Management Interface does not allow UTF8 passwords

[fjaeger]

I am using OpenVPN's management interface with Shimo (MacOSX VPN Client) and I realized that I am unable to login when the user password contains a German umlaut. Same holds for other UTF8 characters.
Currently I am using OpenVPN version 2.2.2

[Samuli Seppänen]

Can someone reproduce this on 2.3.2 or latest Git "master"?

[Gert Döring]

this might not be "just" an umlaut issue, but an "is the umlaut encoding the same on the OpenVPN client and the OpenVPN server" (so if the Mac GUI sends UTF8 umlauts to the management interface and the server compares to ISO umlauts...)

No idea how SSH and friends solve this. I just don't use non-ASCII characters in usernames or passwords...

[Selva Nair]

I think management i/f accepts any byte sequence as password with few exceptions (no embedded new lines or NULs) -- its up to the client to ensure that consistent values are provided when starting openvpn.exe on, say, command line, and from management client.

The error reported here is very likely mismatch between encoding used on the command line and management-client UI.

Shall we close this?

[Gert Döring]

Closing this as indeed character set issues are complex (GUI to management interface, Terminal to config file, server side script to authentication backend), and we can't really solve this inside OpenVPN except "do not even try to autoconvert something".

While this is not really helping the original poster, trying to do charset autoconversion here ("if a --auth-user-pass file has no UTF8 BOM, treat as ISO8859-1, and convert to UTF8 before sending to server") will be a major undertaking, and not necessarily create less pain...

The best way is to have the same encoding everywhere, which would be UTF-8 today - and avoid using non-7-bit-characters in usernames and passwords, as a matter of good practice.