SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
|Anonymous | Login||2020-02-22 18:17 UTC|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000411||Endian Firewall||Input Validation||public||2008-01-03 22:44||2010-09-21 19:08|
|Target Version||future||Fixed in Version|
|Summary||0000411: OpenVPN fails authentication with password containing "$$"|
|Description||Not sure if this is in the OpenVPN client, the OpenVPN server, or the web interface of Endian Firewall.|
I have an Endian Firewall Community release 2.1.2 set up as an OpenVPN server. Using the web interface of the firewall, I create a user "test" with password "test$". I am able to succesfully connect remotely via OpenVPN GUI 1.0.3.
If I change the password to "test$$", I get an AUTH_FAILED message when trying to connect via OpenVPN GUI 1.0.3.
I think the two dollar signs ($$) might be some sort of special character, or perhaps they are getting escaped. There might be other special characters that do not work, but I haven't experimented.
The workaround is not to use "$$" in the password.
|Additional Information||Here is the OpenVPN log from my client:|
Thu Jan 03 13:52:20 2008 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Thu Jan 03 13:52:20 2008 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Thu Jan 03 13:52:20 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 03 13:52:20 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 03 13:52:20 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 03 13:52:20 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 03 13:52:20 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jan 03 13:52:20 2008 [127.0.0.1] Peer Connection Initiated with 220.127.116.11:1194
Thu Jan 03 13:52:21 2008 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Thu Jan 03 13:52:21 2008 AUTH: Received AUTH_FAILED control message
Thu Jan 03 13:52:21 2008 TCP/UDP: Closing socket
Thu Jan 03 13:52:21 2008 SIGTERM[soft,auth-failure] received, process exiting
Thu Jan 03 13:52:21 2008 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov 2 2005
|Tags||No tags attached.|
yes, $ identifies a variable name in perl, so the GUI writes down the password wrongly. there are more special characters which will not work, like @, %
I think there is also another issue with openvpn itself with special characters.
In 2.2 we disallow these characters. It's a temporary solution..
|2008-01-03 22:44||aarond725||New Issue|
|2008-01-03 22:44||aarond725||Status||new => assigned|
|2008-01-03 22:44||aarond725||Assigned To||=> peter-endian|
|2008-01-08 12:13||peter-endian||Note Added: 0000736|
|2009-11-25 17:47||peter-endian||Target Version||=> future|
|2010-02-04 09:58||peter-endian||Relationship added||related to 0002653|
|2010-09-21 18:13||peter-endian||Assigned To||peter-endian =>|
|2010-09-21 18:13||peter-endian||Status||assigned => acknowledged|
|2010-09-21 19:08||peter-endian||Category||Network related (VPN, uplinks) => Input Validation|
|Copyright © 2000 - 2012 MantisBT Group|