December 29, 2011

228 words 2 mins read

OpenVPN “auth-user-pass-verify” doesn't provide password

I was trying to using OpenVPN’s auth-user-pass-verify option, which allows you to essentially build your own authentication mechanism for usernames/passwords. I had a very, very simply authentication script setup and was using the “via-env” method. I fought for at least an hour or two trying to figure out why my passwords weren’t being accepted, even when I changed the password down to being as simple as “a”. Turns out I was doing everything right, but getting shafted.

First thing you need to know is that when you use

auth-user-pass-verify, you MUST also set script-security 3. Basically every example you can find on the net will show these two lines together. I’d also suggest adding client-cert-not-required and username-as-common-name (both are fairly self-explanatory).

The shafting I was getting is that the OpenVPN package for CentOS I had installed, the init script affixed “—script-security 2” to the launch command (you can check your own copy by starting the OpenVPN server and then running “ps -ax”, it will show the full command executed). Even though I had set my own script-security level, the init script via the command line took precedence to the config. The only solution is to edit the init script and hope it isn’t upgraded/overwritten later.

Sadly, very few people seem to username/password authentication with OpenVPN so there is very little documentation and very few mentions across the net.

auth-user-pass-verify openvpn

OpenVPN on Vista 64bit (And Windows 7!)

June 15, 2009

At our office we use OpenVPN for our VPN needs. This was a change I made a few years back, taking us away from Windows PPTP. It has proved to be an interesting experience, because things do not always “work” on the client side. This is most apparent when dealing with Windows and/or 64-bit computers. It becomes even more fun when the boss wants OpenVPN on his Vista 64 machine. Up until recently it simply wasn’t possible because there were no compiled 64-bit versions.

Embassy Security Center does NOT play nicely with OpenVPN

July 2, 2008

So I was just re-installing a machine (Windows XP SP3 x32) in the office and I got to the point of setting up the OpenVPN connection (so I was almost done). Problem was that when I installed OpenVPN 2.0.9 and executed the EXE, it crashed with “The application failed to initialize properly (0xc000007b).". I tried uninstalling and re-installing OpenVPN. When that didn’t work, I then tried upgrading to OpenVPN 2.1 RC_7.

How To Get OpenVPN to Work Under Vista

September 20, 2007

Getting OpenVPN to run under Windows Vista is actually relatively easy. There are just a few tricks to keep in mind. Get the latest version of OpenVPN. 2.0.9 works for me, 2.0.7 did not If you still have UAC enabled (It is those “Accept/Deny” dialog boxes), you must right click on the installer and “Run As Administrator”. (How to disable UAC) During the install, you must remember to “Continue Anyways” when prompted about unsigned drivers.