Re: Open VPN doesnt send push to my mobile

Cedric_Charlet · ‎02-08-2019

Hi,

I configured the openvpn duo pluggin in OpenVPN. But i never receive the notification in my phone
No activities in the duo Authentication Log

I checked

Duo security user is working with SSH (unix_du module)
My key,secret,api gw are right
The openvpn connxion with certificate without duo plugin working
Python version 2.7.13

Openvpn conf added

#Duo Security
plugin /opt/duo/duo_openvpn.so ‘xxxx xxxxxxx ■■■■’
reneg-sec 0

This the openvpn log

Fri Feb 8 13:16:52 2019 Initialization Sequence Completed
Fri Feb 8 13:17:02 2019 xxx.xxx.xxx.xxx:64814 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:64814, sid=5b3acd91 26d692b4
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 VERIFY OK: depth=1, C=CH, ST=VD, L=Vuarrens, O=perso, OU=Perso, CN=perso CA, name=Perso, emailAddress=my@domain.tld
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 VERIFY OK: depth=0, C=CH, ST=VD, L=Vuarrens, O=perso, OU=Perso, CN=myusername, name=Perso, emailAddress=my@domain.tld
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_VER=2.4.0
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_PLAT=win
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_PROTO=2
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_NCP=2
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_LZ4=1
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_LZ4v2=1
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_LZO=1
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_COMP_STUB=1
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_COMP_STUBv2=1
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_TCPNL=1
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 peer info: IV_GUI_VER=OpenVPN_GUI_11
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 PLUGIN_CALL: POST /opt/duo/duo_openvpn.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 TLS: Username/Password authentication deferred for username ‘myusername’
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 1602’, remote=‘link-mtu 1601’
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 WARNING: ‘comp-lzo’ is present in local config but missing in remote config, local=‘comp-lzo’
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Feb 8 13:17:03 2019 xxx.xxx.xxx.xxx:64814 [myusername] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:64814
Fri Feb 8 13:17:05 2019 xxx.xxx.xxx.xxx:64814 PUSH: Received control message: ‘PUSH_REQUEST’
Fri Feb 8 13:17:10 2019 xxx.xxx.xxx.xxx:64814 PUSH: Received control message: ‘PUSH_REQUEST’
Fri Feb 8 13:17:15 2019 xxx.xxx.xxx.xxx:64814 PUSH: Received control message: ‘PUSH_REQUEST’
Fri Feb 8 13:17:20 2019 xxx.xxx.xxx.xxx:64814 PUSH: Received control message: ‘PUSH_REQUEST’

DuoKristina · ‎02-08-2019

It appears that the OpenVPN plugin is initiating the push request (verify that by looking in the Duo Admin Panel authentication logs - do you see failed attempts due to no response to Duo Push?).

You might want to try the steps in our “Troubleshooting Push” articles on your phone.

Android
iOS

Duo, not DUO.

Cedric_Charlet · ‎02-08-2019

I have nothing in the log actvities
The push working for duo_login application (Unix application)

DuoKristina · ‎02-08-2019

If there’s no MFA activity in the logs I suggest you contact Duo support.

Duo, not DUO.

Cedric_Charlet · ‎02-09-2019

I don’t have support, i’m using the free version

Dooley · ‎02-10-2019

Hi Cedric,
Email support is available to all editions – including Duo Free. Phone and Chat support, as well as the support ticket portal that can be accessed via the Duo Admin Panel, are only available for paying customers.

Volodymyr_Nareznoi · ‎07-02-2020

Hi.
is there a solution to this problem? I have the same problem

DuoKristina · ‎07-08-2020

Hi @Volodymyr_Nareznoi,

Do you have the vnareznoy user enrolled as an end-user in Duo, with a phone attached for authentication, and with Duo Mobile installed on the phone and activated for use with Duo Push? If so, did you try the push troubleshooting suggestions posted earlier?

Duo, not DUO.

Volodymyr_Nareznoi · ‎07-09-2020

Hi @DuoKristina. I realized what the problem is.
Disabled the ldap module on the OpenVPN server, which checks authorization, after which a push notification is received on the phone.
Now I have a new question. How to do it with
primary authorization via ldap, so that after checking the push request would be automatically sent to DUO?

DuoKristina · ‎07-09-2020

The Duo OpenVPN integration supports certificate primary auth, as mentioned in the very first bullet here: Two-Factor Authentication for OpenVPN | Duo Security

Duo, not DUO.