MANAGEMENT: CMD 'client-deny 73 1 "OpenVPN Client does not support SSO authentication via webauth"'

[eugenelisevich]

Problem Statement

First of all, thanks a lot for this solution!
Some of users can't connect to the Openvpn using Tunnelblick besides they have the same version (4.0.1 TB and OpenVpn 2.6.9) / configuration as those who can.
there are no anything about unsuccessful connections in journalctl -flu openvpn-auth-oauth2 thus provide openvpn logs.
I understand it's client issue, but I'll be welcome for any ideas

openvpn-auth-oauth2 logs

2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_VER=2.5.5
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_PLAT=win
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_PROTO=6
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_NCP=2
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_LZ4=1
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_LZ4v2=1
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_LZO=1
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_COMP_STUB=1
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_COMP_STUBv2=1
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_TCPNL=1
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_GUI_VER=OpenVPN_GUI_11
2024-12-13 11:07:37 62.16.21.239:56786 peer info: IV_SSO=openurl,crtext
2024-12-13 11:07:37 62.16.21.239:56786 TLS: Username/Password authentication deferred for username 'avlasiuk'
2024-12-13 11:07:37 62.16.21.239:56786 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-12-13 11:07:37 62.16.21.239:56786 TLS: tls_multi_process: initial untrusted session promoted to semi-trusted
2024-12-13 11:07:37 MANAGEMENT: CMD 'client-deny 69 1 "OpenVPN Client does not support SSO authentication via webauth"'
2024-12-13 11:07:37 MULTI: connection rejected: OpenVPN Client does not support SSO authentication via webauth, CLI:[NULL]
2024-12-13 11:07:37 62.16.21.239:56786 Delayed exit in 5 seconds
2024-12-13 11:07:37 62.16.21.239:56786 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
2024-12-13 11:07:37 62.16.21.239:56786 SENT CONTROL [avlasiuk]: 'AUTH_FAILED' (status=1)
2024-12-13 11:07:37 62.16.21.239:56786 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519

Environment

• openvpn-auth-oauth2 Version: 1.22.4
• OpenVPN Server Version: OpenVPN 2.6.12 x86_64-pc-linux-gnu
• Server OS: Ubuntu 22.04
• OpenVPN Client (flavor, OS): Tunnelblick 4.0.1/OpenVpn 2.6.9, MacOS 15.1.1

Preflight Checklist

• I could not find a solution in the documentation,
  the FAQ, the existing issues or discussions.

[jkroepke]

You comments doesn't match the logs:

OpenVPN Client (flavor, OS): Tunnelblick 4.0.1/OpenVpn 2.6.9, MacOS 15.1.1

vs. IV_VER=2.5.5 / IV_PLAT=win / IV_GUI_VER=OpenVPN_GUI_11

In this specific case, a Windows OpenVPN 2.5.5 does have that issue. Which is expected, because 2.6.0 or higher is required.

https://github.com/jkroepke/openvpn-auth-oauth2/wiki/OpenVPN