Bug in OpenVPN user/pass auth



  • OK so I just couldn't wait any longer, the release of 2.2 RC just got too tempting. Upgraded from 2.1.5 on i386. Running among other things, OpenVPN.

    The upgrade went smooth as butter, a real credit to the hard working team. I did spot "Out of file descriptors" on the console shortly before the post-upgrade reboot, but this seems to have been inconsequential.

    However, I noticed what I would call a bug (!) when attempting to connect via OpenVPN after the upgrade. One of the user passwords begins with a space. This confuses 2.2, and refuses to authenticate, whereas 2.1 has always worked fine.

    Authentication into the web console is not affected.

    Spaces after the first character do not cause any problems. (haven't tried a trailing one, though)

    Please let me know if I can give any further details or assistance with testing etc. If not, let me just say "you guys rock!" and leave it at that :)

    Cheers,

    Dan.


  • Rebel Alliance Developer Netgate

    Are these local users? RADIUS users? LDAP users?

    The method for reading the password from OpenVPN hasn't changed from one version to the next, but other things may have changed in the authentication path.



  • A fix was pushed for this.



  • This is still somewhat of an issue as of today's (2.2-RC (amd64) built on Mon Dec 22 01:05:39 CST 2014) version:

    If the password ends on a special character ("+" in my case) authentication fails with```
    Mon Dec 22 10:24:17 2014 AUTH: Received control message: AUTH_FAILED
    Mon Dec 22 10:24:17 2014 SIGUSR1[soft,auth-failure] received, process restarting

    
    The same password is accepted for GUI-logins. This is with local users.


  • Still an issue as of  today's (2.2-RC (amd64) built on Tue Dec 23 05:11:07 CST 2014 ) version.



  • Sorry :( I thought I was subscribed to email notifications … :/

    This is affecting local users for me - I haven't tried with LDAP etc.

    I'm having unrelated problems (random hangs) introduced by the 2.2 RC so will be upgrading to latest snapshot in a day or two. Is it worth me testing to see if this problem remains?



  • still an issue as of today's version (2.2-RC (amd64) built on Sun Jan 04 18:53:21 CST 2015).

    Submitted to bugtracker. https://redmine.pfsense.org/issues/4177



  • And it's fixed :) thanks a lot.



  • Thanks to the devs for nailing this, and to meteotest for the heads up :)


Log in to reply