I have set up a two nodes cluster with static virtual hub. I have also set up some user accounts with client certificates authentications, and some others with password authentications too. However, some accounts do have difficulties in connecting, and always get user authentication failed.
Looking at server log in cluster controller, it seems that this user has successfully authenticated itself with the cluster controller, and is then redirected to the cluster member. It seems that the controller then issues a ticket authentication to the member for the client to authenticate again with the member, only this time, it failed.
Don't tell me to check the user password/certificate because it fails with password authentication too. If user password does not match, I guess the client will just be rejected in the first place by the cluster controller.
Anyway to debug this? Thank you in advance.
Here's the log:
Code: Select all
2023-03-16 21:13:37.330 On the TCP Listener (Port 1118), a Client (IP address x.x.x.x, Host name "redacted", Port number 54994) has connected.
2023-03-16 21:13:37.330 For the client (IP address: x.x.x.x, host name: "redacted", port number: 54994), connection "CID-463" has been created.
2023-03-16 21:13:37.542 SSL communication for connection "CID-463" has been started. The encryption algorithm name is "TLS_AES_256_GCM_SHA384".
2023-03-16 21:13:37.935 [HUB "Infra"] The connection "CID-463" (IP address: x.x.x.x, Host name: redacted, Port number: 54994, Client name: "SoftEther VPN Client Developer Edition", Version: 5.01, Build: 9674) is attempting to connect to the Virtual Hub. The auth type provided is "Certificate authentication" and the user name is "devx".
2023-03-16 21:13:37.935 [HUB "Infra"] The Virtual Hub's Security Account Manager has received the following certificate from the VPN Client and accepted its contents as the certificate for when user "devx" logs in: CN=devx, O=Local, S=Local, C=ID, SERIAL="2D5943FB9ECB3687" (Digest: MD5="C908B0E5F8BB6B31D7E4A02B7EAE79F4", SHA1="5757728854749DF46F253EA742BAF0BBECFFB5B9")
2023-03-16 21:13:37.935 [HUB "Infra"] Connection "CID-463": Successfully authenticated as user "devx".
2023-03-16 21:13:37.935 [HUB "Infra"] Connection "CID-463": The cluster controller is deciding the destination cluster member of this client.
2023-03-16 21:13:37.935 Connection "CID-463": The server "artemis" has been decided as a destination cluster member server. Instructing clients to redirect connection to this server.
2023-03-16 21:13:37.935 A new client authentication ticket has been issued for cluster member "artemis". Virtual Hub "Infra", User name "devx" ("devx"), Session name "SID-DEVX-64", Ticket "247DD9DA362BB64CBB11F03E09C06EB85207BB1C"
2023-03-16 21:13:38.136 Connection "CID-463" terminated by the cause "No error." (code 0).
2023-03-16 21:13:38.136 Connection "CID-463" has been terminated.
2023-03-16 21:13:38.136 The connection with the client (IP address x.x.x.x, Port number 54994) has been disconnected.
2023-03-16 21:13:38.257 On the TCP Listener (Port 1118), a Client (IP address x.x.x.x, Host name "redacted", Port number 55008) has connected.
2023-03-16 21:13:38.257 For the client (IP address: x.x.x.x, host name: "redacted", port number: 55008), connection "CID-464" has been created.
2023-03-16 21:13:38.478 SSL communication for connection "CID-464" has been started. The encryption algorithm name is "TLS_AES_256_GCM_SHA384".
2023-03-16 21:13:38.841 [HUB "Infra"] The connection "CID-464" (IP address: x.x.x.x, Host name: redacted, Port number: 55008, Client name: "SoftEther VPN Client Developer Edition", Version: 5.01, Build: 9674) is attempting to connect to the Virtual Hub. The auth type provided is "Ticket authentication" and the user name is "devx".
2023-03-16 21:13:38.841 [HUB "Infra"] Connection "CID-464": User authentication failed. The user name that has been provided was "devx", from x.x.x.x.
2023-03-16 21:13:39.022 Connection "CID-464" terminated by the cause "User authentication failed." (code 9).
2023-03-16 21:13:39.022 Connection "CID-464" has been terminated.