[Openvpn-users] OpenVPN Client 2FA problem with Backslash

Thu, 10 Mar 2022 03:14:35 -0800 

Hello all,
we are trying to implement 2FA for several existing Firebox SSL VPNs (which essentially uses OpenVPN on server and client side). The remote users all use the Windows OpenVPN client. This works perfectly without 2FA, and it works also if you do not need to specify the authentication domain on user logon. But for the migration it is necessary to do that as I cannot convert all users at once - the domain you enter in the username field is then "authpoint" instead of something like "company.private". In the 2FA process, the OpenVPN client then opens a text window where you can enter a TOTP token or a "p" for a push request. This all works with the default domain set, but not when specifying a domain with a backslash: 


Thu Mar 10 10:35:31 2022 VERIFY OK: depth=0, O=WatchGuard_Technologies, 
OU=Fireware, CN=Fireware SSLVPN Server
Thu Mar 10 10:35:31 2022 Control Channel: TLSv1.2, cipher TLSv1.2 
ECDHE-RSA-CHACHA20-POLY1305, peer certificate: 2048 bit RSA, signature: 
RSA-SHA256
Thu Mar 10 10:35:31 2022 [Fireware SSLVPN Server] Peer Connection 
Initiated with [AF_INET]1.2.3.4:443

Thu Mar 10 10:35:32 2022 MANAGEMENT: >STATE:1646904932,GET_CONFIG,,,,,,

Thu Mar 10 10:35:32 2022 SENT CONTROL [Fireware SSLVPN Server]: 
'PUSH_REQUEST' (status=1)
Thu Mar 10 10:35:32 2022 AUTH: Received control message: 
AUTH_FAILED,CRV1:R,E:1796:Yoirtuqeprtiqrew4==:*Type "p" to receive a 
push notification or type your one-time password*
Thu Mar 10 10:35:32 2022 SIGUSR1[soft,auth-failure] received, process 
restarting
Thu Mar 10 10:35:32 2022 MANAGEMENT: 
>STATE:1646904932,RECONNECTING,auth-failure,,,,,

Thu Mar 10 10:35:32 2022 Restart pause, 5 second(s)

*Thu Mar 10 10:35:40 2022 Previous command sent to management failed: 
ERROR: Options warning: Bad backslash ('\') usage in TCP:0: remember 
that backslashes are treated as shell-escapes and if you need to pass 
backslash characters as part of a Windows filename, you sho*
Thu Mar 10 10:35:40 2022 MANAGEMENT: CMD 'username "Auth" 
"*authpoint\UserName*"'

Thu Mar 10 10:35:40 2022 MANAGEMENT: CMD 'password [...]'


This sounds like I need to escape the backslash, but if I do this the 
Auth fails completely before the 2FA part comes into the picture. I fear 
that the normal user authentication part and the 2FA code treat 
backslashes differently... how can I get this going, if at all? Should I 
contact the openvpn-devel list for this?


Best regards and thank you for hints,

Jakob Curdes


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to