OpenVPN - malformed log - certificate subject
-
Hi,
I use OpenVPN service in pfSense for client remote access SSL VPN with TLS authentication.
Server side authetication is done via
/usr/local/sbin/ovpn_auth_verify script
. User certificate certificates are stored on smart cards and issued by Czech accredited CA.I'm facing a problem with
/var/log/openvpn.log
character malformation - some latin characters taken from user certificate subject are not logged correctly - e.g. my last character of my last name (Unicode Code Point U+159 - LATIN SMALL LETTER R WITH CARON).I added command
env > /tmp/env
into/usr/loca/sbin/ovpn_auth_verify
script to check if malformation is already present in environment variables that are passed to this script, but here everything seems correctly.This behavior is present in pfSense v 2.4.5, 2.5.1, 2.6.0. No locale modification was made on OS level.
Can anyone help me?
Thank you
Milan[2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: cat /tmp/env | grep -A1 -B1 Milan tun_mtu=1500 X509_0_CN=Milan Bednář proto_1=udp4 tls_id_0=CN=Milan Bednář, GN=Milan, SN=Bednář, C=CZ, O=IBM, OU=Projekt CDBP - test, serialNumber=ICA - 80954 tls_id_1=C=CZ, CN=I.CA Test Public CA/RSA 11/2015, O=První certifikační autorita, a.s., serialNumber=NTRCZ-26439395 -- X509_1_CN=I.CA Test Public CA/RSA 11/2015 X509_0_GN=Milan script_context=init [2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root:
[2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: hexdump -C /tmp/env | grep -A1 -B1 Milan 000000a0 6d 74 75 3d 31 35 30 30 0a 58 35 30 39 5f 30 5f |mtu=1500.X509_0_| 000000b0 43 4e 3d 4d 69 6c 61 6e 20 42 65 64 6e c3 a1 c5 |CN=Milan Bedn...| 000000c0 99 0a 70 72 6f 74 6f 5f 31 3d 75 64 70 34 0a 74 |..proto_1=udp4.t| 000000d0 6c 73 5f 69 64 5f 30 3d 43 4e 3d 4d 69 6c 61 6e |ls_id_0=CN=Milan| 000000e0 20 42 65 64 6e c3 a1 c5 99 2c 20 47 4e 3d 4d 69 | Bedn...., GN=Mi| [2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root:
[2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: cat /var/log/openvpn.log | grep -A1 -B1 Milan Apr 28 15:00:46 pfSense openvpn[2297]: 192.168.122.174:58699 [Milan Bedná�M-^Y] Peer Connection Initiated with [AF_INET]192.168.122.174:58699 Apr 28 15:00:46 pfSense openvpn[2297]: Milan Bedná�M-^Y/192.168.122.174:58699 MULTI_sva: pool returned IPv4=10.0.10.2, IPv6=(Not enabled)
[2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: hexdump -C /var/log/openvpn.log | grep Milan 00000ca0 66 53 65 6e 73 65 20 6f 70 65 6e 76 70 6e 5b 32 |fSense openvpn[2| 00000cb0 32 39 37 5d 3a 20 4d 69 6c 61 6e 20 42 65 64 6e |297]: Milan Bedn| 00000cc0 c3 a1 c5 4d 2d 5e 59 2f 31 39 32 2e 31 36 38 2e |...M-^Y/192.168.|
When i open
/var/log/openvpn.log
withless
I can see this:Apr 28 15:02:01 pfSense openvpn[93790]: 192.168.122.174:53691 [Milan Bedn<C3><A1><C5>M-^Y] Peer Connection Initiated with [AF_INET]192.168.122.174:53691 Apr 28 15:02:01 pfSense openvpn[93790]: Milan Bedn<C3><A1><C5>M-^Y/192.168.122.174:53691 MULTI_sva: pool returned IPv4=10.0.10.2, IPv6=(Not enabled)
Also in pfSense GUI OpenVPN log message column is empty for malformed messages.