Opened 10 years ago

Closed 9 years ago

#38 closed Bug / Defect (notabug)

U/P auth to server fails: Environment Variable missing!

Reported by: Samuli Seppänen Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.1.0 / 2.1.1 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Hi,

I‘m currently writing a tool for OpenVPN for User/Password? authentication on the server. While I did this I found this bug (in version 2.1.1):

I added this to the server config:
Script-security 2
Auth-user-pass-verify “c:

Program Files

OpenVPN

MyProgram?.exe” via-env

With this setting the username and password entered by the user are committed to my program via Environment variables.
This works well with OpenVPN v2.0.9 but NOT with OpenVPN v2.1.1: There is only committed the environment variable “username”, the variable “password” misses!!
So the option via-env does not work with the newest version of OpenVPN, one have to use the option via-file, which is much more insecure!

I hope I could help you and you can fix this bug,

Thanks,

Frank Wendel

PS:
v2.0.9 EnvVariables? Screenshot: http://picfront.de/d/7Ct2
v2.1.1 EnvVariables? Screenshot: http://picfront.de/d/7Ct3

Change History (3)

comment:1 Changed 10 years ago by Samuli Seppänen

Originally reported to SF.net bug tracker by somebody (anonymous).

comment:2 Changed 9 years ago by JJK

this is an RTFM issue: with

script-security 2

passwords are not allowed to be passed via env vars. Use

script-security 3

for that.

comment:3 Changed 9 years ago by David Sommerseth

Resolution: notabug
Status: newclosed
Note: See TracTickets for help on using tickets.