SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000411: OpenVPN fails authentication with password containing "$$" - MantisBT
MantisBT - Endian Firewall
View Issue Details
0000411Endian FirewallInput Validationpublic2008-01-03 22:442010-09-21 19:08
aarond725 
 
normalminoralways
acknowledgedopen 
2.1.2 
future 
0000411: OpenVPN fails authentication with password containing "$$"
Not sure if this is in the OpenVPN client, the OpenVPN server, or the web interface of Endian Firewall.

I have an Endian Firewall Community release 2.1.2 set up as an OpenVPN server. Using the web interface of the firewall, I create a user "test" with password "test$". I am able to succesfully connect remotely via OpenVPN GUI 1.0.3.

If I change the password to "test$$", I get an AUTH_FAILED message when trying to connect via OpenVPN GUI 1.0.3.
  
I think the two dollar signs ($$) might be some sort of special character, or perhaps they are getting escaped. There might be other special characters that do not work, but I haven't experimented.

The workaround is not to use "$$" in the password.
Here is the OpenVPN log from my client:

Thu Jan 03 13:52:20 2008 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Thu Jan 03 13:52:20 2008 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Thu Jan 03 13:52:20 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 03 13:52:20 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 03 13:52:20 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 03 13:52:20 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 03 13:52:20 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jan 03 13:52:20 2008 [127.0.0.1] Peer Connection Initiated with 123.123.123.123:1194
Thu Jan 03 13:52:21 2008 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Thu Jan 03 13:52:21 2008 AUTH: Received AUTH_FAILED control message
Thu Jan 03 13:52:21 2008 TCP/UDP: Closing socket
Thu Jan 03 13:52:21 2008 SIGTERM[soft,auth-failure] received, process exiting
Thu Jan 03 13:52:21 2008 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov 2 2005
No tags attached.
Issue History
2008-01-03 22:44aarond725New Issue
2008-01-03 22:44aarond725Statusnew => assigned
2008-01-03 22:44aarond725Assigned To => peter-endian
2008-01-08 12:13peter-endianNote Added: 0000736
2009-11-25 17:47peter-endianTarget Version => future
2010-02-04 09:58peter-endianRelationship addedrelated to 0002653
2010-09-21 18:13peter-endianAssigned Topeter-endian =>
2010-09-21 18:13peter-endianStatusassigned => acknowledged
2010-09-21 19:08peter-endianCategoryNetwork related (VPN, uplinks) => Input Validation

Notes
(0000736)
peter-endian   
2008-01-08 12:13   
yes, $ identifies a variable name in perl, so the GUI writes down the password wrongly. there are more special characters which will not work, like @, %
I think there is also another issue with openvpn itself with special characters.

In 2.2 we disallow these characters. It's a temporary solution..