|Anonymous | Login||2017-12-12 18:53 CET|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000411||Endian Firewall||Input Validation||public||2008-01-03 23:44||2010-09-21 21:08|
|Target Version||future||Fixed in Version|
|Summary||0000411: OpenVPN fails authentication with password containing "$$"|
|Description||Not sure if this is in the OpenVPN client, the OpenVPN server, or the web interface of Endian Firewall.|
I have an Endian Firewall Community release 2.1.2 set up as an OpenVPN server. Using the web interface of the firewall, I create a user "test" with password "test$". I am able to succesfully connect remotely via OpenVPN GUI 1.0.3.
If I change the password to "test$$", I get an AUTH_FAILED message when trying to connect via OpenVPN GUI 1.0.3.
I think the two dollar signs ($$) might be some sort of special character, or perhaps they are getting escaped. There might be other special characters that do not work, but I haven't experimented.
The workaround is not to use "$$" in the password.
|Additional Information||Here is the OpenVPN log from my client:|
Thu Jan 03 13:52:20 2008 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Thu Jan 03 13:52:20 2008 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Thu Jan 03 13:52:20 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 03 13:52:20 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 03 13:52:20 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 03 13:52:20 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 03 13:52:20 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jan 03 13:52:20 2008 [127.0.0.1] Peer Connection Initiated with 220.127.116.11:1194
Thu Jan 03 13:52:21 2008 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Thu Jan 03 13:52:21 2008 AUTH: Received AUTH_FAILED control message
Thu Jan 03 13:52:21 2008 TCP/UDP: Closing socket
Thu Jan 03 13:52:21 2008 SIGTERM[soft,auth-failure] received, process exiting
Thu Jan 03 13:52:21 2008 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov 2 2005
|Tags||No tags attached.|
yes, $ identifies a variable name in perl, so the GUI writes down the password wrongly. there are more special characters which will not work, like @, %
I think there is also another issue with openvpn itself with special characters.
In 2.2 we disallow these characters. It's a temporary solution..
|2008-01-03 23:44||aarond725||New Issue|
|2008-01-03 23:44||aarond725||Status||new => assigned|
|2008-01-03 23:44||aarond725||Assigned To||=> peter-endian|
|2008-01-08 13:13||peter-endian||Note Added: 0000736|
|2009-11-25 18:47||peter-endian||Target Version||=> future|
|2010-02-04 10:58||peter-endian||Relationship added||related to 0002653|
|2010-09-21 20:13||peter-endian||Assigned To||peter-endian =>|
|2010-09-21 20:13||peter-endian||Status||assigned => acknowledged|
|2010-09-21 21:08||peter-endian||Category||Network related (VPN, uplinks) => Input Validation|
|Copyright © 2000 - 2012 MantisBT Group|