AUTH_FAILED error means that the OpenVPN server requires a username/password, but it either wasn't provided, or perhaps was mistyped. If you're using a current dd-wrt build, there should be a "User Pass Authentication" option. Enable it and provide the username/password given to you by the OpenVPN provider.
Thing is, I'm my own "provider" here and I never set up a user/pass policy, instead having certs and keys for authentication. I also don't have the "User Pass Authentication" option in my build, so I'm not even sure where to go to turn that off if it's somehow on.
Configs and logs below. Anything obvious I'm missing here?
Server Stats:
Router: Linksys Wireless-N Broadband
Model: WRT160N V3
Firmware: DD-WRT v3.0-r36698 vpn-small (08/22/1
Note: I'd use the newer 37305 build, but the vpn-small version returns 404 errors on the DD-WRT site when I try and download it. So I'm stuck making due with what I got.
Client Stats:
Computer: Macbook Pro Late 2013 model
OS: OS X Mojave 10.14.5
Open VPN Client Software: Tunnelblick 3.7.9 (Build 5320)
Thanks, Per Yngve Berg, but even when I try the FTP, I'm not finding the 37305 build of openvpn_small. I just find the generic mini for my router in that build (would that still lack openvpn?)
It's NOT failing because of any need for username/password. It's failing because of the following.
Code:
2019-05-26 12:36:20.603752 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'
You have the auth directive (Hash Algorithm in the GUI) set differently between the OpenVPN client and server. They need to match!
Yeah, looks like I removed that directive during my latest test. My bad. I've put it back in and that warning is gone, but I still get the AUTH_FAILED error.
Config:
Code:
client
dev tun
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
cipher AES-256-CBC
auth sha256
verb 3
Log:
Code:
2019-05-26 14:27:04.533562 *Tunnelblick: openvpnstart log:
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2r/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sxxxx-SLibrary-SApplication Support-STunnelblick-SConfigurations-Shome--dev.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.58434.openvpn.log
--cd /Library/Application Support/Tunnelblick/Users/xxxx/home-dev.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5320 3.7.9 (build 5320)"
--verb 3
--config /Library/Application Support/Tunnelblick/Users/xxxx/home-dev.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/xxxx/home-dev.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Users/xxxx/home-dev.tblk/Contents/Resources
--management 127.0.0.1 58434 /Library/Application Support/Tunnelblick/hikjneihmecgifpdnonolmgejmbiobmloljonikm.mip
--management-query-passwords
--management-hold
--script-security 2
--up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2019-05-26 14:27:04.546400 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:58434
2019-05-26 14:27:04.596683 MANAGEMENT: CMD 'pid'
2019-05-26 14:27:04.597409 *Tunnelblick: Established communication with OpenVPN
2019-05-26 14:27:04.604507 MANAGEMENT: CMD 'auth-retry interact'
2019-05-26 14:27:04.604665 MANAGEMENT: CMD 'state on'
2019-05-26 14:27:04.604823 MANAGEMENT: CMD 'state'
2019-05-26 14:27:04.608839 MANAGEMENT: CMD 'bytecount 1'
2019-05-26 14:27:04.628995 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2019-05-26 14:27:04.635367 MANAGEMENT: CMD 'hold release'
2019-05-26 14:27:04.636293 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2019-05-26 14:27:04.688341 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1194
2019-05-26 14:27:04.688431 Socket Buffers: R=[786896->786896] S=[9216->9216]
2019-05-26 14:27:04.688704 UDP link local: (not bound)
2019-05-26 14:27:04.688751 UDP link remote: [AF_INET]XX.XX.XX.XX:1194
2019-05-26 14:27:04.689487 MANAGEMENT: >STATE:1558895224,WAIT,,,,,,
2019-05-26 14:27:04.759262 MANAGEMENT: >STATE:1558895224,AUTH,,,,,,
2019-05-26 14:27:04.759479 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=2d5815e8 347bfa45
2019-05-26 14:27:05.412653 VERIFY OK: depth=1, CN=home
2019-05-26 14:27:05.538071 VERIFY KU OK
2019-05-26 14:27:05.538135 Validating certificate extended key usage
2019-05-26 14:27:05.538158 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2019-05-26 14:27:05.538176 VERIFY EKU OK
2019-05-26 14:27:05.538191 VERIFY OK: depth=0, CN=server
2019-05-26 14:27:05.897517 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1570'
2019-05-26 14:27:05.897653 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2019-05-26 14:27:05.897946 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2019-05-26 14:27:05.898122 [server] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:1194
2019-05-26 14:27:07.035885 MANAGEMENT: >STATE:1558895227,GET_CONFIG,,,,,,
2019-05-26 14:27:07.036100 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2019-05-26 14:27:07.099826 AUTH: Received control message: AUTH_FAILED
2019-05-26 14:27:07.101870 SIGUSR1[soft,auth-failure] received, process restarting
2019-05-26 14:27:07.101928 MANAGEMENT: >STATE:1558895227,RECONNECTING,auth-failure,,,,,
2019-05-26 14:27:13.390886 *Tunnelblick: Disconnecting; user cancelled authorization or there was an error obtaining authorization
2019-05-26 14:27:13.699242 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2019-05-26 14:27:13.700383 *Tunnelblick: Disconnecting using 'kill'
2019-05-26 14:27:13.888106 SIGTERM[hard,init_instance] received, process exiting
2019-05-26 14:27:13.890034 MANAGEMENT: >STATE:1558895233,EXITING,init_instance,,,,,
2019-05-26 14:27:14.299356 *Tunnelblick: No 'post-disconnect.sh' script to execute
2019-05-26 14:27:14.452724 *Tunnelblick: Expected disconnection occurred.