Long password causes AUTH_FAILED

compukidmike

I've run into an issue with password length for OpenVPN server using RADIUS for authentication. Using a password longer than 90 characters causes the AUTH_FAILED error.

I'm running pfsense 2.4.4-RELEASE-p3 on an XG-7100.

Things I've tried to narrow down the location of the problem:

• Happens with Windows(v11.13.0.0) and Android(3.0.7.3565) clients on multiple devices.
• Made a local user on pfsense with the same length password and changed OpenVPN to use Local Database. Same error.
• Used the Authentication Test to verify that the long password works for both RADIUS and the Local Database. No problem there.
• Used wireshark on the RADIUS server and Packet Capture on pfsense to check on RADIUS packets (When RADIUS is selected as the auth server for OpenVPN). When this error happens, pfsense does NOT contact the RADIUS server (0 packets).

This all leads me to believe that the problem is in the OpenVPN server (possibly in the OpenVPN client, but it would have to be broken on 2 different OS versions).

Normally I wouldn't use passwords that long, but we're using AuthLite for 2FA with Yubikeys. This appends a 64 character OTP onto the normal password, so anything longer than a 26 character password breaks OpenVPN auth.

I started digging through the source code that I could find and it seems that the max password length should be 128 characters.

Any thoughts as to what might be causing this issue?

jimp

Sounds similar to https://redmine.pfsense.org/issues/8380

compukidmike

That does sound similar. However, that bug report is 18 months old and hasn't had any replies or movement at all.