Actions
Bug #7472
closedExternal Authentication servers with names longer than 48 characters fail to authenticate with OpenVPN server configured for TLS + User Auth
Start date:
04/14/2017
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.3_1
Affected Architecture:
Description
Configure an external LDAP Authentication Server
Give it a name that exceeds 48 characters like 1234567890123456789012345678901234567890123456789
Configure OpenVPN Server with TLS+User Auth
Export a client config and try to connect
The client will fail to connect with this error in the pfSense OpenVPN log
Apr 14 12:12:31 openvpn 97925 redacted_ip:port SIGUSR1[soft,connection-reset] received, client-instance restarting Apr 14 12:12:31 openvpn 97925 redacted_ip:port Connection reset, restarting [0] Apr 14 12:12:31 openvpn 97925 redacted_ip:port SENT CONTROL [redacted.hostname]: 'AUTH_FAILED' (status=1) Apr 14 12:12:31 openvpn 97925 redacted_ip:port Delayed exit in 5 seconds Apr 14 12:12:31 openvpn 97925 redacted_ip:port PUSH: Received control message: 'PUSH_REQUEST' Apr 14 12:12:28 openvpn 97925 redacted_ip:port [redacted.hostname] Peer Connection Initiated with [AF_INET]redacted_ip:port Apr 14 12:12:28 openvpn 97925 redacted_ip:port Control Channel: TLSv1.1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Apr 14 12:12:28 openvpn 97925 redacted_ip:port TLS Auth Error: Auth Username/Password verification failed for peer Apr 14 12:12:28 openvpn 97925 redacted_ip:port WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 1
Configure an external LDAP Authentication Server
Give it a name with 48 characters (or less) like 123456789012345678901234567890123456789012345678
Configure OpenVPN Server with TLS+User Auth
Export a client config and try to connect
The client will connect
Actions