Project

General

Profile

Actions

Bug #10409

closed

OpenVPN client without userpass hangs system startup

Added by Viktor Gurov over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
OpenVPN
Target version:
Start date:
04/02/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

If you create OpenVPN client connection with user authentication,
but don’t enter the password
System hangs on startup with prompt:

Syncing OpenVPN settings...Enter Auth Password:

Actions #1

Updated by Viktor Gurov over 1 year ago

OpenVPN client userpass is mandatory

Fix:
https://github.com/pfsense/pfsense/pull/4257

Actions #2

Updated by Jim Pingle over 1 year ago

  • Status changed from New to Pull Request Review
  • Affected Version changed from 2.4.5 to All

Copying note here from Github:

I seem to recall there was a specific reason we allowed the password to be empty. There was an auth use case which required it at some point, but I can't find notes about it anywhere now. I do see 7304c0234042868d91ab484d839a8c69087871be ( #3633 ) but that case is blank user but filled in password.

That same issue with being blocked waiting for auth can happen if the username is blank as well as the password, if the server requires user auth, so it's not something we can always prevent. We do add auth-retry nointeract which is supposed to prevent this. But the user can override that by checking "Do not retry connection when authentication fails".

Actions #3

Updated by Renato Botelho about 1 year ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.5.0
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #4

Updated by Max Leighton about 1 year ago

  • Status changed from Feedback to Resolved

Tested in
2.5.0-DEVELOPMENT (amd64)
built on Sun Sep 20 06:59:15 EDT 2020
FreeBSD 12.2-PRERELEASE

As expected, the password requirement still exists at boot, but there is now an informational warning urging users who will not enter a username or password here to use the Do not retry connection when authentication fails option.

Marking the ticket resolved.

Actions

Also available in: Atom PDF