Changes between Initial Version and Version 1 of Ticket #840, comment 2


Ignore:
Timestamp:
02/09/17 10:47:59 (5 years ago)
Author:
David Sommerseth
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #840, comment 2

    initial v1  
    2121This is the simplest and probably most common script based authentication setups.  The server will trigger a re-negotiation of the tunnel every 30th second.
    2222
    23 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt  --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh --verb 4 --reneg-sec 30`
     23Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt  --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh via-env --verb 4 --reneg-sec 30`
    2424
    2525Client: `src/openvpn/openvpn --client --remote 192.168.122.1 --ca openvpn/sample/sample-keys/ca.crt --key openvpn/sample/sample-keys/client.key --cert openvpn/sample/sample-keys/client.crt --verb 4 --dev tun --auth-user-pass --ping 3 --ping-restart 6`
     
    3232Basically the same setup as Test 1, but this time the client will not cache the user's password.
    3333
    34 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt  --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh --verb 4 --reneg-sec 30`
     34Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt  --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh via-env --verb 4 --reneg-sec 30`
    3535
    3636Client: `src/openvpn/openvpn --client --remote 192.168.122.1 --ca openvpn/sample/sample-keys/ca.crt --key openvpn/sample/sample-keys/client.key --cert openvpn/sample/sample-keys/client.crt --verb 4 --dev tun --auth-user-pass --ping 3 --ping-restart 6` --auth-nocache
     
    4545This is a variant of Test 1, where the user sends username/password as normal.  The server sends an authentication token back to the client which replaces the locally cached password.  This token is used on the following renegotiations.
    4646
    47 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt  --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh --verb 4 --reneg-sec 30 --auth-gen-token`
     47Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt  --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh via-env --verb 4 --reneg-sec 30 --auth-gen-token`
    4848
    4949Client: `src/openvpn/openvpn --client --remote 192.168.122.1 --ca openvpn/sample/sample-keys/ca.crt --key openvpn/sample/sample-keys/client.key --cert openvpn/sample/sample-keys/client.crt --verb 7 --dev tun --auth-user-pass --ping 3 --ping-restart 6`
     
    6262This is a variant of Test 3, where the user sends username/password as normal.  The server sends an authentication token back to the client which replaces the locally cached password.  This token is used on the following renegotiations.  But the client is configured to not cache any passwords - which should be overridden when the server sends the PUSH_REPLY containing an `auth-token`.
    6363
    64 Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt  --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh --verb 4 --reneg-sec 30 --auth-gen-token`
     64Server: `src/openvpn/openvpn --dev tun --server 10.8.0.0 255.255.255.0 --ca sample/sample-keys/ca.crt  --key sample/sample-keys/server.key --cert sample/sample-keys/server.crt --dh sample/sample-keys/dh2048.pem --script-security 3 --auth-user-pass-verify auth.sh via-env --verb 4 --reneg-sec 30 --auth-gen-token`
    6565
    6666Client: `src/openvpn/openvpn --client --remote 192.168.122.1 --ca openvpn/sample/sample-keys/ca.crt --key openvpn/sample/sample-keys/client.key --cert openvpn/sample/sample-keys/client.crt --verb 4 --dev tun --auth-user-pass --ping 3 --ping-restart 6 --auth-nocache`