Opened 10 years ago

Closed 10 years ago

#377 closed Patch submission (fixed)

socks proxy always advertise authentication even if no authentication is provided by user

Reported by: irregulator Owned by: Gert Döring
Priority: major Milestone: release 2.3.4
Component: Networking Version: OpenVPN 2.2.2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


When trying to use OpenVPN with socks-proxy, OpenVPN client sends as acceptable methods both "no authentication" and "plaintext authentication". This can cause problem when user doesn't want to use any authentication at all. Since OpenVPN advertises both methods disregarding if user has an authentication file, if socks proxy picks plaintext authentication method, connection will fail.

This is implemented in

This problem came up when I tried to connect OpenVPN and obfsproxy, a socks proxy that obfuscates traffic and is used for Tor pluggable transports. Although I don't want to use any authentication, OpenVPN client will advertise plaintext authentication as available, and that method will be choosed by obfsproxy, causing the connection to drop.

Yawning gives a better explanation and kindly provided a patch :

Please review.

Change History (3)

comment:1 Changed 10 years ago by Gert Döring

Milestone: release 2.3.4
Owner: set to Gert Döring
Status: newassigned

Thanks for the patch. I'll give it a close look ASAP.

comment:2 Changed 10 years ago by Gert Döring

see also #148

comment:3 Changed 10 years ago by Gert Döring

Resolution: fixed
Status: assignedclosed

Patch committed and pushed.

commit 2903eba5dfe35c981329a833845e24de3882161a (master)
commit 34df13fdb65242b81c9006ee8ac83be4cc3f9e09 (release/2.3)

Will be part of OpenVPN 2.3.4.

Even though the bug is opened against OpenVPN 2.2.2, we are very likely not going to do another 2.2.x release - 2.3.x is mature enough that there shouldn't be any reason to stick to 2.2 any longer.

Note: See TracTickets for help on using tickets.