WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

OpenVPN user/pass BUG special characters (RUT240)

0 votes
441 views 5 comments
by anonymous

There does not seem to be a regular way to report bugs to Teltonika? So I will post this here so it can potentially help other people and maybe they will pick up on it. If there's another way, please let me know.

Background
I have a Debian server acting as OpenVPN server and 15 RUT240's connected to it as OpenVPN clients. Because of a change of server I decided to switch from TLS cert based auth to user/password auth for OpenVPN. This is where it turned bad.

What happend?
After changing the configurations from cert based auth to password auth, only 5 of the 15 RUT240's where able to reconnect. Most of them where remote, but a few of them where local so I could log in and see what happend.

To my surprise it turned out the router changed the password I entered in the web GUI.
I will share some passwords, as they are random, have been changed already by now and it's the best way to illustrate.

Original password entered: acZ3GEY^ny$xJ7vFD%RNh75Q$
Password after saving: acZ3GEY^ny%RNh75Q$

At first glance I thought it had just cut the length of the password, but that's not the case, something is missing in the middle:
- acZ3GEY^ny$xJ7vFD%RNh75Q$
- acZ3GEY^ny%RNh75Q$

I checked the passwords of the 5 routers that did come back online and it turned out they where all the same length as the original one above, but none of them had a $ in it. Could that be it?

So I entered a few other passwords in the router to see what would happen:

- Original: 3kC8BBPD$e^f4@dS%4$HugEsT
- Saved: 3kC8BBPD^f4@dS%4

- Original: TaAPMU$uTgE53FhBvfx7
- Saved: TaAPMU

- Original: e8!g4D$CjJ4%!g3sNIBqJ6&9K
- Saved: e8!g4D%!g3sNIBqJ6&9K

- Original: $M7^qb7t$qJ2r9v56T@$5Z^aWEWf
- Saved: ^qb7t@Z^aWEWf

So what seems to be happening?
When there's a $-sign in the password, it will cut the part between the $ and the next special character out of the password.

I changed all passwords server side according to this method and all remote routers came back online.

This happend to me on different firmware versions:
- 01.14.1
- 01.14
- 01.13.2
- 01.12.3
- 01.11.2

Other OpenVPN settings
 

TUN/TAP: TUN
Protocol: UDP
Authentication: Password
Encryption: AES-256-GCM-256
TLS cipher: All
HMAC auth algo: SHA512
Additional HMAC: tls-crypt

1 Answer

0 votes
by anonymous
Hello,

Thank you for catching this issue, I would like to ask if you could send a troubleshoot file where you have entered the password with the $ symbol but it was saved incorrectly.

Regards.
Best answer
by anonymous
Which part or file do you need from the troubleshoot folder that gets downloaded?
by anonymous
Hi,

Full folder if you could. System log and VPN configuration files are most important.

Regards.
by anonymous

How am I supposed to share a full folder?

system_eventsdb.log only contains this:

903|2021-07-08 10:09:52|Web UI|Authentication was succesful from HTTP LAN 192.168.1.145

904|2021-07-08 10:10:49|CONFIG|Open VPN configuration has been changed

by anonymous
You could send the file to me via private message. Anyways it is not mandatory and I will report this issue to the developers without it.
by anonymous
I did a restore to default on one of my routers to test it again (still the same) and made a troubleshoot folder.
I sent you these over PM. Thank you for the quick actions!