socks proxy always advertise authentication even if no authentication is provided by user

[irregulator]

When trying to use OpenVPN with socks-proxy, OpenVPN client sends as acceptable methods both "no authentication" and "plaintext authentication". This can cause problem when user doesn't want to use any authentication at all. Since OpenVPN advertises both methods disregarding if user has an authentication file, if socks proxy picks plaintext authentication method, connection will fail.

This is implemented in ​https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/socks.c#L194.

This problem came up when I tried to connect OpenVPN and obfsproxy, a socks proxy that obfuscates traffic and is used for Tor pluggable transports. Although I don't want to use any authentication, OpenVPN client will advertise plaintext authentication as available, and that method will be choosed by obfsproxy, causing the connection to drop.

Yawning gives a better explanation and kindly provided a patch : ​https://github.com/OpenVPN/openvpn/pull/14

Please review.

[Gert Döring]

Thanks for the patch. I'll give it a close look ASAP.

[Gert Döring]

see also #148

[Gert Döring]

Patch committed and pushed.

commit 2903eba5dfe35c981329a833845e24de3882161a (master)
commit 34df13fdb65242b81c9006ee8ac83be4cc3f9e09 (release/2.3)

Will be part of OpenVPN 2.3.4.

Even though the bug is opened against OpenVPN 2.2.2, we are very likely not going to do another 2.2.x release - 2.3.x is mature enough that there shouldn't be any reason to stick to 2.2 any longer.