Project

General

Profile

Bug #10409

OpenVPN client without userpass hangs system startup

Added by Viktor Gurov 2 months ago. Updated about 2 months ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
04/02/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

If you create OpenVPN client connection with user authentication,
but don’t enter the password
System hangs on startup with prompt:

Syncing OpenVPN settings...Enter Auth Password:

History

#1 Updated by Viktor Gurov 2 months ago

OpenVPN client userpass is mandatory

Fix:
https://github.com/pfsense/pfsense/pull/4257

#2 Updated by Jim Pingle about 2 months ago

  • Status changed from New to Pull Request Review
  • Affected Version changed from 2.4.5 to All

Copying note here from Github:

I seem to recall there was a specific reason we allowed the password to be empty. There was an auth use case which required it at some point, but I can't find notes about it anywhere now. I do see 7304c0234042868d91ab484d839a8c69087871be ( #3633 ) but that case is blank user but filled in password.

That same issue with being blocked waiting for auth can happen if the username is blank as well as the password, if the server requires user auth, so it's not something we can always prevent. We do add auth-retry nointeract which is supposed to prevent this. But the user can override that by checking "Do not retry connection when authentication fails".

Also available in: Atom PDF