Bug in OpenVPN user/pass auth

danmac · Dec 12, 2014, 8:54 PM

OK so I just couldn't wait any longer, the release of 2.2 RC just got too tempting. Upgraded from 2.1.5 on i386. Running among other things, OpenVPN.

The upgrade went smooth as butter, a real credit to the hard working team. I did spot "Out of file descriptors" on the console shortly before the post-upgrade reboot, but this seems to have been inconsequential.

However, I noticed what I would call a bug (!) when attempting to connect via OpenVPN after the upgrade. One of the user passwords begins with a space. This confuses 2.2, and refuses to authenticate, whereas 2.1 has always worked fine.

Authentication into the web console is not affected.

Spaces after the first character do not cause any problems. (haven't tried a trailing one, though)

Please let me know if I can give any further details or assistance with testing etc. If not, let me just say "you guys rock!" and leave it at that :)

Cheers,

Dan.

jimp · Dec 15, 2014, 6:09 PM

Are these local users? RADIUS users? LDAP users?

The method for reading the password from OpenVPN hasn't changed from one version to the next, but other things may have changed in the authentication path.

eri-- · Dec 16, 2014, 11:03 PM

A fix was pushed for this.

meteotest · Dec 22, 2014, 9:46 AM

This is still somewhat of an issue as of today's (2.2-RC (amd64) built on Mon Dec 22 01:05:39 CST 2014) version:

If the password ends on a special character ("+" in my case) authentication fails with```
Mon Dec 22 10:24:17 2014 AUTH: Received control message: AUTH_FAILED
Mon Dec 22 10:24:17 2014 SIGUSR1[soft,auth-failure] received, process restarting


The same password is accepted for GUI-logins. This is with local users.

meteotest · Dec 23, 2014, 3:05 PM

Still an issue as of today's (2.2-RC (amd64) built on Tue Dec 23 05:11:07 CST 2014 ) version.

danmac · Jan 2, 2015, 2:30 AM

Sorry :( I thought I was subscribed to email notifications … :/

This is affecting local users for me - I haven't tried with LDAP etc.

I'm having unrelated problems (random hangs) introduced by the 2.2 RC so will be upgrading to latest snapshot in a day or two. Is it worth me testing to see if this problem remains?

meteotest · Jan 13, 2015, 9:37 AM

still an issue as of today's version (2.2-RC (amd64) built on Sun Jan 04 18:53:21 CST 2015).

Submitted to bugtracker. https://redmine.pfsense.org/issues/4177

meteotest · Jan 13, 2015, 9:36 AM

And it's fixed :) thanks a lot.

danmac · Jan 13, 2015, 10:05 AM

Thanks to the devs for nailing this, and to meteotest for the heads up :)