这是indexloc提供的服务,不要输入任何密码
Skip to content

OpenVPN client userpass is mandatory. Issue #10409 #4257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 17, 2020
Merged

OpenVPN client userpass is mandatory. Issue #10409 #4257

merged 1 commit into from
Sep 17, 2020

Conversation

@vktg
Copy link
Contributor

@vktg vktg commented Apr 2, 2020
edited
Loading

If you create OpenVPN client connection with user authentication,
but don’t enter the password
System hangs on startup with prompt:
Syncing OpenVPN settings...Enter Auth Password:

@jim-p
Copy link
Contributor

jim-p commented Apr 2, 2020

I seem to recall there was a specific reason we allowed the password to be empty. There was an auth use case which required it at some point, but I can't find notes about it anywhere now. I do see 7304c02 (https://redmine.pfsense.org/issues/3633) but that case is blank user but filled in password.

That same issue with being blocked waiting for auth can happen if the username is blank as well as the password, if the server requires user auth, so it's not something we can always prevent. We do add auth-retry nointeract which is supposed to prevent this. But the user can override that by checking "Do not retry connection when authentication fails".

@clhols
Copy link

clhols commented Apr 29, 2020
edited
Loading

This happened to me when I copied a OpenVPN client and only changed the host address. The resulting copy doesn't include the password, even though it indicates it during copy. I didn't realise this and status said the the daemon couldn't be contacted, so I though a reboot would help. Then the router was stuck at startup like in the description here.
I had to buy a soldering iron to fix my null-modem cable, so it took me many hours to find the issue.
But I guess this PR will not fix that copy issue.

@vktg
Copy link
Contributor Author

vktg commented Jun 25, 2020

I read https://redmine.pfsense.org/issues/3633 and, yeah, in some rare cases the password may be empty,
but I think we need to add a note about possible boot problems

This happened to me when I copied a OpenVPN client and only changed the host address. The resulting copy doesn't include the password, even though it indicates it during copy. I didn't realise this and status said the the daemon couldn't be contacted, so I though a reboot would help. Then the router was stuck at startup like in the description here.

This is other issue and I can can confirm that if you copy/close OpenVPN settings auth_pass is lost, even though it shows asterisks in the password fields
I'll create new redmine issue

@jim-p
Copy link
Contributor

jim-p commented Jun 25, 2020

The password issue is probably because of the Confirm box on the page, which really isn't necessary. That form only needs the password itself, no need to confirm it since it's not being set like a password, but for later (re)use.

@rbgarga
Copy link
Member

rbgarga commented Sep 8, 2020

@vktg please rebase your fork and fix conflicts

@vktg
Copy link
Contributor Author

vktg commented Sep 13, 2020

Fixed and updated

@rbgarga rbgarga requested a review from jim-p September 14, 2020 12:01
@rbgarga rbgarga removed the Conflicts label Sep 14, 2020
@netgate-git-updates netgate-git-updates merged commit 59e57ed into pfsense:master Sep 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jim-p jim-p jim-p approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@vktg @jim-p @clhols @rbgarga @netgate-git-updates