[jira] [Created] (CLOUDSTACK-9735) VPN clients fail to authenticate when the password contains '#'

DeepthiMachiraju (JIRA) Mon, 09 Jan 2017 22:28:18 -0800

DeepthiMachiraju created CLOUDSTACK-9735:
--------------------------------------------


             Summary: VPN clients fail to authenticate when the password 
contains '#'
                 Key: CLOUDSTACK-9735
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9735
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
    Affects Versions: 4.9.0
            Reporter: DeepthiMachiraju


Following are the vpn users created : 

================================================================

root@r-5-VM:~# cat /etc/ppp/chap-secrets


abc * abc *
one * one#1 *
two * two@ *
three * three+ *
four * four. *
five * five- *
six * six_ *
seven * seven# *
===============================================================

VPN in not established with  users  one and seven .

Below are the related logs : 

============================= auth.log =========================
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: responding 
to Main Mode from unknown peer 10.147.52.62
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: 
OAKLEY_GROUP 20 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: 
OAKLEY_GROUP 19 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: transition 
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: 
STATE_MAIN_R1: sent MR1, expecting MI2
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: 
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: transition 
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: 
STATE_MAIN_R2: sent MR2, expecting MI3
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: Main mode 
peer ID is ID_IPV4_ADDR: '10.147.52.62'
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: transition 
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY 
cipher=aes_256 prf=oakley_sha group=modp2048}
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: the peer 
proposed: 10.147.30.112/32:17/1701 -> 10.147.52.62/32:17/0
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #29: responding 
to Quick Mode proposal {msgid:01000000}
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #29:     us: 
10.147.30.112<10.147.30.112>[+S=C]:17/1701
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #29:   them: 
10.147.52.62[+S=C]:17/1701
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #29: transition 
from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #29: 
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #29: transition 
from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan 10 06:10:31 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #29: 
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xcae97826 <0xd8935a34 
xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Jan 10 06:11:28 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: received 
Delete SA(0xcae97826) payload: deleting IPSEC State #29
Jan 10 06:11:28 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: received 
and ignored informational message
Jan 10 06:11:28 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62 #28: received 
Delete SA payload: deleting ISAKMP State #28
Jan 10 06:11:28 r-5-VM pluto[2692]: "L2TP-PSK"[13] 10.147.52.62: deleting 
connection "L2TP-PSK" instance with peer 10.147.52.62 {isakmp=#0/ipsec=#0}
Jan 10 06:11:28 r-5-VM pluto[2692]: packet from 10.147.52.62:500: received and 
ignored informational message
Jan 10 06:12:01 r-5-VM CRON[13349]: pam_unix(cron:session): session opened for 
user root by (uid=0)
Jan 10 06:12:01 r-5-VM CRON[13349]: pam_unix(cron:session): session closed for 
user root

============================= auth.log =========================

============================messages ============================

Jan 10 06:17:28 r-5-VM pppd[13668]: pppd 2.4.5 started by root, uid 0
Jan 10 06:17:28 r-5-VM pppd[13668]: Using interface ppp0
Jan 10 06:17:28 r-5-VM pppd[13668]: Connect: ppp0 <--> /dev/pts/2
Jan 10 06:17:31 r-5-VM pppd[13668]: Peer seven failed CHAP authentication
Jan 10 06:17:31 r-5-VM pppd[13668]: Connection terminated.
Jan 10 06:17:31 r-5-VM pppd[13668]: Exit.

============================messages ============================

Note : When the password containing '#' is placed in double quotes "" , user is 
able to authenticate.
eg : * "seven#" *



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (CLOUDSTACK-9735) VPN clients fail to authenticate when the password contains '#'

Reply via email to