16.04:在 OpenWRT 上配置 OpenVPN 客户端时,使用 Google Authenticator 进行身份验证失败

16.04:在 OpenWRT 上配置 OpenVPN 客户端时,使用 Google Authenticator 进行身份验证失败

我对 OpenWRT 还很陌生,在这里遇到了一些问题。

我使用 OpenVPN Access Server Web GUI 在 Ubuntu 16.04 PC 上设置了 OpenVPN 服务器,并相应地获得了客户端配置文件client.ovpn。我还启用了“Google Authenticator 多重身份验证”。当我使用配置为客户端时client.ovpn,它在我的手机、我的另一台 PC 上运行良好,但当我尝试在路由器上的 OpenWRT 上启动客户端时,它失败了。

根据https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-linux/,我曾经openvpn --config client.ovpn --auth-user-pass --auth-retry interact启动过一个连接,系统提示我输入用户名和密码,这很合理,但之后系统从未提示我输入验证码。实际上,当我查看响应时,系统确实要求我输入验证码,但我没有地方输入验证码。相反,系统要求我再次输入用户名,因此陷入了循环。见下文:(倒数第四行)

root@OpenWrt:/etc/openvpn# openvpn --config client_gui.ovpn --auth-retry interact
Mon Mar  9 19:01:18 2020 Unrecognized option or missing or extra parameter(s) in client_gui.ovpn:124: static-challenge (2.4.7)
Mon Mar  9 19:01:18 2020 OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Mar  9 19:01:18 2020 library versions: mbed TLS 2.16.3, LZO 2.10
Enter Auth Username:london
Enter Auth Password:
Mon Mar  9 19:01:24 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Mon Mar  9 19:01:24 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Mar  9 19:01:24 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar  9 19:01:24 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar  9 19:01:24 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.8.222:1194
Mon Mar  9 19:01:24 2020 Socket Buffers: R=[163840->163840] S=[163840->163840]
Mon Mar  9 19:01:24 2020 UDP link local: (not bound)
Mon Mar  9 19:01:24 2020 UDP link remote: [AF_INET]192.168.8.222:1194
Mon Mar  9 19:01:24 2020 TLS: Initial packet from [AF_INET]192.168.8.222:1194, sid=fb509f08 f4ae8b1f
Mon Mar  9 19:01:24 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Mar  9 19:01:24 2020 VERIFY OK: depth=1, CN=OpenVPN CA
Mon Mar  9 19:01:24 2020 VERIFY OK: nsCertType=SERVER
Mon Mar  9 19:01:24 2020 VERIFY OK: depth=0, CN=OpenVPN Server
Mon Mar  9 19:01:24 2020 Control Channel: TLSv1.2, cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, 2048 bit key
Mon Mar  9 19:01:24 2020 [OpenVPN Server] Peer Connection Initiated with [AF_INET]192.168.8.222:1194
Mon Mar  9 19:01:25 2020 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Mon Mar  9 19:01:25 2020 AUTH: Received control message: AUTH_FAILED,CRV1:R,E:PG_09HT0rZcjdFd6GnA:bG9uZG9u:Enter Authenticator Code
Mon Mar  9 19:01:25 2020 SIGUSR1[soft,auth-failure] received, process restarting
Mon Mar  9 19:01:25 2020 Restart pause, 5 second(s)
Enter Auth Username:

我该如何解决这个问题?有什么需要修改的吗client.ovpn?谢谢!

相关内容