Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Long password causes AUTH_FAILED

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      compukidmike
      last edited by

      I've run into an issue with password length for OpenVPN server using RADIUS for authentication. Using a password longer than 90 characters causes the AUTH_FAILED error.

      I'm running pfsense 2.4.4-RELEASE-p3 on an XG-7100.

      Things I've tried to narrow down the location of the problem:

      • Happens with Windows(v11.13.0.0) and Android(3.0.7.3565) clients on multiple devices.
      • Made a local user on pfsense with the same length password and changed OpenVPN to use Local Database. Same error.
      • Used the Authentication Test to verify that the long password works for both RADIUS and the Local Database. No problem there.
      • Used wireshark on the RADIUS server and Packet Capture on pfsense to check on RADIUS packets (When RADIUS is selected as the auth server for OpenVPN). When this error happens, pfsense does NOT contact the RADIUS server (0 packets).

      This all leads me to believe that the problem is in the OpenVPN server (possibly in the OpenVPN client, but it would have to be broken on 2 different OS versions).

      Normally I wouldn't use passwords that long, but we're using AuthLite for 2FA with Yubikeys. This appends a 64 character OTP onto the normal password, so anything longer than a 26 character password breaks OpenVPN auth.

      I started digging through the source code that I could find and it seems that the max password length should be 128 characters.

      Any thoughts as to what might be causing this issue?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Sounds similar to https://redmine.pfsense.org/issues/8380

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          compukidmike
          last edited by

          That does sound similar. However, that bug report is 18 months old and hasn't had any replies or movement at all.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.