Hi, Following up on the previous mail, the server side script for client authentication and the server/client configs that I use for testing challenge-response auth are uploaded here:
https://gist.github.com/selvanair/b31ec6d5873e2ffc141ec680fca69254 On the server-side the script should be running in parallel with the server (run from the same directory) for management-client-auth to work. No attempt is made to sanitize user input etc. so its useful only for testing purposes. The --remote option in the client config should be edited to match the server. Selva On Tue, Aug 16, 2016 at 2:21 PM, Selva Nair <selva.n...@gmail.com> wrote: > Hi, > > As discussed in the IRC meeting, here is a client config that connects to > a test server I run for static and dynamic challenge. Just run it as > > sudo openvpn --config cr-client.conf > > Respond with some arbitrary strings at the username, password and > static-challenge prompts and the server will send back the strings you > typed plus a dynamic challenge question. The connection will succeed after > the server verifies the response to the dynamic challenge. There may be a 5 > seconds restart pause between the two exchanges. > > Note that the password and static-challenge response are sent by the > client to the server base64 encoded, but my server-side script sends them > back decoded, along with the dynamic challenge. This is done so that the > correctness of the first round exchange can be tested at the client side. > The response to the dynamic challenge is verified at the server side and a > successful connection indicates that the verification passed. > > To do this using your own server, I'll post the script doing the > client-auth at the server side and the server config later today. In the > mean time please test this against my server. > > Selva > > > >
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
