i'm trying to connect a hAP ac^3 to an OpenVPN. I can see the client authenticated at the server but the automatically get disconnected showing this at the log:
Code: Select all
ovpn-IMDPruebas: initializing...
ovpn-IMDPruebas: connecting...
ovpn-IMDPruebas: disconnected <unsupported auth digest>
ovpn-IMDPruebas: terminating... - unsupported auth digest
The Ovpn server config is:
Code: Select all
local 192.168.1.250
port 1194
proto tcp
dev tun
ca "C:\\Program Files\\OpenVPN\\config-auto\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config-auto\\servidor.crt"
key "C:\\Program Files\\OpenVPN\\config-auto\\servidor.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config-auto\\dh.pem"
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
script-security 3
auth-user-pass-verify 'C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -ExecutionPolicy Bypass -File "C:\\Program Files\\OpenVPN\\config-auto\\adauth.ps1"' via-file
username-as-common-name
push "dhcp-option DNS 192.168.1.250"
keepalive 10 120
cipher AES-256-GCM
data-ciphers AES-256-GCM
auth SHA256
persist-key
persist-tun
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 6
mute 20
explicit-exit-notify 1
Code: Select all
0 X name="ovpn-IMDPruebas" mac-address=02:1F:8E:9F:DA:CD max-mtu=1500
connect-to=192.168.0.3 port=1194 mode=ip protocol=tcp
user="XXXXXX" password="XXXXXX" profile=default-encryption
certificate=imdoficina verify-server-certificate=yes tls-version=any
auth=sha256 cipher=aes256-gcm use-peer-dns=yes add-default-route=no
route-nopull=yes
Code: Select all
OpenVPN CLIENT LIST
Updated,2023-03-24 13:32:09
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
imdoficina,192.168.1.1:32835,2969,2614,2023-03-24 13:31:58
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.3,imdoficina,192.168.1.1:32835,2023-03-24 13:31:59
GLOBAL STATS
Max bcast/mcast queue length,2
END
Code: Select all
2023-03-24 14:09:15 us=812000 MULTI: multi_create_instance called
2023-03-24 14:09:15 us=812000 Re-using SSL/TLS context
2023-03-24 14:09:15 us=812000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-03-24 14:09:15 us=812000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-03-24 14:09:15 us=812000 TCP connection established with [AF_INET]192.168.1.1:39930
2023-03-24 14:09:15 us=812000 TCPv4_SERVER link local: (not bound)
2023-03-24 14:09:15 us=812000 TCPv4_SERVER link remote: [AF_INET]192.168.1.1:39930
2023-03-24 14:09:15 us=812000 192.168.1.1:39930 TCPv4_SERVER READ [14] from [AF_INET]192.168.1.1:39930: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
2023-03-24 14:09:15 us=812000 192.168.1.1:39930 TLS: Initial packet from [AF_INET]192.168.1.1:39930, sid=7a36cabe 4d0ec405
2023-03-24 14:09:15 us=812000 192.168.1.1:39930 TCPv4_SERVER WRITE [26] to [AF_INET]192.168.1.1:39930: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
2023-03-24 14:09:15 us=828000 192.168.1.1:39930 TCPv4_SERVER READ [22] from [AF_INET]192.168.1.1:39930: P_ACK_V1 kid=0 [ 0 ] DATA len=0
2023-03-24 14:09:15 us=843000 192.168.1.1:39930 TCPv4_SERVER READ [150] from [AF_INET]192.168.1.1:39930: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=136
2023-03-24 14:09:15 us=843000 192.168.1.1:39930 TCPv4_SERVER WRITE [1222] to [AF_INET]192.168.1.1:39930: P_CONTROL_V1 kid=0 [ 1 0 ] pid=1 DATA len=1192
2023-03-24 14:09:15 us=843000 192.168.1.1:39930 TCPv4_SERVER WRITE [982] to [AF_INET]192.168.1.1:39930: P_CONTROL_V1 kid=0 [ 1 0 ] pid=2 DATA len=952
2023-03-24 14:09:15 us=843000 192.168.1.1:39930 TCPv4_SERVER READ [22] from [AF_INET]192.168.1.1:39930: P_ACK_V1 kid=0 [ 1 ] DATA len=0
2023-03-24 14:09:15 us=875000 192.168.1.1:39930 NOTE: --mute triggered...
