Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Character problem for password & pre-shared keys

    General pfSense Questions
    3
    3
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pingulino
      last edited by

      I have encountered problems using some characters for openvpn password & psk for ipsec.
      Now "cmb" does not have these problems, so the question is why do I?

      Here's my details:

      1. For Openvpn I use the ClientExportUtility, choose "Use a password to protect the pkcs12 file contents." and adds a password containing '+'.
        This does not work from any client (tried from LinuxDebian, WinXP & Win7), password is not accepted ("private-key-password-failure").
        Exchanging the '+' with 'a' and it works fine.

      2. For IPSec, I used '%', ']' '-' - in psk.
        Phase1 did not come up, error "Error: none, message must be encrypted" which I tracked down to a "PAYLOAD-MISMATCH (16)" - this indicates a key error.
        Removing those 3 characters and everything works fine!

      cmb on the other hand reports:
      @cmb:

      I just setup one of my VPNs with every special character on the US keyboard in the key along with a number of letters and numbers and it's working as it should.

      What can be the cause, why does what works for cmb not work for me?
      Can it be a encoding problem? Shouldn't be possible, everything is entered via pfSense:s webgui but anyway here's what I have:
      *I'm running Debian Lenny as my desktop, locale: all set to sv_SE.UTF-8
      *I don't know what locale pfsense is using, don't know how to check that.
      *Windows uses something else, don't really know what.

      Any ideas, folks?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Didn't realize you were referring to the client export, that may have issues with certain characters, haven't tried them all in that.

        On the IPsec you were connecting to some remote device running something else. Some other IPsec devices don't properly handle some characters, or have to be properly escaped, which has to be where that problem came from. Nothing you're entering could have any impact.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          For the client export, + will probably break it as it's handled in JS. It probably needs some extra code to escape or encode the whole thing. I thought it was already doing that, but I may have been thinking of a different field.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.