Good day everyone. I'm facing a weird problem with my vpn. It fails to authenticate users despite the entered password is correct (copied and pasted). OpenVPN (version 2.5.0 on ArchLinux) itself is serviced with systemd and runs fine. I'm using OpenVPN's auth-pam plugin to authenticate users. You find the configuration- and logfiles below. When trying to log in, I get "User authentication failed" at my client and the following logging. The user was created with useradd and is able to login with ssh as well. There is no pam config for openvpn in /etc/pam.d. But it worked before without it. Does anyone have an idea on how to fix this or how to debug pam properly? journalctl -r|grep username =========================== Dec 26 13:42:41 hostname kernel: audit: type=1100 audit(1608986561.263:1183): pid=678 uid=973 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="username" exe="/usr/bin/openvpn" hostname=? addr=? terminal=? res=failed' Dec 26 13:42:41 hostname audit[678]: USER_AUTH pid=678 uid=973 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="username" exe="/usr/bin/openvpn" hostname=? addr=? terminal=? res=failed' Dec 26 13:42:41 hostname openvpn[678]: pam_unix(login:auth): authentication failure; logname= uid=973 euid=973 tty= ruser= rhost= user=username Dec 26 13:42:41 hostname unix_chkpwd[4160]: password check failed for user (username) /var/log/openvpn.log ==================== ip-addr [username] Peer Connection Initiated with [AF_INET6]ip-addr:52991 ip-addr PUSH: Received control message: 'PUSH_REQUEST' ip-addr Delayed exit in 5 seconds ip-addr SENT CONTROL [username]: 'AUTH_FAILED' (status=1) ip-addr SIGTERM[soft,delayed-exit] received, client-instance exiting server.conf =========== plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login port 1194 persist-key persist-tun proto udp proto udp6 dev tun ca /etc/openvpn/easy-rsa/pki/ca.crt cert /etc/openvpn/easy-rsa/pki/issued/manmtr.crt key /etc/openvpn/easy-rsa/pki/private/manmtr.key dh /etc/openvpn/easy-rsa/pki/dh.pem data-ciphers AES-256-GCM ;cipher AES-256-CBC auth SHA512 reneg-sec 36000 inactive 0 server 192.168.200.0 255.255.255.0 push "route 192.168.100.0 255.255.255.0" keepalive 10 36000 status openvpn-status.log log /var/log/openvpn.log verb 4 -- Jordan Borgner