Menu
What's new
By:
Filters Better Search

VPN client bug

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

davidstoll

Occasional Visitor
If your username (email) contains special characters (specifically the + character), the router out not log in (Error - Authentication failure!


My router is: RT-AC88U
I'm using the latest firmware: 384.7_2
OpenVPN client account: nordvpn, who verified this

Log:
Nov 12 07:48:02 ovpn-client1[15984]: OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 21 2018
Nov 12 07:48:02 ovpn-client1[15984]: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.08
Nov 12 07:48:02 ovpn-client1[15985]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 12 07:48:02 ovpn-client1[15985]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 12 07:48:02 ovpn-client1[15985]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 12 07:48:02 ovpn-client1[15985]: TCP/UDP: Preserving recently used remote address: [AF_INET]181.215.110.229:1194
Nov 12 07:48:02 ovpn-client1[15985]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Nov 12 07:48:02 ovpn-client1[15985]: UDP link local: (not bound)
Nov 12 07:48:02 ovpn-client1[15985]: UDP link remote: [AF_INET]181.215.110.229:1194
Nov 12 07:48:02 ovpn-client1[15985]: TLS: Initial packet from [AF_INET]181.215.110.229:1194, sid=69278025 aef25b4c
Nov 12 07:48:02 ovpn-client1[15985]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us867.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY KU OK
Nov 12 07:48:02 ovpn-client1[15985]: Validating certificate extended key usage
Nov 12 07:48:02 ovpn-client1[15985]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY EKU OK
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us867.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Nov 12 07:48:04 ovpn-client1[15985]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Nov 12 07:48:04 ovpn-client1[15985]: [us867.nordvpn.com] Peer Connection Initiated with [AF_INET]181.215.110.229:1194
Nov 12 07:48:05 ovpn-client1[15985]: SENT CONTROL [us867.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Nov 12 07:48:05 ovpn-client1[15985]: AUTH: Received control message: AUTH_FAILED
Nov 12 07:48:05 ovpn-client1[15985]: SIGTERM[soft,auth-failure] received, process exiting
 
davidstoll said:
That link doesn't reference the plus character. I'm not exactly sure what you wanted me to see there, but if you could elaborate, I would appreciate it.
Click to expand...
NOTE - plus sign (+) It is valid for email and SMTP transport for username, e.g. "username+item@example.org" - as an identifier for items outside of email, it's up to the application developer to case this, as "+" (plus sign) can mean things in code if not handled correctly, similar to the exceptions noted above
Click to expand...

The point being a plus sign can mean different things depending on the code treatment of the plus sign.

Also, helps to enclose code snips and log file output in
Code: 
A code tag
for improved readability. It is the icon on the left side of the disk icon.
 
Code: 
Nov 12 07:48:02 ovpn-client1[15984]: OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 21 2018
Nov 12 07:48:02 ovpn-client1[15984]: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.08
Nov 12 07:48:02 ovpn-client1[15985]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 12 07:48:02 ovpn-client1[15985]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 12 07:48:02 ovpn-client1[15985]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 12 07:48:02 ovpn-client1[15985]: TCP/UDP: Preserving recently used remote address: [AF_INET]181.215.110.229:1194
Nov 12 07:48:02 ovpn-client1[15985]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Nov 12 07:48:02 ovpn-client1[15985]: UDP link local: (not bound)
Nov 12 07:48:02 ovpn-client1[15985]: UDP link remote: [AF_INET]181.215.110.229:1194
Nov 12 07:48:02 ovpn-client1[15985]: TLS: Initial packet from [AF_INET]181.215.110.229:1194, sid=69278025 aef25b4c
Nov 12 07:48:02 ovpn-client1[15985]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us867.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY KU OK
Nov 12 07:48:02 ovpn-client1[15985]: Validating certificate extended key usage
Nov 12 07:48:02 ovpn-client1[15985]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY EKU OK
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us867.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Nov 12 07:48:04 ovpn-client1[15985]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Nov 12 07:48:04 ovpn-client1[15985]: [us867.nordvpn.com] Peer Connection Initiated with [AF_INET]181.215.110.229:1194
Nov 12 07:48:05 ovpn-client1[15985]: SENT CONTROL [us867.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Nov 12 07:48:05 ovpn-client1[15985]: AUTH: Received control message: AUTH_FAILED
Nov 12 07:48:05 ovpn-client1[15985]: SIGTERM[soft,auth-failure] received, process exiting
 
The auth-user-pass file generated by Asuswrt-Merlin for OpenVPN does properly show the plus sign when I test with such a username, therefore the problem is not with Asuswrt-Merlin.
 
You must log in or register to reply here.

Similar threads

P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
1K
pattox
P
G
ASUS Merlin 388.2.2 Authentication Error / Timeout Issue
Replies
2
Views
1K
ColinTaylor
C
P
RT-AX88U - 388.2_2 - Previously Working VPN Client (NordVPN) no longer functions - Suggestions for NordVPN Working Settings July 2023
Replies
2
Views
1K
PC Pilot
P
C
OVPN Timeout "SIGUSR1[soft,ping-restart]"
Replies
0
Views
1K
callefreddan
C
A
Setting up OpenVPN client
Replies
10
Views
1K
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
C How can I do this.. Router VPN Client to Server 2 Asuswrt-Merlin 3
G VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN Asuswrt-Merlin 4
johndoe85 VPN site to site with additional VPN client to hide IP Asuswrt-Merlin 14
C VPN Client KillSwitch/Automatic Start at Boot Failures Asuswrt-Merlin 3
D How to restrict VPN network access to certain IP Range or Hosts for specific VPN client Asuswrt-Merlin 8
G [Help] Routing VPN server through VPN client (external VPN Provider) Asuswrt-Merlin 14
Quan Wireguard performance on ASUS XT8 running VPN client Asuswrt-Merlin 1
H WireGuard VPN PreUp Option to Run Command Before Client Connects? Asuswrt-Merlin 3
B VPN Client Problem Asuswrt-Merlin 4
S Multicast routing SSDP to Wireguard VPN client(s) Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 931 (members: 27, guests: 904)
Top