Astaro Error Could Not Read Auth Username From Stdin
Contents |
build or expand their OpenVPN setup. Forum rules
Auth-nocache Openvpn
Please use the [oconf] BB tag for openvpn Configurations. use the auth-nocache option to prevent this See https://forums.openvpn.net/viewtopic.php?f=30&t=21589 for an example. Post Reply Print view 13 posts • Page 1
Cyberoam Error Could Not Read Auth Username From Stdin
of 1 robertas OpenVpn Newbie Posts: 7 Joined: Wed May 18, 2016 12:58 pm could not read Auth username from stdin Quote Postby openvpn could not read auth username from stdin robertas » Wed May 18, 2016 1:14 pm I am setting up site to site vpn, so I've setup a service on a debian which starts on boot. But after some time(~1h) my tunnel disappears. So after digging around in logs I found that it could not read auth username from stdin cyberoam complains about auth from stdin, but my config has a password in it.OpenVPN version:OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015Logs(hostname redacted):Code: Select allMay 18 12:38:39 vpn-hostname ovpn-client[3185]: ERROR: could not read Auth username from stdin
May 18 12:38:39 vpn-hostname ovpn-client[3185]: Exiting due to fatal error
May 18 12:38:39 vpn-hostname ovpn-client[3185]: /sbin/ip addr del dev tun0 192.168.61.3/24
May 18 12:38:39 vpn-hostname systemd[1]: openvpn@client.service: main process exited, code=exited, status=1/FAILURE
May 18 12:38:39 vpn-hostname systemd[1]: Unit openvpn@client.service entered failed state.
My configuration exported from pfsense(public domain redacted), pfsense-auth is a file with user/password and it works first time and should be ok, I can restart openvpn service and it works again for about 1h. View Original Client dev tunpersist-tunpersist-keycipher AES-256-CBCauth SHA1tls-clientclientresolv-retry infiniteauth-user-pass pfsense-authauth-nocacheremote my-redacted-vpn.com 1194 udplport 0verify-x509-name "my-redacted-vpn.com" namepkcs12 pfSense-udp-1194-scaleway1.my-redacted-vpn.com.p12t
9 VPN: Site to Site
Sorry, 'auth' Password Cannot Be Read From A File
and Remoteā¦ UTM 9 Release Notes Forums UTM Wiki Members Knowledge Base Sub-Groups https://forums.openvpn.net/viewtopic.php?t=21752 More Cancel This group requires membership for participation - click to join FORUM THREAD QUESTION: UNSOLVED SSL Remote Error: ERROR: could not read Auth username from stdin CMort https://community.sophos.com/products/unified-threat-management/f/58/t/52981 Posted: 26 Nov 2007 10:02 PM 2 Comments English SuccessfullyusedremoteonSSLmanytimes.However,newuserhasinstalledtheclientbutcannotconnect.Examinationofhisconnectionattemptreveals: FriNov1615:49:042007OpenVPN2.1_rc4Win32-MinGW[SSL][LZO2]builtonSep282007 FriNov1615:52:272007ERROR:couldnotreadAuthusernamefromstdin FriNov1615:52:272007Exiting IsthissomethingtodowithnotfindinguserinAD?Anyonerectifiedthisbefore. Cheers, CMort. Comments BrucekConvergent Replied: 26 Nov 2007 4:31 PM Itakeittheselogfileentriesarefromtheclientside?Ifso,lookslikesomething'snotrightwithhisSSLclientinstall...perhapsanuninstall,reboot,andreinstallwillhelp.Whatkindofsystemisthisnewclientrunning? CTO, Convergent Information Security Solutions, LLC https://www.convergesecurity.com Advice given as posted on this forum does not construe a support or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. grlynch Replied: 1 Apr 2010 4:16 PM IhadacustomerwiththisexactsameerroronaWinXPPROSP3.IbelievethatduringtheinitialinstallationthecustomerchosetoSTOPINSTALLATIONwhenwarnedabouttheAstaroadapaterinstallation.Ire-installedanditworkedfine. T&Cs Help Cookie Info Contact Support © 1997 - 2016 Sophos Ltd. All rights reserved.
Start here for a quick overview of the site Help Center Detailed answers to http://serverfault.com/questions/189851/openvpn-error-could-not-read-auth-username-from-stdin any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more https://secure-computing.net/logs/openvpn.txt about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site could not for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top OpenVPN: ERROR: could not read Auth username from stdin up vote 1 down vote favorite I could not read managed to setup openvpn but now I want to integrate a user/pass authentication method so, even though I haven't added the auth-nocache in the server config, whenever I try to connect it returns with the following message on the client side: ERROR: could not read Auth username from stdin My server.conf file contains basic stuff, everything works up untill I try to implement this for of authentication. mode server dev tun proto tcp port 1194 keepalive 10 120 plugin /usr/lib/openvpn/openvpn-auth-pam.so login client-cert-not-required username-as-common-name auth-user-pass-verify /etc/openvpn/auth.pl via-env ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem user nobody group nogroup server 10.8.0.0 255.255.255.0 persist-key persist-tun #persist-local-ip status openvpn-status.log verb 3 client-to-client push "redirect-gateway def1" push "dhcp-option DNS 10.8.0.1" log-append /var/log/openvpn comp-lzo I searched all over the net for a solution and all answers seems to be related to the auth-nocache param which I haven't set. The directive auth-user-pass-verify /etc/openvpn/auth.pl via-env points to a script which is ex
connecting to is dangerous/fraudulent. 08:02 < rmull> ecrist: I think I agree with you for the most part 08:03 < rmull> I just get constantly nagged by the "trust" aspect of SSL 08:03 < rmull> But it costs so much to be trusted 08:03 < rmull> And anyone with money seems trustworthy. 08:03 < ecrist> I think, if they gave you a yellow bar, similar to the one they have for "do you want me to remember this password" indicating that, while the connection was encrypted, the site's identity cannot be verified" would be sufficient. 08:03 < ecrist> rmull: exactly. 08:03 < rmull> That would be acceptable to me. 08:04 < pinchartl> ecrist: the risk my be overstated by Firefox, but that's better than understating it :-) 08:04 < ecrist> pinchartl: that doesn't make it less wrong, on the part of mozilla. 08:04 < ecrist> Safari does it nicely, without a lot of doom and gloom. 08:04 < cpm> yeah, that's pretty funny. I'd *love* to see an analysis of ssl certificate fraud. Where 'untrusted' certificates actually caused loss, relative to 'trusted' certificates that were acquired via fraudulent means. 08:05 < cpm> There are cases where folks paid good money to acquire certificates in another companies name. using faked letter head kinda stuff. 08:05 < ecrist> I have IT people here, who, when they started using Firefox 3, thought we were having internal website problems because the ssl error wasn't friendly, at all. It's similar to a connection failed, 404, etc. 08:05 < rmull> cpm: Lol, letter-head verification cracks me up 08:06 < ecrist> yeah, no doubt. 08:06 < cpm> that I'll bet lead to losses greater than whatever losses were had by 'untrusted' certificates. 08:06 < pinchartl> ecrist: that's right. we've been bitten by that too 08:06 < cpm> rmull, goes to show that the only think 'trusted' CAs care about is the money. 08:07 < rmull> For my personal stuff I've been using cacert.org 08:07 < ecrist> I'm a proponent of self-signed certificates. In the case of my networks, I control, 100%, the certificate chain. for better or for worse. All I've got to do is make sure the root CA certificate is installed on the client machines, and there are no problems. 08:07 < cpm> ecrist, I'm not so keen on self signed, esp since there are alternatives. 08:08 * cpm uses CACert.org certificates 08:08 < rmull> I support that :D 08:08 < ecrist> lol, cacert.org uses an invalid certificate, according to ff3. 08:08 < ecrist> no different than my self-signed ones. 08:09 < rmull> ecrist: You don't have the root cert installed in your browser 08:09 < cpm> ecrist,