Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


OpenVPN with User/Password Authorization
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OpenVPN with User/Password Authorization

I am not an experienced man with OpenVPN. I tried everything. Following tutorials etc. But I kept failing at setting up OpenVPN over and over again til the point I decided to give up. Shortly after that I found Nyr's OpenVPN auto-installer. It worked perfect after using Nyr's script however one thing that kept bugging me was having to keep track of all those certificates. The one thing I loved when using other VPN hosts was the user/password authorization. Where I didn't had to keep making certificates. Putting them for download etc. Just one certificate online and using that with the username and password and done.

But here is the problem. I am unable to even get OpenVPN and the user/password authorization to work. Sadly Nyr's script does not support user/password authorization or I just used that.

Can you guys help me out? I am able to provide a user account on my VPS or we can work over screen sharing apps such as TeamViewer or Join.me

Thanks in advance!

Comments

  • alexvolkalexvolk Member
    edited April 2014

    You need to integrate your openvpn with free radius, that's probably the easiest user-pass integration.

    Check this tutorial http://safesrv.net/setup-freeradius-plugin-and-openvpn-source/

  • @alexvolk said:
    You need to integrate your opevpn with free radius, that's probably the easiest user-pass integration.

    Check this tutorial http://safesrv.net/setup-freeradius-plugin-and-openvpn-source/

    Hmm. Does it work with SQLite? Adding MySQL on a LEB is way to much. Im also curious on how to add users in the SQLite database than.

  • alexvolk said: You need to integrate your opevpn with free radius, that's probably the easiest user-pass integration.

    That's not necessary. Just use PAM based authentication.

    https://wiki.archlinux.org/index.php/OpenVPN#Using_PAM_and_passwords_to_authenticate

    http://tarique21.wordpress.com/2011/06/23/open-vpn-with-pam/

    http://www.webhostingtalk.com/showthread.php?t=1024872

    Thanked by 1alexvolk
  • You can also use Softether, which also supports OpenVPN with user/pass authorization.

  • TehEnforceTehEnforce Member
    edited April 2014

    Thanks for the help.

    I managed to setup OpenVPN with user/pass authorization! :D But I ran into a problem. After connecting to the VPN it turns green and shows no errors or anything but when I go check my IP its still my real IP instead of the VPN IP. Help.

    Logs:

