• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Allow special characters on pptp password

Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
12 Posts 3 Posters 5.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    ggzengel
    last edited by Jul 17, 2011, 2:24 PM

    I replaced a router with a pfsense and have to use the old passwords with special characters.

    If i put special charcters directly to the config it's working.
    So, why isn't it possible on webconfig?

    Next time I want to replace some more routers with pfsense and it's annoying to patch config file.

    1 Reply Last reply Reply Quote 0
    • R
      rtrinkle
      last edited by Jul 25, 2011, 2:13 PM

      Also interested in this question. Are you on pfSense 2.0?

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Jul 26, 2011, 7:27 PM

        It depends on what you mean by "special" characters. Printable (read: on keyboard) symbols are probably safe, so long as you don't lead with a ! (mpd will do fun things with that). Whereas international characters are really not allowed there, and would likely break things.

        The input validation may be a tad too strict there.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • G
          ggzengel
          last edited by Jul 26, 2011, 7:54 PM

          My password generator gives me passwords for ascii code 32 to 126:
          !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~

          With ipsec it works. I think you have to use the same code like ipsec.

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Jul 26, 2011, 8:15 PM

            ipsec is handled by racoon, pptp is handled by mpd. Just because one works does not mean the other can/will/does.

            I don't have the mpd docs handy (or the time to go hunting them down) but if someone can turn up a list of valid password characters for mpd, I can fix the validation.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • G
              ggzengel
              last edited by Jul 26, 2011, 8:59 PM

              http://mpd.sourceforge.net/doc5/mpd14.html

              There is no restriction. They allow also carrige return (\r) and new line (\n) in a password.
              That means you have to replace:
              " to "
              \ to \

              It's not allowed a "!" as first character.

              1 Reply Last reply Reply Quote 0
              • J
                jimp Rebel Alliance Developer Netgate
                last edited by Jul 26, 2011, 9:01 PM

                ok, I'll try to remember to fix that sometime this week. You might want to open up a ticket on redmine with a link back to this thread. Call it "Relax input validation for PPTP Passwords" or something similar. That way it doesn't get lost.

                In addition to the link to the thread, link to the mpd docs as you did here, just for good measure. Someone else may get to it before me if they have all the needed information.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • J
                  jimp Rebel Alliance Developer Netgate
                  last edited by Jul 27, 2011, 4:56 PM

                  Should be OK now
                  https://github.com/bsdperimeter/pfsense/commit/2c466077934c3812aed9d15b77ab515e4b3e116d

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • G
                    ggzengel
                    last edited by Jul 28, 2011, 10:17 AM

                    Thank you.

                    A little piece is missing:
                    In webconfig password

                    \r"
                    

                    will be

                    test "\r\""
                    

                    in mpd.secret but it should be

                    test "\\r\""
                    

                    Please change (in this order):

                           foreach ($pptpdcfg['user'] as $user) { 
                    +          $pass = str_replace('\', '\\', $user['password']); 
                    +          $pass = str_replace('"', '\"', $pass); 
                    -           $pass = str_replace('"', '\"', $user['password']);
                              $mpdsecret .= "{$user['name']} \"{$pass}\" {$user['ip']}\n"; 
                            }
                    
                    1 Reply Last reply Reply Quote 0
                    • J
                      jimp Rebel Alliance Developer Netgate
                      last edited by Jul 28, 2011, 12:13 PM

                      There is no way you can put a newline/carriage return into the GUI password field. It also wouldn't pass the character test I put in. I do need to escape \ though I see.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • G
                        ggzengel
                        last edited by Jul 28, 2011, 12:59 PM

                        The other way around is the right way.
                        If you use \r as password the mpd would expect an carrige return as password.
                        If you use aa\ as password there will be "aa" in your mpd.secret and it's missing a closing ".

                        1 Reply Last reply Reply Quote 0
                        • J
                          jimp Rebel Alliance Developer Netgate
                          last edited by Jul 28, 2011, 1:02 PM

                          Should be fixed by escaping , as I did here:
                          https://github.com/bsdperimeter/pfsense/commit/4222087e90badb854274109fc32de422c5c25221

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received