What's new

VPN configuration failure: vpn_client_username over length (128 > 64)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

merlinuser

New Around Here
Router Model: ASUS RT-AC68U
Firmware version 384.3
System log says:
httpd: nvram_check fail: nvram vpn_client_username over length (128 > 64)

Why is this set with this limitation? Previous v380 worked okay.
My VPN provider username is at least 128 characters. So when entering the username and applying, the username is removed and no connection occurs.

Look forward to any solutions. thanks.
 
Because to avoid buffer overruns, Asus now enforces length validation on all nvram settings. 64 characters is a very reasonable limit.

If your VPN provider users 128 characters long username, then someone at that company need to rethink their approach. It's a username, not a cryptographic key... An actually secure client would require you to type that name manually on every reconnection. Do they expect mobile users to type 128 characters every time they reconnect?
 
Because to avoid buffer overruns, Asus now enforces length validation on all nvram settings. 64 characters is a very reasonable limit.

This is disappointing. Not sure how I'm going to resolve this now. It wasn't an issue before but now is. Does the same apply to passwords? (Just tried and it does apply)

It's a username, not a cryptographic key... An actually secure client would require you to type that name manually on every reconnection. Do they expect mobile users to type 128 characters every time they reconnect? .

I would have thought that it makes no difference where the obfuscation occurs whether in the username or password, they are both usually required to make a log-in work. Besides I haven't typed log-in credentials for years now using a password manager, so username and password characters and length are irrelevant. The longer the better. If you asked me for my usernames/passwords I couldn't tell you what they were. More than 256 bits or 50 char is desirable.

It is not an issue for any software based VPN client, so if the outcome is that ASUS have enforced it and the Asuswrt-Merlin fork can't change it then I'm in a bind and I'll have to consider my options, which might include binning.
 
Last edited:
Just for info....which VPN provider?
One example would be Cryptostorm that use a hashing algorithm to create some anonymity to the user's credentials. A quite reasonable use of security mathematics that the hardware should cater for if it wants to be taken seriously.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top