Menu
What's new
By:
Filters Better Search

VPN client bug

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

davidstoll

Occasional Visitor
If your username (email) contains special characters (specifically the + character), the router out not log in (Error - Authentication failure!


My router is: RT-AC88U
I'm using the latest firmware: 384.7_2
OpenVPN client account: nordvpn, who verified this

Log:
Nov 12 07:48:02 ovpn-client1[15984]: OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 21 2018
Nov 12 07:48:02 ovpn-client1[15984]: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.08
Nov 12 07:48:02 ovpn-client1[15985]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 12 07:48:02 ovpn-client1[15985]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 12 07:48:02 ovpn-client1[15985]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 12 07:48:02 ovpn-client1[15985]: TCP/UDP: Preserving recently used remote address: [AF_INET]181.215.110.229:1194
Nov 12 07:48:02 ovpn-client1[15985]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Nov 12 07:48:02 ovpn-client1[15985]: UDP link local: (not bound)
Nov 12 07:48:02 ovpn-client1[15985]: UDP link remote: [AF_INET]181.215.110.229:1194
Nov 12 07:48:02 ovpn-client1[15985]: TLS: Initial packet from [AF_INET]181.215.110.229:1194, sid=69278025 aef25b4c
Nov 12 07:48:02 ovpn-client1[15985]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us867.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY KU OK
Nov 12 07:48:02 ovpn-client1[15985]: Validating certificate extended key usage
Nov 12 07:48:02 ovpn-client1[15985]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY EKU OK
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us867.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Nov 12 07:48:04 ovpn-client1[15985]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Nov 12 07:48:04 ovpn-client1[15985]: [us867.nordvpn.com] Peer Connection Initiated with [AF_INET]181.215.110.229:1194
Nov 12 07:48:05 ovpn-client1[15985]: SENT CONTROL [us867.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Nov 12 07:48:05 ovpn-client1[15985]: AUTH: Received control message: AUTH_FAILED
Nov 12 07:48:05 ovpn-client1[15985]: SIGTERM[soft,auth-failure] received, process exiting
 
davidstoll said:
That link doesn't reference the plus character. I'm not exactly sure what you wanted me to see there, but if you could elaborate, I would appreciate it.
Click to expand...
NOTE - plus sign (+) It is valid for email and SMTP transport for username, e.g. "username+item@example.org" - as an identifier for items outside of email, it's up to the application developer to case this, as "+" (plus sign) can mean things in code if not handled correctly, similar to the exceptions noted above
Click to expand...

The point being a plus sign can mean different things depending on the code treatment of the plus sign.

Also, helps to enclose code snips and log file output in
Code: 
A code tag
for improved readability. It is the icon on the left side of the disk icon.
 
Code: 
Nov 12 07:48:02 ovpn-client1[15984]: OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 21 2018
Nov 12 07:48:02 ovpn-client1[15984]: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.08
Nov 12 07:48:02 ovpn-client1[15985]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 12 07:48:02 ovpn-client1[15985]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 12 07:48:02 ovpn-client1[15985]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 12 07:48:02 ovpn-client1[15985]: TCP/UDP: Preserving recently used remote address: [AF_INET]181.215.110.229:1194
Nov 12 07:48:02 ovpn-client1[15985]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Nov 12 07:48:02 ovpn-client1[15985]: UDP link local: (not bound)
Nov 12 07:48:02 ovpn-client1[15985]: UDP link remote: [AF_INET]181.215.110.229:1194
Nov 12 07:48:02 ovpn-client1[15985]: TLS: Initial packet from [AF_INET]181.215.110.229:1194, sid=69278025 aef25b4c
Nov 12 07:48:02 ovpn-client1[15985]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us867.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY KU OK
Nov 12 07:48:02 ovpn-client1[15985]: Validating certificate extended key usage
Nov 12 07:48:02 ovpn-client1[15985]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY EKU OK
Nov 12 07:48:02 ovpn-client1[15985]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=us867.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Nov 12 07:48:04 ovpn-client1[15985]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Nov 12 07:48:04 ovpn-client1[15985]: [us867.nordvpn.com] Peer Connection Initiated with [AF_INET]181.215.110.229:1194
Nov 12 07:48:05 ovpn-client1[15985]: SENT CONTROL [us867.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Nov 12 07:48:05 ovpn-client1[15985]: AUTH: Received control message: AUTH_FAILED
Nov 12 07:48:05 ovpn-client1[15985]: SIGTERM[soft,auth-failure] received, process exiting
 
The auth-user-pass file generated by Asuswrt-Merlin for OpenVPN does properly show the plus sign when I test with such a username, therefore the problem is not with Asuswrt-Merlin.
 
You must log in or register to reply here.

Similar threads

T
[Help] Problems setting up OpenVPN
Replies
7
Views
319
Thookie
T
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
2K
pattox
P
B
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
Replies
1
Views
228
eibgrad
eibgrad
G
ASUS Merlin 388.2.2 Authentication Error / Timeout Issue
Replies
2
Views
1K
ColinTaylor
C
P
RT-AX88U - 388.2_2 - Previously Working VPN Client (NordVPN) no longer functions - Suggestions for NordVPN Working Settings July 2023
Replies
2
Views
2K
PC Pilot
P
Similar threads
Thread starter Title Forum Replies Date
T Wireguard Client VPN not using DNS Asuswrt-Merlin 14
I Wireguard VPN client does not autostart after reboot Asuswrt-Merlin 2
Z Sudden VPN client issues with RX-AX82U Asuswrt-Merlin 5
T Troubles with VPN Client + DDNS Setup on GT-BE98 Asuswrt-Merlin 5
G Wireguard VPN Client: killswitch activation -> LAN administration lock-out Asuswrt-Merlin 6
D Nord Open VPN client connected but not secure? Asuswrt-Merlin 1
C Weird client VPN problem that just started ! Asuswrt-Merlin 53
C Routing my VPN Server through VPN Client 1 Having issues with Facetime Asuswrt-Merlin 50
Sergyk VPN client Asuswrt-Merlin 6
XIII AdGuard VPN (IPSec/IKEv2) not possible as VPN client on Asuswrt-Merlin? Asuswrt-Merlin 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 662 (members: 24, guests: 638)
Top