Changes between Initial Version and Version 1 of Ticket #840, comment 2
- Timestamp:
- 02/09/17 10:47:59 (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #840, comment 2
initial v1 21 21 This is the simplest and probably most common script based authentication setups. The server will trigger a re-negotiation of the tunnel every 30th second. 22 22 23 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh --verb 4 --reneg-sec 30`23 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh via-env --verb 4 --reneg-sec 30` 24 24 25 25 Client: `src/openvpn/openvpn --client --remote 192.168.122.1 --ca openvpn/sample/sample-keys/ca.crt --key openvpn/sample/sample-keys/client.key --cert openvpn/sample/sample-keys/client.crt --verb 4 --dev tun --auth-user-pass --ping 3 --ping-restart 6` … … 32 32 Basically the same setup as Test 1, but this time the client will not cache the user's password. 33 33 34 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh --verb 4 --reneg-sec 30`34 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh via-env --verb 4 --reneg-sec 30` 35 35 36 36 Client: `src/openvpn/openvpn --client --remote 192.168.122.1 --ca openvpn/sample/sample-keys/ca.crt --key openvpn/sample/sample-keys/client.key --cert openvpn/sample/sample-keys/client.crt --verb 4 --dev tun --auth-user-pass --ping 3 --ping-restart 6` --auth-nocache … … 45 45 This is a variant of Test 1, where the user sends username/password as normal. The server sends an authentication token back to the client which replaces the locally cached password. This token is used on the following renegotiations. 46 46 47 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh --verb 4 --reneg-sec 30 --auth-gen-token`47 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh via-env --verb 4 --reneg-sec 30 --auth-gen-token` 48 48 49 49 Client: `src/openvpn/openvpn --client --remote 192.168.122.1 --ca openvpn/sample/sample-keys/ca.crt --key openvpn/sample/sample-keys/client.key --cert openvpn/sample/sample-keys/client.crt --verb 7 --dev tun --auth-user-pass --ping 3 --ping-restart 6` … … 62 62 This is a variant of Test 3, where the user sends username/password as normal. The server sends an authentication token back to the client which replaces the locally cached password. This token is used on the following renegotiations. But the client is configured to not cache any passwords - which should be overridden when the server sends the PUSH_REPLY containing an `auth-token`. 63 63 64 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh --verb 4 --reneg-sec 30 --auth-gen-token`64 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh via-env --verb 4 --reneg-sec 30 --auth-gen-token` 65 65 66 66 Client: `src/openvpn/openvpn --client --remote 192.168.122.1 --ca openvpn/sample/sample-keys/ca.crt --key openvpn/sample/sample-keys/client.key --cert openvpn/sample/sample-keys/client.crt --verb 4 --dev tun --auth-user-pass --ping 3 --ping-restart 6 --auth-nocache`