Hi
I'm trying to connect a RouterOS device as an OpenVPN client to a UTM9 server. Having worked out how to get the UTM's certificates into a more standard format (this thread), the RouterOS device is now attempting to connect to the UTM server.
However, I'm getting a username/password auth failure. The RouterOS device requires me to enter a username and password, yet there's nowhere that I can find in the UTM's configuration to get it.
Here's the output of an attempt to connect. As you can see, the certificate exchange seems to work, it's only the username/password credentials that fail.
I tried creating a user on the UTM system and entering those credentials into the RouterOS device, but that made no difference.
How do I tell UTM what username/password to accept for this connection?
Thanks
Giles.
I'm trying to connect a RouterOS device as an OpenVPN client to a UTM9 server. Having worked out how to get the UTM's certificates into a more standard format (this thread), the RouterOS device is now attempting to connect to the UTM server.
However, I'm getting a username/password auth failure. The RouterOS device requires me to enter a username and password, yet there's nowhere that I can find in the UTM's configuration to get it.
Here's the output of an attempt to connect. As you can see, the certificate exchange seems to work, it's only the username/password credentials that fail.
Quote:
|
2012:12:08-08:41:41 dev-gw-a openvpn[25474]: MULTI: multi_create_instance called 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: Re-using SSL/TLS context 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: LZO compression initialized 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: Control Channel MTU parms [ L:1556 D:140 EF:40 EB:0 ET:0 EL:0 ] 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: Data Channel MTU parms [ L:1556 D:1450 EF:56 EB:135 ET:0 EL:0 AF:3/1 ] 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: Local Options hash (VER=V4): 'a4f12474' 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: Expected Remote Options hash (VER=V4): '619088b2' 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: TCP connection established with my.ip.addr.here:36977 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: Socket Buffers: R=[131072->131072] S=[131072->131072] 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: TCPv4_SERVER link local: [undef] 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: TCPv4_SERVER link remote: my.ip.addr.here:36977 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 TLS: Initial packet from my.ip.addr.here:36977, sid=fc07641e f7a6a9c2 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 VERIFY OK: depth=1, C=gb, L=MyLocation, O=MyName, CN=MyName VPN CA, emailAddress=***@***.***.*** 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 VERIFY OK: depth=0, C=gb, L=MyLocation, O=MyName, CN=REF_SslSerProdsite1 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 PLUGIN_CALL: POST /usr/lib/openvpn-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn-utm.so 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 TLS Auth Error: Auth Username/Password verification failed for peer 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1556', remote='link-mtu 1555' 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo' 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 [REF_SslSerProdsite1] Peer Connection Initiated with my.ip.addr.here:36977 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 PUSH: Received control message: 'PUSH_REQUEST' 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 Delayed exit in 5 seconds 2012:12:08-08:41:41 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 SENT CONTROL [REF_SslSerProdsite1]: 'AUTH_FAILED' (status=1) 2012:12:08-08:41:45 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 Connection reset, restarting [0] 2012:12:08-08:41:45 dev-gw-a openvpn[25474]: my.ip.addr.here:36977 SIGUSR1[soft,connection-reset] received, client-instance restarting 2012:12:08-08:41:45 dev-gw-a openvpn[25474]: TCP/UDP: Closing socket |
How do I tell UTM what username/password to accept for this connection?
Thanks
Giles.