Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    25.03.b.20250306.0140 - if_pppoe kernel module chap failure

    Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots (Retired)
    21 Posts 7 Posters 1.6k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Online
      kprovost @femtosize
      last edited by

      @femtosize Ah, thanks for figuring that out.

      I'll add a Redmine for this, and a reminder to check for escaping things like " and ' and .

      1 Reply Last reply Reply Quote 1
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        For reference: https://redmine.pfsense.org/issues/16128

        1 Reply Last reply Reply Quote 0
        • C Offline
          chevybeef
          last edited by chevybeef

          I'm getting the same error.

          My password begins with an exclamation mark.

          This is on the release version of pfsense 2.8 CE

          F 1 Reply Last reply Reply Quote 1
          • F Offline
            femtosize @chevybeef
            last edited by

            The proper fix would be to base64 encode the password before passing it to the command line and so avoid all the escaping issues.
            The command would then do the decode before passing it to the kernel module.
            In theory PPP passwords could contain all sorts of mad characters as all bytes are valid. Passing them directly as a command line argument will always be dangerous.
            Having the connection not work is probably the least worst thing that could happen.

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              You should probably comment on the bug report for better visibility.

              1 Reply Last reply Reply Quote 1
              • A Offline
                azalea
                last edited by azalea

                If "if_pppoe" is enabled, PPPoE connection fails with a username containing the "$" symbol. (2.8.0-RELEASE)

                The following log is output repeatedly.
                if_pppoe: pppoe0: chap failure

                1 Reply Last reply Reply Quote 2
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  Have you opened a bug for that?

                  F 1 Reply Last reply Reply Quote 0
                  • F Offline
                    femtosize @stephenw10
                    last edited by

                    @stephenw10 This is just another example of what I tried to explain in

                    https://redmine.pfsense.org/issues/16128

                    Passing passwords as command line arguments is always going to result in failures like this.
                    It needs to be addressed as a security issue.

                    I've not tried it but I bet a password with

                    ;rm -rf /;

                    in it would be pretty destructive.

                    RobbieTTR 1 Reply Last reply Reply Quote 3
                    • RobbieTTR Offline
                      RobbieTT @femtosize
                      last edited by

                      @femtosize said in 25.03.b.20250306.0140 - if_pppoe kernel module chap failure:

                      It needs to be addressed as a security issue.
                      ;rm -rf /;

                      ... in it would be pretty destructive.

                      Stuff of nightmares 👻

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        Yes this needs to be addressed. But I would argue that if you can set the pppoe password you already have a high level access and could break things far more easily.

                        1 Reply Last reply Reply Quote 2
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.