Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 19 June 2019, 04:07:58 pm

Login with username, password and session length

Download the latest community FREE version  HERE
13923 Posts in 4237 Topics by 5946 Members
Latest Member: sreekanumuri
Search:     Advanced search
Pages: [1] 2 3 4 5 ... 10
 1 
 on: Friday 14 June 2019, 11:09:01 pm 
Started by Frank0815 - Last post by Dark-Vex
Starting from 3.2.0 alpha 1 (based on new platform) the support to this feature has been removed. On Enterprise version you can setup OpenVPN+LDAP/Active Directory directly from the web interface

 2 
 on: Friday 14 June 2019, 11:07:39 pm 
Started by Frank0815 - Last post by Dark-Vex
3.0.5 beta 1 is the last version based on the old platform that support it.

 3 
 on: Friday 14 June 2019, 03:40:27 pm 
Started by Frank0815 - Last post by Frank0815
LDAP Auth via OpenVPN is not possible any more with 3.3.0.
Can anyone tell me, when this was removed?
Is

 4 
 on: Friday 14 June 2019, 03:37:29 pm 
Started by Frank0815 - Last post by Frank0815
Oh my dear.
Which is the latest version, that still supports LDAP VPN?

 5 
 on: Friday 14 June 2019, 12:30:34 am 
Started by Frank0815 - Last post by Dark-Vex
On 3.3 community VPN with LDAP/Active Directory is not supported, the authentication backend is changed and it's only supported on the enterprise version.

 6 
 on: Thursday 13 June 2019, 07:16:33 pm 
Started by Frank0815 - Last post by Frank0815
I get the same error, if I enter a wrong IP in my settings file and no LDAP Server behind.
So maybe it is not getting to ldap auth or the settings file is ignored?

 7 
 on: Thursday 13 June 2019, 06:58:37 pm 
Started by Frank0815 - Last post by Frank0815
root@endianFWcommunity:/var/efw/openvpn # cat settings

AUTHENTICATION_STACK=ldap,local
CA_FILENAME=cacert.pem
CERT_FILENAME=VPNcert.pem
LDAP_BIND_DN=cn=user,cn=Users,dc=domain,dc=local
LDAP_BIND_PASSWORD=password
LDAP_URI=ldap://1.2.3.4
LDAP_USER_BASEDN=ou=SBSUsers,ou=Users,ou=MyBusiness,dc=domain,dc=local
LDAP_USER_SEARCHFILTER=(&(objectCategory=person)(objectClass=user)(sAMAccountName=%(u)s))

 8 
 on: Thursday 13 June 2019, 06:44:38 pm 
Started by Frank0815 - Last post by Frank0815
Hello everybody,

on my Endian Community FW 3.0.5 beta 1, OpenVPN is configured with AD authentication.
For auth-user-pass it uses /usr/bin/openvpn-auth via-file. This works

I recently installed a test machine with community version 3.3.0.
I set up the ldap settings as described here:
h**ps://help.endian.com/hc/en-us/articles/218144458-SSL-VPN-How-to-Authenticate-VPN-Users-with-Active-Directory

The settings are basically identical with my working installation.

Authenticating a local user works.
Authenticating an AD User does not work. But I receive a "Benutzer nicht gefunden" / "User not found" message.

tail -f /var/log/endian/authentication

2019-06-13 07:47:35,307 - authentication[2703] - INFO - Endian Authentication Layer startup

Jun 13 08:00:23 endianFWcommunity authentication[2703]: AUTH_STATUS(ACCEPTED) SCOPE(openvpn) USER(localuser) PROVIDER(local)

Jun 13 08:00:36 endianFWcommunity authentication[2703]: AUTH_STATUS(FAILED) SCOPE(openvpn) USER(testvpn) REASON(Benutzer nicht gefunden)

The openvpn.log shows


Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 TLS: Initial packet from [AF_INET]80.187.111.43:6776 (via [AF_INET]<IP>%eth1), sid=a4552829 55a1cacc
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_VER=2.5_master
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_PLAT=android
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_PROTO=2
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_NCP=2
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_LZ4=1
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_LZ4v2=1
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_LZO=1
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_COMP_STUB=1
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_COMP_STUBv2=1
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_TCPNL=1
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 peer info: IV_GUI_VER=de.blinkt.openvpn_0.7.8
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 1
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 TLS Auth Error: Auth Username/Password verification failed for peer
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384
Jun 13 09:53:57 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 Peer Connection Initiated with [AF_INET]80.187.111.53:6776 (via [AF_INET]<IP>%eth1)
Jun 13 09:53:58 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 PUSH: Received control message: 'PUSH_REQUEST'
Jun 13 09:53:58 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 Delayed exit in 5 seconds
Jun 13 09:53:58 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Jun 13 09:54:03 endianFWcommunity openvpn[21228]: 80.187.111.53:6776 SIGTERM[soft,delayed-exit] received, client-instance exiting


I can not find more detailed logfiles.
In my old 3.0.5b1 it used openvpn-auth via-file

The 3.3.0 has only openvpn-auth-env and tries to use openvpn-auth-env via-env.

When try openvpn-auth -i on my old machine, and use a wrong password,
I get the same german error "Benutzer nicht gefunden" / "User not found"

The same error, I see in the authentication log on the 3.3.0.

Is there a current manual on how-to get ad authentication with OpenVPN on 3.3.0?
Any ideas?

Greetings

Frank

 9 
 on: Monday 10 June 2019, 08:24:01 pm 
Started by Karel2017 - Last post by Karel2017
Hello, I want to create custom iptables rules, but it doesnt work properly. For example when I create rule "iptables -A OUTGOINGFW -s 192.168.2.45/32 -o eth2 -j REJECT --reject-with icmp-port-unreachable" (same rule as generaterd from endian webinterface) it doesnt work. What am I doing wrong? Do I need manually restart iptables and how? Is there any other way how to add custom rules in endian? I need to control rules from cli.

 10 
 on: Monday 03 June 2019, 05:32:10 pm 
Started by Matteo Mabesolani - Last post by Dark-Vex
Hi Matteo,

this is due to a bug, Endian should release in these days an update that fix this issue.
If  you have telegram you can follow the community channel they paste/send a message when updates are released
https://t.me/efw_community_official

Pages: [1] 2 3 4 5 ... 10
Page created in 0.075 seconds with 15 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com