Project

General

Profile

Bug #9460

OpenVPN local auth failing due to fcgicli output

Added by Jim Pingle 4 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Category:
OpenVPN
Target version:
Start date:
04/05/2019
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.5.0
Affected Architecture:
All

Description

OpenVPN local auth is failing on 2.5.0, due to what appears to be a change in fcgicli output.

Testing with set -x and some fake parameters shows it getting some extra output that it doesn't expect.

+ /usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d 'username=amltcA%3D%3D&password=amltcA%3D%3D&cn=&strictcn=false&authcfg=TG9jYWwgRGF0YWJhc2U=&modeid=server2&nas_port=1194'
+ result='OK
(null)'
+ auth_result=0
+ [ 'OK
(null)' '=' OK ]

Looks like a simple fix to change it over to php-cgi.

Associated revisions

Revision ce76f299 (diff)
Added by Jim Pingle 4 months ago

Change ovpn_auth_verify_async to php-cgi. Fixes #9460

Revision 78645511 (diff)
Added by Jim Pingle 3 months ago

Revert "Change ovpn_auth_verify_async to php-cgi. Fixes #9460"

check_reload_status 0.0.10 fixes the original issue, this can go back
the way it was.

This reverts commit ce76f299853dccb036de229f08a30013593c98fd.

History

#1 Updated by Jim Pingle 4 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#2 Updated by Jim Pingle 3 months ago

  • Status changed from Feedback to In Progress
  • Assignee changed from Jim Pingle to Renato Botelho
  • % Done changed from 100 to 0

Looks like the issue in fcgicli should be addressed as a better fix. Assigning to Renato per his request.

#3 Updated by Jim Pingle 3 months ago

Tested a potential change from Renato and it appears to work as expected

+ /usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d 'username=amltcA%3D%3D&password=amltcA%3D%3D&cn=&strictcn=false&authcfg=TG9jYWwgRGF0YWJhc2U=&modeid=server2&nas_port=1194'
+ result=OK
+ auth_result=0
+ [ OK '=' OK ]
+ auth_result=1
+ printf %s 1
+ exit 0

#4 Updated by Renato Botelho 3 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

check_reload_status 0.0.10 should fix it

#5 Updated by Jake K 3 months ago

OpenVPN auth both local and radius are now functioning for me

#6 Updated by Jim Pingle 3 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF