Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Authentication Problem

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 673 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awsiemieniec
      last edited by

      pfSense 2.2.2 (amd64) and 2.2.1 (amd64)
      OpenVPN GUI v.5

      When authenticating with a password that contains special characters, specifically "<" and ">", OpenVPN client will fail authentication.

      Logs on the pfSense server side:

      Apr 21 13:56:02	openvpn[10572]: XXX.XXX.XXX.XXX:63764 [***CENSORED***] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:63764
      Apr 21 13:56:02	openvpn[10572]: XXX.XXX.XXX.XXX:63764 TLS Auth Error: Auth Username/Password verification failed for peer
      Apr 21 13:56:02	openvpn: user '***CENSORED***' could not authenticate.
      

      The password being used contains the less than (<) and the greater than (>) symbols.  If I log in to the pfSense box and navigate to Diagnostic>Authentication and test the username/password combination it authenticates correctly.  But still fails on the client side when using OpenVPN GUI v.5.  Once the password is changed to something without those special characters the account authenticates correctly.

      This seems to be occurring on 2.2.2 and 2.2.1.  I'm not sure when this issue started.  I guess a rule of thumb is to not use special characters - or at least do not use <> .

      AWS

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        There were other unusual characters in passwords that were fixed up over the last few months. Personally I never put thse odd characters in passwords because I know there will be apps that don't work with them, and I will be on someones computer with a European keyboard variant and I will struggle to find the character anyway ;)
        Make sure you are on the latest pfSense and latest OpenVPN client, then it is probably worth reporting in redmine.pfsene.org to see if something can be done to fix it. < and > are not that weird.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.