Ошибка аутентификации OVPN.

[Andrei]

Здравствуйте. OVPN. Настроен RADIUS через Active Directory.

Тестирую подключение из под Windows. Под моей учеткой подключение происходит удачно, под другой учеткой удачно, под третьей ошибка.

Использую только корневой сертификат.

Код: Выделить всё

client
dev tun
proto tcp
remote vpn.mettem-m.ru 1194
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
remote-cert-tls server
verb 3
route 172.16.0.0 255.255.255.0
route 172.19.0.0 255.255.255.0
route 172.20.5.0 255.255.255.0
<ca>
-----BEGIN CERTIFICATE-----
MIIDbzCCAlegAwIBAgIIYD38g8Ef1HIwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UE
AwwPVlBOLU1FVFRFTS1NLUNBMB4XDTIwMDQwNjE2NDEzNloXDTIxMDQwNjE2NDEz
NlowGjEYMBYGA1UEAwwPVlBOLU1FVFRFTS1NLUNBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsvO5i85rugsYlRiRrI8OU9glM8ClHsDKhQARGwkV78+m
Lhyo3WMGjKOdChG7mUVNGHMfHlAsyAHJayIIo706O1vgjIvjOdtWCA8F8bZAX0v6
xgjhE23pZ8Yy3OMu1f3m2YMLH/5WxPRSgSxniFu/3qtVoXYyiy5p0VUpc+Z0XViH
Hh2797613UhHy3QUXtW/6CphY27Z7Hj2b4S9i9+W+rKLI+ZDLZFGUWDj/7EbJpUs
x9y/EfMnEQiufvEkyBKXCpk/gNyM9lTangEpHb2P4L3nKExgWdF1VgtLfja8Ohhs
0ngfl0J4xwTKKaV7eSXS8zKApR+xp2/x0DD/+EoJ+QIDAQABo4G4MIG1MA8GA1Ud
EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgG2MB0GA1UdDgQWBBS9g3r64Y4u3EkO
XnNJlQWLjcyNQzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vdnBuLm1ldHRlbS1t
LnJ1L2NybC82LmNybDAaBgNVHREEEzARgg92cG4ubWV0dGVtLW0ucnUwJAYJYIZI
AYb4QgENBBcWFUdlbmVyYXRlZCBieSBSb3V0ZXJPUzANBgkqhkiG9w0BAQsFAAOC
AQEABITuqcedrUMOQufFjWQbhsyNQ0riZFnGcT/uY2XyhOzHS7Qnxd1UH2Jeta90
P04DMo65FEfYmi3hlmT+KZOoS3w+DwU+jRsrLs+tAi8vQgzpA9vr6chmvQoBKJIC
Lx6LmVaUJcOXOhU1e0w1f6SgjzipD1oFF4JPG7VvTiy6JpslWavss1OWZLsD6iSg
VSrMOnTXw3Mj5Xy0TYtguzcHY5M4VJiv1wtjFtedRjlRTmxujD1DZXZKawaeZ3gT
2TIXpbWAKPBNvCzRL/ebqsH1MKOfBS2Rejcf7CPbP8vMQPXO52cp/NmjvEfpVGi8
0wAY6guUr/VTPmF4w5yv++MSPQ==
-----END CERTIFICATE-----
</ca>

Лог OVPN:

Код: Выделить всё

Mon Jun 01 13:03:48 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Mon Jun 01 13:03:48 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Jun 01 13:03:48 2020 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Enter Management Password:
Mon Jun 01 13:03:48 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Mon Jun 01 13:03:48 2020 Need hold release from management interface, waiting...
Mon Jun 01 13:03:48 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Mon Jun 01 13:03:48 2020 MANAGEMENT: CMD 'state on'
Mon Jun 01 13:03:48 2020 MANAGEMENT: CMD 'log all on'
Mon Jun 01 13:03:48 2020 MANAGEMENT: CMD 'echo all on'
Mon Jun 01 13:03:48 2020 MANAGEMENT: CMD 'bytecount 5'
Mon Jun 01 13:03:48 2020 MANAGEMENT: CMD 'hold off'
Mon Jun 01 13:03:48 2020 MANAGEMENT: CMD 'hold release'
Mon Jun 01 13:03:53 2020 MANAGEMENT: CMD 'username "Auth" "nm.pugacheva@mettem-m.ru"'
Mon Jun 01 13:03:53 2020 MANAGEMENT: CMD 'password [...]'
Mon Jun 01 13:03:53 2020 MANAGEMENT: >STATE:1591005833,RESOLVE,,,,,,
Mon Jun 01 13:03:53 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]83.69.195.116:1194
Mon Jun 01 13:03:53 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Jun 01 13:03:53 2020 Attempting to establish TCP connection with [AF_INET]83.69.195.116:1194 [nonblock]
Mon Jun 01 13:03:53 2020 MANAGEMENT: >STATE:1591005833,TCP_CONNECT,,,,,,
Mon Jun 01 13:03:54 2020 TCP connection established with [AF_INET]83.69.195.116:1194
Mon Jun 01 13:03:54 2020 TCP_CLIENT link local: (not bound)
Mon Jun 01 13:03:54 2020 TCP_CLIENT link remote: [AF_INET]83.69.195.116:1194
Mon Jun 01 13:03:54 2020 MANAGEMENT: >STATE:1591005834,WAIT,,,,,,
Mon Jun 01 13:03:54 2020 MANAGEMENT: >STATE:1591005834,AUTH,,,,,,
Mon Jun 01 13:03:54 2020 TLS: Initial packet from [AF_INET]83.69.195.116:1194, sid=27cac534 acecfeb3
Mon Jun 01 13:03:54 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jun 01 13:03:54 2020 VERIFY OK: depth=1, CN=VPN-METTEM-M-CA
Mon Jun 01 13:03:54 2020 VERIFY KU OK
Mon Jun 01 13:03:54 2020 Validating certificate extended key usage
Mon Jun 01 13:03:54 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Jun 01 13:03:54 2020 VERIFY EKU OK
Mon Jun 01 13:03:54 2020 VERIFY OK: depth=0, CN=vpn.mettem-m.ru
Mon Jun 01 13:03:55 2020 Connection reset, restarting [0]
Mon Jun 01 13:03:55 2020 SIGUSR1[soft,connection-reset] received, process restarting
Mon Jun 01 13:03:55 2020 MANAGEMENT: >STATE:1591005835,RECONNECTING,connection-reset,,,,,
Mon Jun 01 13:03:55 2020 Restart pause, 5 second(s)
Mon Jun 01 13:03:58 2020 SIGTERM[hard,init_instance] received, process exiting
Mon Jun 01 13:03:58 2020 MANAGEMENT: >STATE:1591005838,EXITING,init_instance,,,,,

Проблемной учетке менял пароль, сложный, успеха не дает.

В чем же может быть проблема ?

[andrey.vasilenko]

Привет,
Аналогичная проблема и я пока нашел, что в моем случае проблема в openssl-1.1.1 и новой версии openvpn 2.4.9.
Много версий назад встречалась такая проблема https://forum.mikrotik.com/viewtopic.ph ... 87#p347824