SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000411: OpenVPN fails authentication with password containing "$$" - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000411Endian FirewallInput Validationpublic2008-01-03 22:442010-09-21 19:08
Reporteraarond725 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version2.1.2 
Target VersionfutureFixed in Version 
Summary0000411: OpenVPN fails authentication with password containing "$$"
DescriptionNot sure if this is in the OpenVPN client, the OpenVPN server, or the web interface of Endian Firewall.

I have an Endian Firewall Community release 2.1.2 set up as an OpenVPN server. Using the web interface of the firewall, I create a user "test" with password "test$". I am able to succesfully connect remotely via OpenVPN GUI 1.0.3.

If I change the password to "test$$", I get an AUTH_FAILED message when trying to connect via OpenVPN GUI 1.0.3.
  
I think the two dollar signs ($$) might be some sort of special character, or perhaps they are getting escaped. There might be other special characters that do not work, but I haven't experimented.

The workaround is not to use "$$" in the password.
Additional InformationHere is the OpenVPN log from my client:

Thu Jan 03 13:52:20 2008 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Thu Jan 03 13:52:20 2008 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Thu Jan 03 13:52:20 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 03 13:52:20 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 03 13:52:20 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 03 13:52:20 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 03 13:52:20 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jan 03 13:52:20 2008 [127.0.0.1] Peer Connection Initiated with 123.123.123.123:1194
Thu Jan 03 13:52:21 2008 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Thu Jan 03 13:52:21 2008 AUTH: Received AUTH_FAILED control message
Thu Jan 03 13:52:21 2008 TCP/UDP: Closing socket
Thu Jan 03 13:52:21 2008 SIGTERM[soft,auth-failure] received, process exiting
Thu Jan 03 13:52:21 2008 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov 2 2005
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0000736)
peter-endian (administrator)
2008-01-08 12:13

yes, $ identifies a variable name in perl, so the GUI writes down the password wrongly. there are more special characters which will not work, like @, %
I think there is also another issue with openvpn itself with special characters.

In 2.2 we disallow these characters. It's a temporary solution..

- Issue History
Date Modified Username Field Change
2008-01-03 22:44 aarond725 New Issue
2008-01-03 22:44 aarond725 Status new => assigned
2008-01-03 22:44 aarond725 Assigned To => peter-endian
2008-01-08 12:13 peter-endian Note Added: 0000736
2009-11-25 17:47 peter-endian Target Version => future
2010-02-04 09:58 peter-endian Relationship added related to 0002653
2010-09-21 18:13 peter-endian Assigned To peter-endian =>
2010-09-21 18:13 peter-endian Status assigned => acknowledged
2010-09-21 19:08 peter-endian Category Network related (VPN, uplinks) => Input Validation

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker