Hi JJK, On Wed, Aug 17, 2016 at 8:08 AM, Jan Just Keijser <janj...@nikhef.nl> wrote:
> Hi Selva, > > Selva Nair wrote: > >> Hi, >> >> As discussed in the IRC meeting, here is a client config that connects to >> a test server I run for static and dynamic challenge. Just run it as >> >> sudo openvpn --config cr-client.conf >> >> Respond with some arbitrary strings at the username, password and >> static-challenge prompts and the server will send back the strings you >> typed plus a dynamic challenge question. The connection will succeed after >> the server verifies the response to the dynamic challenge. There may be a 5 >> seconds restart pause between the two exchanges. >> Note that the password and static-challenge response are sent by the >> client to the server base64 encoded, but my server-side script sends them >> back decoded, along with the dynamic challenge. This is done so that the >> correctness of the first round exchange can be tested at the client side. >> The response to the dynamic challenge is verified at the server side and a >> successful connection indicates that the verification passed. >> >> To do this using your own server, I'll post the script doing the >> client-auth at the server side and the server config later today. In the >> mean time please test this against my server. >> > > thanks for your config files! I've just tested this against your server, > and got a successful login on the second attempt. The challenge > please answer this : 1+1 = > failed with a message: > Wrong answer to dynamic response or invalid format (2.000 23.000) > The client-auth script got 23 instead of the expected 2. Logs show received from mgmt: 'CRV1::2::23M' That 23M should have been what you typed (i.e., 2); not sure what went wrong... > > but the second challenge worked fine. Next, I'll play with your server > config. > Thanks, Selva
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel