Google oAuth not working

[Mhm0ud]

Problem Statement

The OpenVPN client doesn't open a website page to authenticate with Google,

OpenVPN Server Configuration:

port 59940
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
#push "redirect-gateway autolocal def1"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_zq3V825Hxe1vNadT.crt
key server_zq3V825Hxe1vNadT.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
management /run/openvpn/server.sock unix /etc/openvpn/password.txt
#management-hold
management-client-auth
push "route 34.88.39.116 255.255.255.255"
push "route 34.170.254.234 255.255.255.255"
push "route 35.226.71.232 255.255.255.255"

OpenVPN Client Config:

client
proto udp
explicit-exit-notify
remote xxxxxxxx 59940
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_zq3V825Hxe1vNadT name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIB1zCCAX2g
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIB2jCCAYGg
sWu186wIL/
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAg
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
50b3df6fc8d7246edd9e84156bc993f4

-----END OpenVPN Static key V1-----
</tls-crypt>

oAuth Configuration:

 GNU nano 5.4                                      /etc/sysconfig/openvpn-auth-oauth2                                                
CONFIG_OPENVPN_ADDR=unix:///run/openvpn/server.sock
CONFIG_OPENVPN_PASSWORD=xxxxxxxxxxx
CONFIG_OAUTH2_PROVIDER=google
CONFIG_OAUTH2_ISSUER=https://accounts.google.com
CONFIG_OAUTH2_CLIENT_ID=44611xxxxxxxxxxxx.apps.googleusercontent.com
CONFIG_OAUTH2_CLIENT_SECRET=xxxxxxxxxxxxxxxx
CONFIG_HTTP_LISTEN=127.0.0.1:9000
# Define a random value with 16 or 24 characters
CONFIG_HTTP_SECRET=xxxxxxxxxxx
# Define the public http endpoint here.
CONFIG_HTTP_BASEURL=https://xxxxxxxx.com
CONFIG_PROVIDER_GOOGLE_SERVICE__ACCOUNT__CONFIG=file:///etc/openvpn-auth-oauth2/service.json

OpenVPN Server Logs:

2024-02-14 16:10:41 89.207.14.192:51579 VERIFY OK: depth=1, CN=cn_uG2Me9YlBKEZpZQ3
2024-02-14 16:10:41 89.207.14.192:51579 VERIFY OK: depth=0, CN=test-test
2024-02-14 16:10:41 89.207.14.192:51579 peer info: IV_VER=3.8.2connect3
2024-02-14 16:10:41 89.207.14.192:51579 peer info: IV_PLAT=mac
2024-02-14 16:10:41 89.207.14.192:51579 peer info: IV_NCP=2
2024-02-14 16:10:41 89.207.14.192:51579 peer info: IV_TCPNL=1
2024-02-14 16:10:41 89.207.14.192:51579 peer info: IV_PROTO=990
2024-02-14 16:10:41 89.207.14.192:51579 peer info: IV_MTU=1600
2024-02-14 16:10:41 89.207.14.192:51579 peer info: IV_CIPHERS=AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
2024-02-14 16:10:41 89.207.14.192:51579 peer info: IV_AUTO_SESS=1
2024-02-14 16:10:41 89.207.14.192:51579 peer info: IV_GUI_VER=OCmacOS_3.4.6-4699
2024-02-14 16:10:41 89.207.14.192:51579 peer info: IV_SSO=webauth,crtext
2024-02-14 16:10:41 89.207.14.192:51579 TLS Error: Auth Username/Password was not provided by peer
2024-02-14 16:10:41 89.207.14.192:51579 TLS Error: TLS handshake failed
2024-02-14 16:10:41 89.207.14.192:51579 SIGUSR1[soft,tls-error] received, client-instance restarting
2024-02-14 16:10:59 89.207.14.192:55947 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-14 16:10:59 89.207.14.192:55947 TLS Error: TLS handshake failed
2024-02-14 16:10:59 89.207.14.192:55947 SIGUSR1[soft,tls-error] received, client-instance restarting
2024-02-14 16:11:41 89.207.14.192:51579 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-14 16:11:41 89.207.14.192:51579 TLS Error: TLS handshake failed
2024-02-14 16:11:41 89.207.14.192:51579 SIGUSR1[soft,tls-error] received, client-instance restarting

OpenVPN Client Logs:

⏎[Feb 14, 2024, 19:08:13] Connecting to [xxxxxxxx]:59940 (xxxxxxxx) via UDP
⏎[Feb 14, 2024, 19:08:13] EVENT: CONNECTING ⏎[Feb 14, 2024, 19:08:13] Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client
⏎[Feb 14, 2024, 19:08:13] Creds: UsernameEmpty/PasswordEmpty
⏎[Feb 14, 2024, 19:08:13] Sending Peer Info:
IV_VER=3.8.2connect3
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=990
IV_MTU=1600
IV_CIPHERS=AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_AUTO_SESS=1
IV_GUI_VER=OCmacOS_3.4.6-4699
IV_SSO=webauth,crtext

⏎[Feb 14, 2024, 19:08:29] EVENT: CONNECTION_TIMEOUT  BYTES_IN : 4367
 BYTES_OUT : 6280
 PACKETS_IN : 12
 PACKETS_OUT : 16
 KEEPALIVE_TIMEOUT : 1
 CONNECTION_TIMEOUT : 1
 N_RECONNECT : 1
⏎[Feb 14, 2024, 19:08:29] EVENT: DISCONNECTED ⏎[Feb 14, 2024, 19:09:57] Raw stats on disconnect:
 BYTES_IN : 4367
 BYTES_OUT : 6280
 PACKETS_IN : 12
 PACKETS_OUT : 16
 KEEPALIVE_TIMEOUT : 1
 CONNECTION_TIMEOUT : 1
 N_RECONNECT : 1

⏎[Feb 14, 2024, 19:09:57] Performance stats on disconnect:
  CPU usage (microseconds): 111055911
  Network bytes per CPU second: 95
  Tunnel bytes per CPU second: 0
⏎[Feb 14, 2024, 19:09:57] OpenVPN core 3.8.2connect3 mac arm64 64-bit built on Dec  1 2023 03:25:45
⏎[Feb 14, 2024, 19:09:57] Frame=512/2112/512 mssfix-ctrl=1250
⏎[Feb 14, 2024, 19:09:57] NOTE: This configuration contains options that were not used:
⏎[Feb 14, 2024, 19:09:57] Ignored by option 'ignore-unknown-option'
⏎[Feb 14, 2024, 19:09:57] 18 [block-outside-dns]
⏎[Feb 14, 2024, 19:09:57] Unsupported option (ignored)
⏎[Feb 14, 2024, 19:09:57] 2 [explicit-exit-notify]
⏎[Feb 14, 2024, 19:09:57] 5 [resolv-retry] [infinite]
⏎[Feb 14, 2024, 19:09:57] 7 [persist-key]
⏎[Feb 14, 2024, 19:09:57] 8 [persist-tun]
⏎[Feb 14, 2024, 19:09:57] 12 [auth-nocache]
⏎[Feb 14, 2024, 19:09:57] EVENT: RESOLVE ⏎[Feb 14, 2024, 19:09:57] Contacting xxxxx:59940 via UDP
⏎[Feb 14, 2024, 19:09:57] EVENT: WAIT ⏎[Feb 14, 2024, 19:09:57] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
	"host" : "xxxxx",
	"ipv6" : false,
	"pid" : 9076
}

⏎[Feb 14, 2024, 19:09:57] Connecting to [xxxxx]:59940 (xxxxx) via UDP
⏎[Feb 14, 2024, 19:09:57] EVENT: CONNECTING ⏎[Feb 14, 2024, 19:09:57] Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client
⏎[Feb 14, 2024, 19:09:57] Creds: UsernameEmpty/PasswordEmpty
⏎[Feb 14, 2024, 19:09:57] Sending Peer Info:
IV_VER=3.8.2connect3
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=990
IV_MTU=1600
IV_CIPHERS=AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_AUTO_SESS=1
IV_GUI_VER=OCmacOS_3.4.6-4699
IV_SSO=webauth,crtext

⏎[Feb 14, 2024, 19:10:39] Session invalidated: KEEPALIVE_TIMEOUT
⏎[Feb 14, 2024, 19:10:39] Client terminated, restarting in 2000 ms...
⏎[Feb 14, 2024, 19:10:41] EVENT: RECONNECTING ⏎[Feb 14, 2024, 19:10:41] EVENT: RESOLVE ⏎[Feb 14, 2024, 19:10:41] Contacting 35.232.197.149:59940 via UDP
⏎[Feb 14, 2024, 19:10:41] EVENT: WAIT ⏎[Feb 14, 2024, 19:10:41] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
	"host" : "xxxxxxxxx",
	"ipv6" : false,
	"pid" : 9076
}

Environment

• openvpn-auth-oauth2 Version: openvpn-auth-oauth2_1.15.0_linux_amd64.deb
• OpenVPN Server Version: OpenVPN 2.6.6 x86_64-pc-linux-gnu
• Server OS: Debian GNU/Linux 11 (bullseye)
• OpenVPN Client (flavor, OS): MacOS, OpenVPN Connect Version 3.4.6 (4699)

[jkroepke]

TLS Error: Auth Username/Password was not provided by peer

Sorry, I have to mention that auth-user-pass-optional in OpenVPN server config is mandatory.