp-option DOMAIN hoodview.fcu"
push "dhcp-option DNS"
max-clients 100
tls-verify /var/ipfire/ovpn/verify
crl-verify /var/ipfire/ovpn/crls/cacrl.pem
plugin /usr/lib/openvpn/ login
user nobody
group nobody
verb 5

Client conf.->
#OpenVPN Client conf
dev tun
proto udp
tun-mtu 1500
remote 1194
pkcs12 TPClient1.p12
cipher AES-256-CBC
verb 3
ns-cert-type server
route-method exe
route-delay 2
#mtu-disc maybe

Other information from the Web Gui setup->
Base DN; CN=Users,DC=hoodview,DC=fcu
LDAP type: Active Directory
Port: 389
LDAP Server: (IP of Active directory server)
Bind DN username: CN=ipldap,DC=hoodview,DC=fcu
Bind DN password: (correct password)

Log from server->
13:21:08      openvpnserver[24720]:       MULTI: multi_create_instance called
13:21:08      openvpnserver[24720]: Re-using SSL/TLS context
13:21:08      openvpnserver[24720]: LZO compression initialized
13:21:08      openvpnserver[24720]: Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL: 0 ]
13:21:08      openvpnserver[24720]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL: 0 AF:3/1 ]
13:21:08      openvpnserver[24720]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2 ,tls-server'
13:21:08      openvpnserver[24720]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 15 58,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,ke y-method 2,tls-client'
13:21:08      openvpnserver[24720]: Local Options hash (VER=V4): 'a8f55717'
13:21:08      openvpnserver[24720]: Expected Remote Options hash (VER=V4): '22188c5b'
13:21:08      openvpnserver[24720]: TLS: Initial packet from, sid=9663f7bf e 051062c
13:21:15      openvpnserver[24720]: VERIFY SCRIPT OK: depth=1, /C=US/O=Texas_Partners_FCU/CN=Tex as_Partners_FCU_CA
13:21:15      openvpnserver[24720]: CRL CHECK OK: /C=US/O=Texas_Partners_FCU/CN=Texas_Partners_F CU_CA
13:21:15      openvpnserver[24720]: VERIFY OK: depth=1, /C=US/O=Texas_Partners_FCU/CN=Texas_Part ners_FCU_CA
13:21:16      openvpnserver[24720]: VERIFY SCRIPT OK: depth=0, /C=US/ST=Texas/O=Texas_Partners_F CU/OU=IT-Dept/CN=TPClient1
13:21:16      openvpnserver[24720]: CRL CHECK OK: /C=US/ST=Texas/O=Texas_Partners_FCU/OU=IT-Dept /CN=TPClient1
13:21:16      openvpnserver[24720]: VERIFY OK: depth=0, /C=US/ST=Texas/O=Texas_Partners_FCU/OU=I T-Dept/CN=TPClient1
13:21:16      openvpnserver[24720]: PLUGIN_CALL: POST /usr/lib/openvpn/ N_AUTH_USER_PASS_VERIFY status=1
13:21:16      openvpnserver[24720]: PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY fa iled with status 1: /usr/lib/openvpn/
13:21:16      openvpnserver[24720]: TLS Auth Error: Auth Username/Password verification failed f or peer
13:21:16      openvpnserver[24720]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SH A, 1024 bit RSA
13:21:16      openvpnserver[24720]: [TPClient1] Peer Connection Initiated with 52
13:21:18      openvpnserver[24720]: PUSH: Received control message: 'PUSH_REQUEST'
13:21:18      openvpnserver[24720]: Delayed exit in 5 seconds
13:21:18      openvpnserver[24720]: SENT CONTROL [TPClient1]:       'AUTH_FAILED' (status=1)
13:21:23      openvpnserver[24720]: SIGTERM[soft,delayed-exit] received, client-instance exiting

I'm really at my wits end on this.

Thanks in advance.
Irwin W.
There are a 1000 ways to skin the technology cat.

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 23 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 23 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros