Openvpn Connect v.3

[sergiogiuffrida]

Hi,
I'm testing with Openvpn connect 3 as mac client, it not work.
it is supposed to work with Openvpn connect?

[jkroepke]

Didn't even know that OpenVPN Connect 3 exists for MacOS.

Reading https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-macos/ it seems like the client is designed for the OpenVPN Access Server. Not sure, if the client works against OpenVPN 2 server.

[sergiogiuffrida]

Openvpn Connect is a client for windows/macos which works nice with all openvpn edition.
I using it for more then 2 years with an Openvpn 2.4.4 Server.
this is what i got on openvpn server logs:

2023-09-24 14:51:53 us=182213 library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10
2023-09-24 14:51:53 us=182282 DCO version: N/A
2023-09-24 14:51:53 us=182500 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:8081
2023-09-24 14:51:53 us=182521 Need hold release from management interface, waiting...
2023-09-24 14:51:56 us=845671 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:47020

and anything happen when i try to connect from client
logs of client

⏎[Sep 24, 2023, 15:45:25] Transport Error: TCP connect error on 'XXXXXXXXXX:1194' (XXXXXX:1194): Connection refused
⏎[Sep 24, 2023, 15:45:25] Client terminated, restarting in 2000 ms...
⏎[Sep 24, 2023, 15:45:26] Raw stats on disconnect:
 TCP_CONNECT_ERROR : 3
 N_RECONNECT : 2

⏎[Sep 24, 2023, 15:45:26] Performance stats on disconnect:
  CPU usage (microseconds): 5304659
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0
⏎[Sep 24, 2023, 15:45:26] EVENT: DISCONNECTED ⏎

and nothing from openvpn-auth-oauth2 logs

{"level":"info","ts":1695565776.525705,"msg":"discover OIDC auto configuration for issuer https://login.microsoftonline.com/XXXXXXXXXX/v2.0"}
{"level":"info","ts":1695565776.625099,"msg":"HTTP server listen on :9000 with base url https://YYYYYYYYY"}

it seams I not get anything from Management interface from OpenVPN. , How I can logs all events the management interface?

If i try to remove the line management-hold

PUSH: Received control message: 'PUSH_REQUEST'

and this what i have on client logs:

⏎[Sep 24, 2023, 15:08:03] Creds: Username/Password
⏎[Sep 24, 2023, 15:08:03] SSL Handshake: peer certificate: CN=server, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD

⏎[Sep 24, 2023, 15:08:03] Session is ACTIVE
⏎[Sep 24, 2023, 15:08:03] EVENT: GET_CONFIG ⏎[Sep 24, 2023, 15:08:03] Sending PUSH_REQUEST to server...
⏎[Sep 24, 2023, 15:08:04] Sending PUSH_REQUEST to server...
⏎[Sep 24, 2023, 15:08:06] Sending PUSH_REQUEST to server...

[jkroepke]

How I can logs all events the management interface?

Running with CONFIG_LOG_LEVEL=debug (--log.level=debug) shows you all command between plugin and management interface

[sergiogiuffrida]

Found the issue!!!
it Worked when I removed the password file from
management 127.0.0.1 8081 password.txt
with just management 127.0.0.1 8081

and Removed from the yaml configfile.

[jkroepke]

Could you please try the lastest version?

Yesterday, I figure out some issues if, the management interface has a password enabled. it should fixed in 1.4.0

[sergiogiuffrida]

Seams it not received the line from Management interface:

	line, err := c.readMessage()
	if err != nil {
		return err
	}
	fmt.Printf("Received Line %v \n",line)               ### This will not Print anything!
	if strings.HasPrefix(line, "ENTER PASSWORD") {
		if err := c.rawCommand(c.conf.OpenVpn.Password); err != nil {
			return err
		}

		line, err := c.readMessage()
		if err != nil {
			return err
		}

		if !strings.HasPrefix(line, "SUCCESS: password is correct") {
			return errors.New("wrong openvpn management interface password")
		}
	}

[sergiogiuffrida]

Ok, I can confirm with 1.4.0 Version it works!

Thank you Very much!

[jkroepke]

Thanks for the hint that OpenVPN 3 for Mac works fine, I add the client to the compatibility list.