Hi JJK,

On Wed, Aug 17, 2016 at 8:08 AM, Jan Just Keijser <janj...@nikhef.nl> wrote:

> Hi Selva,
>
> Selva Nair wrote:
>
>> Hi,
>>
>> As discussed in the IRC meeting, here is a client config that connects to
>> a test server I run for static and dynamic challenge. Just run it as
>>
>> sudo openvpn --config cr-client.conf
>>
>> Respond with some arbitrary strings at the username,  password and
>> static-challenge prompts and the server will send back the strings you
>> typed plus a dynamic challenge question. The connection will succeed after
>> the server verifies the response to the dynamic challenge. There may be a 5
>> seconds restart pause between the two exchanges.
>> Note that the password and static-challenge response are sent by the
>> client to the server base64 encoded, but my server-side script sends them
>> back decoded, along with the dynamic challenge. This is done so that the
>> correctness of the first round exchange can be tested at the client side.
>> The response to the dynamic challenge is verified at the server side and a
>> successful connection indicates that the verification passed.
>>
>> To do this using your own server, I'll post the script doing the
>> client-auth at the server side and the server config later today. In the
>> mean time please test this against my server.
>>
>
> thanks for your config files! I've just tested this against your server,
> and got a successful login on the second attempt. The challenge
>  please answer this : 1+1 =
> failed with a message:
>  Wrong answer to dynamic response or invalid format (2.000 23.000)
>

The client-auth script got 23 instead of the expected 2. Logs show
received from mgmt: 'CRV1::2::23M'
That 23M should have been what you typed (i.e., 2); not sure what went
wrong...

>
> but the second challenge worked fine. Next, I'll play with your server
> config.
>

Thanks,

Selva
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to