It is currently 23.09.2017 11:00


All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Client Certificates without Username and Password
PostPosted: 01.03.2016 13:00 
DES
DES

Joined: 01.03.2016 11:29
Posts: 2
Hi,

I'm running an OpenVPN server with username/password authentification, which is working just fine. For several reasons, however, I want to switch to an authentification using client certificates - without username/password.

I generate all CA, server and client certificates and placed them properly on the server; their validation during the connection process also seems to work. However, I fail to disable the username/password requirement. Without inserting username/password, I still can't connect to the server.

My general idea would be to simply remove the "auth-user-pass" statement from the client configuration file with the certificates working properly. If I do that, however, I end up with a client connection log with something like this:

Code:
...
Mrz 01 13:45:58: OpenVPN 2.3.10 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Feb 11 2016
Mrz 01 13:45:58: library versions: OpenSSL 1.0.2f  28 Jan 2016, LZO 2.09
Mrz 01 13:45:59: Control Channel Authentication: using 'C:\...\ta.key' as a OpenVPN static key file
Mrz 01 13:45:59: Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443 [nonblock]
Mrz 01 13:46:00: TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:443
Mrz 01 13:46:00: TCPv4_CLIENT link local: [undef]
Mrz 01 13:46:00: TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:443
Mrz 01 13:46:01: Connection reset, restarting [0]
Mrz 01 13:46:01: SIGUSR1[soft,connection-reset] received, process restarting
...


I would appreciate any advice, what I would need to modify or change. Please find attached my server and my client configuration file.

Cheers,
Michael

--

Server Configuration:

Code:
dev tun

management 127.0.0.1 1195

server 10.8.0.0 255.255.255.0

push "route 10.8.0.0 255.255.255.0"

dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh4096.pem
ca /var/packages/VPNCenter/target/etc/openvpn/keys/ca.crt
cert /var/packages/VPNCenter/target/etc/openvpn/keys/server.crt
key /var/packages/VPNCenter/target/etc/openvpn/keys/server.key

max-clients 5

comp-lzo

persist-tun
persist-key

verb 3

#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

# client-cert-not-required
username-as-common-name
duplicate-cn

status /tmp/ovpn_status_2_result 30
status-version 2
proto udp6


Client Configuration

Code:
dev tun
tls-client
tls-auth ta.key 1

remote XXX.XXX.XXX.XXX XXX

pull

proto tcp-client

script-security 2

ca ca.crt

comp-lzo

reneg-sec 0

# auth-user-pass
ns-cert-type server

cert client.crt
key client.key


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net