    `

    Sat Apr 19 00:48:34 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
    Enter Management Password:
    Sat Apr 19 00:48:34 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    Sat Apr 19 00:48:34 2014 Need hold release from management interface, waiting...
    Sat Apr 19 00:48:34 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    Sat Apr 19 00:48:34 2014 MANAGEMENT: CMD 'state on'
    Sat Apr 19 00:48:34 2014 MANAGEMENT: CMD 'log all on'
    Sat Apr 19 00:48:34 2014 MANAGEMENT: CMD 'hold off'
    Sat Apr 19 00:48:34 2014 MANAGEMENT: CMD 'hold release'
    Sat Apr 19 00:48:40 2014 MANAGEMENT: CMD 'username "Auth" "xxx"'
    Sat Apr 19 00:48:40 2014 MANAGEMENT: CMD 'password [...]'
    Sat Apr 19 00:48:40 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Sat Apr 19 00:48:40 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Sat Apr 19 00:48:40 2014 UDPv4 link local: [undef]
    Sat Apr 19 00:48:40 2014 UDPv4 link remote: [AF_INET]xxxx:xxxx
    Sat Apr 19 00:48:40 2014 MANAGEMENT: >STATE:1397861320,WAIT,,,
    Sat Apr 19 00:48:40 2014 MANAGEMENT: >STATE:1397861320,AUTH,,,
    Sat Apr 19 00:48:40 2014 TLS: Initial packet from [AF_INET]xxxx:xxxx, sid=xxx
    Sat Apr 19 00:48:40 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Sat Apr 19 00:48:40 2014 VERIFY OK: depth=1, C=xx, ST=xxx, L=xxxx, O=xxx, OU=xxx, CN=xxx, name=xxx, emailAddress=xxx
    Sat Apr 19 00:48:40 2014 VERIFY OK: depth=0, C=xx, ST=xxx, L=xxxx, O=xxx, OU=xxx, CN=xxx, name=xxx, emailAddress=xxx
    Sat Apr 19 00:48:41 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Sat Apr 19 00:48:41 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Apr 19 00:48:41 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Sat Apr 19 00:48:41 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Apr 19 00:48:41 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Sat Apr 19 00:48:41 2014 [fdVPN] Peer Connection Initiated with [AF_INET]xxxx:xxx
    Sat Apr 19 00:48:42 2014 MANAGEMENT: >STATE:1397861322,GET_CONFIG,,,
    Sat Apr 19 00:48:43 2014 SENT CONTROL [fdVPN]: 'PUSH_REQUEST' (status=1)
    Sat Apr 19 00:48:43 2014 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.0.35.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.35.6 10.0.35.5'
    Sat Apr 19 00:48:43 2014 OPTIONS IMPORT: timers and/or timeouts modified
    Sat Apr 19 00:48:43 2014 OPTIONS IMPORT: --ifconfig/up options modified
    Sat Apr 19 00:48:43 2014 OPTIONS IMPORT: route options modified
    Sat Apr 19 00:48:43 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Sat Apr 19 00:48:43 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Sat Apr 19 00:48:43 2014 MANAGEMENT: >STATE:1397861323,ASSIGN_IP,,10.0.35.6,
    Sat Apr 19 00:48:43 2014 open_tun, tt->ipv6=0
    Sat Apr 19 00:48:43 2014 TAP-WIN32 device [LAN-verbinding 2] opened: \.\Global{22BB7B74-875B-49D4-8498-BA8C5DCB1E92}.tap
    Sat Apr 19 00:48:43 2014 TAP-Windows Driver Version 9.9
    Sat Apr 19 00:48:43 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.35.6/255.255.255.252 on interface {22BB7B74-875B-49D4-8498-BA8C5DCB1E92} [DHCP-serv: 10.0.35.5, lease-time: 31536000]
    Sat Apr 19 00:48:43 2014 Successful ARP Flush on interface [16] {22BB7B74-875B-49D4-8498-BA8C5DCB1E92}
    Sat Apr 19 00:48:48 2014 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
    Sat Apr 19 00:48:48 2014 MANAGEMENT: >STATE:1397861328,ADD_ROUTES,,,
    Sat Apr 19 00:48:48 2014 C:\Windows\system32\route.exe ADD 10.0.35.1 MASK 255.255.255.255 10.0.35.5
    Sat Apr 19 00:48:48 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Sat Apr 19 00:48:48 2014 Route addition via IPAPI succeeded [adaptive]
    Sat Apr 19 00:48:48 2014 Initialization Sequence Completed
    Sat Apr 19 00:48:48 2014 MANAGEMENT: STATE:1397861328,CONNECTED,SUCCESS,10.0.35.6,xxxx

    `

  • @TehEnforce Are you using Windows 8 as your OS?

  • You seemed to be missing the "redirect-gateway def1" option in your openvpn configuration...

    For example of my openvpn configuration that working, I will get this message with the "redirect-gateway def1" in it...

    PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 4.2.2.1,route 10.2.0.0 255.255.255.0,redirect-gateway def1,route 10.2.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.2.0.6 10.2.0.5'

  • @TehEnforce Try running OpenVPN as admin.

  • @joelgm said:
    TehEnforce Are you using Windows 8 as your OS?

    No. Running Windows 7.

    @nicky0322 said:
    You seemed to be missing the "redirect-gateway def1" option in your openvpn configuration...

    For example of my openvpn configuration that working, I will get this message with the "redirect-gateway def1" in it...

    PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 4.2.2.1,route 10.2.0.0 255.255.255.0,redirect-gateway def1,route 10.2.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.2.0.6 10.2.0.5'

    Added that option in the config. It broke the whole VPN. I can connect to it but when connected I can't browse anything anymore.

    @Falco33 said:
    TehEnforce Try running OpenVPN as admin.

    I always run OpenVPN as admin. Didn't work :(

    Thanks but its based on MySQL.

Sign In or Register to comment.