Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2888
Views
1
Helpful
4
Replies

Latest OpenVPN Update (v2.4.1-2) Breaks duo_openvpn.so

Go to solution
Chris_Huey
Level 1
Level 1

‎04-10-2017 12:11 PM

I recently patched my Fedora 25 system and the patch upgraded OpenVPN to openvpn-2.4.1-2.fc25.x86_64. This patch caused the following error message to be displayed when starting up openvpn:

   Options error: Unrecognized option or missing or extra parameter(s) in openvpn.conf:79: plugin (2.4.1)

Line 79 in my openvpn.conf file is:

   plugin /opt/duo/duo_openvpn.so <auth data>

The duo_openvpn.so configuration worked perfectly before I upgraded openvpn. I tried rebuilding and reinstalling the duosecurity openvpn plugin using the steps in Two-Factor Authentication for OpenVPN | Duo Security, but this did not resolve the problem. Is there a known solution for this problem, or is a patch needed for the duosecurity openvpn plugin?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dooley
Level 3
Level 3
In response to Chris_Huey

‎05-04-2017 06:01 AM

Just to close the loop on this, after further investigation by our Engineering Team, we’ve updated our documentation at https://duo.com/docs/openvpn#configure-the-server to show that OpenVPN version 2.4 and later requires the format:

plugin /opt/duo/duo_openvpn.so 'IKEY SKEY HOST'

Versions 2.3 and earlier do not need the single quotes. Further discussion on GitHub here: https://github.com/duosecurity/duo_openvpn/issues/19. Thanks again for reporting this!

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Dooley
Level 3
Level 3

‎04-14-2017 07:52 AM

Hi Chris,

I checked with our Support Team and this error is most often caused by incorrect IKEY, SKEY, and/or API hostname values on that line per the documentation here: https://duo.com/docs/openvpn#configure-the-server. If you’ve created a new application the Duo Admin Panel, those values would be new, so please confirm they exactly match the values specified in the application’s details in the admin panel.

If you have verified and re-entered those values and are still unable to resolve the error, please contact our Support Team so they can troubleshoot with you further. Thanks!

0 Helpful

Go to solution
Chris_Huey
Level 1
Level 1
In response to Dooley

‎04-14-2017 08:55 AM

Thanks Dooley. The only thing I did was update openvpn which caused the
duo security plugin for openvpn fail when starting the openvpn daemon. The
IKEY, SKEY, and API hostname match the values in my Duo Admin Panel. I
will plan to contact the Support Team.

My last option is to just revert back to the previous openvpn version. I
am pretty sure this will work.

Thanks,

Chris

0 Helpful

Go to solution
Dooley
Level 3
Level 3
In response to Chris_Huey

‎05-04-2017 06:01 AM

Just to close the loop on this, after further investigation by our Engineering Team, we’ve updated our documentation at https://duo.com/docs/openvpn#configure-the-server to show that OpenVPN version 2.4 and later requires the format:

plugin /opt/duo/duo_openvpn.so 'IKEY SKEY HOST'

Versions 2.3 and earlier do not need the single quotes. Further discussion on GitHub here: https://github.com/duosecurity/duo_openvpn/issues/19. Thanks again for reporting this!

0 Helpful

Go to solution
Chris_Huey
Level 1
Level 1
In response to Dooley

‎05-04-2017 06:54 AM

Thanks… that worked! I gave up on using DuoSecurity so I am glad I can
go back to using it again.

Regards,

Chris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents