Authentication Problem
-
pfSense 2.2.2 (amd64) and 2.2.1 (amd64)
OpenVPN GUI v.5When authenticating with a password that contains special characters, specifically "<" and ">", OpenVPN client will fail authentication.
Logs on the pfSense server side:
Apr 21 13:56:02 openvpn[10572]: XXX.XXX.XXX.XXX:63764 [***CENSORED***] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:63764 Apr 21 13:56:02 openvpn[10572]: XXX.XXX.XXX.XXX:63764 TLS Auth Error: Auth Username/Password verification failed for peer Apr 21 13:56:02 openvpn: user '***CENSORED***' could not authenticate.
The password being used contains the less than (<) and the greater than (>) symbols. If I log in to the pfSense box and navigate to Diagnostic>Authentication and test the username/password combination it authenticates correctly. But still fails on the client side when using OpenVPN GUI v.5. Once the password is changed to something without those special characters the account authenticates correctly.
This seems to be occurring on 2.2.2 and 2.2.1. I'm not sure when this issue started. I guess a rule of thumb is to not use special characters - or at least do not use <> .
AWS
-
There were other unusual characters in passwords that were fixed up over the last few months. Personally I never put thse odd characters in passwords because I know there will be apps that don't work with them, and I will be on someones computer with a European keyboard variant and I will struggle to find the character anyway ;)
Make sure you are on the latest pfSense and latest OpenVPN client, then it is probably worth reporting in redmine.pfsene.org to see if something can be done to fix it. < and > are not that weird.