Yubico U2F with Ubuntu

Got a problem with Viscosity or need help? Ask here!

xuchenhui

Posts: 1
Joined: Sat Apr 27, 2019 10:04 pm

Post by xuchenhui » Sat Apr 27, 2019 10:27 pm
I've followed this guild https://www.sparklabs.com/support/kb/ar ... viscosity/

I've followed this guild for the Yubico key https://www.sparklabs.com/support/kb/ar ... viscosity/

I can connect to my server when I finished the openvpn server with Ubunut and Viscosity but after I have finished the yubico guild i encountered this problem.

The problem I am facing is after connecting, It would ask me for a username and password. I type in the a username and password and the yubikey U2F Authentication window pops up. after plugging the usb in and clicking the button. It tries to connect. It stays on "connecting" status. If i disconnect and reconnect with the same username and password, it gives me an authentication error, saying my username or password is wrong.

viscosity client logs

4月 27 20:05:27: State changed to Authenticating
4月 27 20:05:27: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
4月 27 20:05:27: [server] Peer Connection Initiated with [AF_INET] 122.*.*.*:10016
4月 27 20:05:28: State changed to 正在接连
4月 27 20:05:28: AUTH: Received control message: AUTH_FAILED,CRV1:U2F,R:reg:eHVjaGVuaHVp:eyJjaGFsbGVuZ2UiOiAibzg0M01PcG54c1QzNUxaYjhKYXZCTHZqaXhucURpXy1OTjhEbHZsbTlmYyIsICJ2ZXJzaW9uIjogIlUyRl9WMiIsICJhcHBJZCI6ICJvcGVudnBuOi8vb3BzLnUyZi5rbGljZW4uY29tIn0=
4月 27 20:05:53: SIGUSR1[soft,auth-failure] received, process restarting
4月 27 20:05:53: State changed to 正在接连
4月 27 20:05:53: Checking remote host "*.*.com" is reachable...
4月 27 20:05:55: Server reachable. Connecting to 122.*.*.*.
4月 27 20:05:55: TCP/UDP: Preserving recently used remote address: [AF_INET]122.*.*.*:10016
4月 27 20:05:55: UDP link local: (not bound)
4月 27 20:05:55: UDP link remote: [AF_INET]122.*.*.*:10016
4月 27 20:05:55: State changed to Authenticating
4月 27 20:05:55: [server] Peer Connection Initiated with [AF_INET]122.*.*.*:10016
4月 27 20:05:57: State changed to 正在接连
4月 27 20:05:57: AUTH: Received control message: AUTH_FAILED
4月 27 20:05:59: SIGUSR1[soft,auth-failure] received, process restarting
--------------------------------------------------------------------------------------------------------------------------------------------------
openvpn_u2f_auth.py

U2F Registration required for testname
4sIAAAAAAAEAFVUy46rOBD9lVavJxKQpDvMzgZDTDAJb8gG8YrDMwQCJozm34fbM3cxi5JcVUdHp8o69dfHZ5/TYnj18at4tHL8ij///PiEpjXMQkdv
Failed to authUser
No JSON object could be decoded

token = zlib.decompress(token, 47) is failed

Traceback (most recent call last):
File "<pyshell#5>", line 1, in <module>
c = zlib.decompress(b, 47)
zlib.error: Error -5 while decompressing data: incomplete or truncated stream

--------------------------------------------------------------------------------------------------------------------------------------------------

syslog

Apr 27 19:19:59 b-11-02 u2fval[5708]: 127.0.0.1 - - [27/Apr/2019 19:19:59] "GET /openvpn/testname/ HTTP/1.1" 200 3
Apr 27 19:19:59 b-11-02 u2fval[5708]: 127.0.0.1 - - [27/Apr/2019 19:19:59] "GET /openvpn/testname/register HTTP/1.1" 200 2

--------------------------------------------------------------------------------------------------------------------------------------------------

Sat Apr 27 20:05:56 2019 223.87.242.5:28156 VERIFY OK: depth=1, C=*, ST=*, L=*, O=*, OU=*, CN=* , name=*, emailAddress=*
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 VERIFY OK: depth=0, C=*, ST=*, L=*, O=*, OU=*, CN=*, name=*, emailAddress=*
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_VER=2.4.6
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_PLAT=win
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_PROTO=2
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_NCP=2
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_LZ4=1
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_LZ4v2=1
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_LZO=1
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_COMP_STUB=1
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_COMP_STUBv2=1
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_TCPNL=1
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 peer info: IV_GUI_VER=Viscosity_1.7.14_1595
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 TLS: Username/Password authentication deferred for username 'testname'
Sat Apr 27 20:05:56 2019 MANAGEMENT: CMD 'client-deny 85 0 "Failed authUser"'
Sat Apr 27 20:05:56 2019 MULTI: connection rejected: Failed authUser, CLI:[NULL]
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Apr 27 20:05:56 2019 223.87.242.5:28156 [testname] Peer Connection Initiated with [AF_INET]223.87.242.5:28156
Sat Apr 27 20:05:58 2019 223.87.242.5:28156 PUSH: Received control message: 'PUSH_REQUEST'
Sat Apr 27 20:05:58 2019 223.87.242.5:28156 Delayed exit in 5 seconds
Sat Apr 27 20:05:58 2019 223.87.242.5:28156 SENT CONTROL [testname]: 'AUTH_FAILED' (status=1)
Sat Apr 27 20:06:03 2019 223.87.242.5:28156 SIGTERM[soft,delayed-exit] received, client-instance exiting

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Apr 29, 2019 8:55 am
Hi xuchenhui,

There is a bug in Viscosity 1.7.14 effecting the registration step of U2F. Updating to the current beta will resolve this issue - https://sparklabs.com/support/kb/article/using-viscosity-beta-versions/

Our apologies for the inconvenience here. Once the registration step is done for your key, 1.7.14 should work for authentication each time you connect there after.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1