2023-03-24 14:09:16 us=109000 192.168.1.1:39930 4 variation(s) on previous 20 message(s) suppressed by --mute
2023-03-24 14:09:16 us=109000 192.168.1.1:39930 VERIFY OK: depth=1, CN=CA
2023-03-24 14:09:16 us=109000 192.168.1.1:39930 VERIFY OK: depth=0, CN=imdoficina
2023-03-24 14:09:16 us=109000 192.168.1.1:39930 TCPv4_SERVER WRITE [89] to [AF_INET]192.168.1.1:39930: P_CONTROL_V1 kid=0 [ 3 2 1 0 ] pid=3 DATA len=51
2023-03-24 14:09:16 us=109000 192.168.1.1:39930 TCPv4_SERVER READ [22] from [AF_INET]192.168.1.1:39930: P_ACK_V1 kid=0 [ 3 ] DATA len=0
2023-03-24 14:09:16 us=140000 192.168.1.1:39930 TCPv4_SERVER READ [319] from [AF_INET]192.168.1.1:39930: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=305
2023-03-24 14:09:16 us=140000 192.168.1.1:39930 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2023-03-24 14:09:17 us=312000 192.168.1.1:39930 TLS: Username/Password authentication succeeded for username 'imdoficina'
2023-03-24 14:09:17 us=312000 192.168.1.1:39930 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-03-24 14:09:17 us=312000 192.168.1.1:39930 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-03-24 14:09:17 us=312000 192.168.1.1:39930 TCPv4_SERVER WRITE [280] to [AF_INET]192.168.1.1:39930: P_CONTROL_V1 kid=0 [ 4 3 2 1 ] pid=4 DATA len=242
2023-03-24 14:09:17 us=312000 192.168.1.1:39930 TCPv4_SERVER READ [319] from [AF_INET]192.168.1.1:39930: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=305
2023-03-24 14:09:17 us=312000 192.168.1.1:39930 TCPv4_SERVER WRITE [38] to [AF_INET]192.168.1.1:39930: P_ACK_V1 kid=0 [ 4 3 2 1 0 ] DATA len=0
2023-03-24 14:09:17 us=312000 192.168.1.1:39930 TCPv4_SERVER READ [22] from [AF_INET]192.168.1.1:39930: P_ACK_V1 kid=0 [ 4 ] DATA len=0
2023-03-24 14:09:17 us=312000 192.168.1.1:39930 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-03-24 14:09:17 us=312000 192.168.1.1:39930 [imdoficina] Peer Connection Initiated with [AF_INET]192.168.1.1:39930
2023-03-24 14:09:17 us=312000 imdoficina/192.168.1.1:39930 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
2023-03-24 14:09:17 us=312000 imdoficina/192.168.1.1:39930 MULTI: Learn: 10.8.0.3 -> imdoficina/192.168.1.1:39930
2023-03-24 14:09:17 us=312000 imdoficina/192.168.1.1:39930 MULTI: primary virtual IP for imdoficina/192.168.1.1:39930: 10.8.0.3
2023-03-24 14:09:17 us=312000 imdoficina/192.168.1.1:39930 Data Channel MTU parms [ mss_fix:1389 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-03-24 14:09:17 us=312000 imdoficina/192.168.1.1:39930 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-03-24 14:09:17 us=312000 imdoficina/192.168.1.1:39930 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-03-24 14:09:17 us=312000 imdoficina/192.168.1.1:39930 Connection reset, restarting [0]
2023-03-24 14:09:17 us=312000 imdoficina/192.168.1.1:39930 SIGUSR1[soft,connection-reset] received, client-instance restarting
2023-03-24 14:09:17 us=312000 TCP/UDP: Closing socket
The Script at the Ovpn server is for authenticate users from the AD. Also the script log show the client authenticate correctly.
Code: Select all
[03/24/2023 02:09:17 ] [info ] [imdoficina] Authentication successful
[03/24/2023 02:09:05 ] [info ] [imdoficina] Authentication successful
[03/24/2023 02:08:54 ] [info ] [imdoficina] Authentication successful
[03/24/2023 02:08:42 ] [info ] [imdoficina] Authentication successful