> dear all, > > a few days ago I deployed an ovpn solution in a medium sized company. > One of the two ends of the vpn network is passing through a proxy with > NTLM authentication. ovpn has problems to recognize the authentication > because immediately after sending the message type 1, the proxy sends > no response, so I had to modify the source code by replacing the > current message with a similar but different one. > > in particular this one: > > TlRMTVNTUAABAAAAAgIAAA== > > > become: > > TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw== > > > A detail of the work is available at: > > http://www.morzello.com/?p=350 (in Italian). > > I was wondering if you could have a function that supports this type > of proxy (such as McAfee Web Gateway). > > thank you very much. Hi,
I read your blog post, interesting stuff. The strings the client sends seem to be base64 encoded and the first part on both messages look like this (in nano/vi): NTLMSSP It's followed by this, which is apparently the message type hex string: ^@^A^@^@^@ After this they differ noticeably. I'd guess they are just sending different NTLM flags: <http://davenport.sourceforge.net/ntlm.html#theNtlmMessageHeaderLayout> Can somebody more fluent in NTLM protocol decipher these two messages? -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
