berkus / tunnelblick

TunnelBlick configs for OpenVPN on OSX
code.google.com/p/tunnelblick
1 stars 1 forks source link

Saving a wrong password locks the connection #145

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Add a connection
2. When asked for it, put the wrong password, and store the credentials
3. Try to connect

What is the expected output?

I'd expect to get a "wrong password"

What do you see instead?

Nothing - the connection remains unconnected, no output.

What version of Tunnelblick are you using? On what version of OS X? PPC or
Intel?

Tunnelblick_3.0b26, OS X 10.6.2, Intel

Please provide any additional information below. It is often helpful to
include your configuration file and the contents of the OpenVPN Log window,
but remember to remove any sensitive information such as IP addresses.

Original issue reported on code.google.com by thibaut....@gmail.com on 13 Feb 2010 at 1:33

GoogleCodeExporter commented 9 years ago
More info: if I then go into KeyChain access, search for password
"tunnelblick-auth-myconnection", and modify it to put the correct password 
instead,
everything works fine afterwards.

Original comment by thibaut....@gmail.com on 13 Feb 2010 at 1:34

GoogleCodeExporter commented 9 years ago
I can't replicate this behavior. Is there something unusual about your setup? 
Did the problem happen with a username/password combination, or a passphrase? 
If you could post the first 
few lines of the Details... window's OpenVPN Log (the lines with "*Tunnelblick" 
in them), that would help.

Does anything at all show up in the Details... window?

When I try to connect with an incorrect password saved in the Keychain, I get 
the following (with "verb 5" in the configuration file):

     2010-02-14 08:29:02 [OpenVPN_Server] Peer Connection Initiated with 67.228.29.98:1194
     2010-02-14 08:29:03 
     2010-02-14 08:29:04 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)

notice a five-second wait here (I think this is the server checking the 
password), then

     2010-02-14 08:29:09 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)

at this point Tunnelblick displays a window saying the authentication failed 
and offering three buttons: "Try again with different credentials", "Cancel", 
and "Try again".

clicking "Cancel" causes the following:
     2010-02-14 08:29:09 AUTH: Received AUTH_FAILED control message
     2010-02-14 08:29:09 TCP/UDP: Closing socket
     2010-02-14 08:29:09  process restarting
     2010-02-14 08:29:09 
     2010-02-14 08:29:09  process exiting
     2010-02-14 08:29:09

clicking "Try again" shows the following (the times are different because it is 
a different connection attempt)
     2010-02-14 08:34:22 TCP/UDP: Closing socket
      2010-02-14 08:34:22  process restarting
      2010-02-14 08:34:22 
      2010-02-14 08:34:22  process exiting
      2010-02-14 08:34:22 
      2010-02-14 08:34:27 *Tunnelblick: Attempting connection with adapt.ovpn; Set nameserver = 1; monitoring connection
      2010-02-14 08:34:27 *Tunnelblick: /Users/.../Tunnelblick.app/Contents/Resources/openvpnstart start adapt.ovpn 1339 1 0 0 0
     (followed by a completely new connection attempt)

clicking "Try again with different credentials" is like "Cancel", followed by a 
retry of the connection but Tunnelblick displays a window asking for the 
username/password.

The way the "Try again with different credentials" is implemented is that it 
first deletes the credentials from the Keychain, then tries the connection 
again. Since there won't be any 
credentials in the Keychain on the second attempt, it displays a window asking 
for them.

Original comment by jkbull...@gmail.com on 14 Feb 2010 at 1:47

GoogleCodeExporter commented 9 years ago
Hi,

I'll try to find some time to bring more details here.

cheers,

-- Thibaut

Original comment by thibaut....@gmail.com on 16 Feb 2010 at 11:00

GoogleCodeExporter commented 9 years ago
I have simplified the logic for handling failed passwords, which should 
eliminate this problem.

The fix was submitted as r416, and is in just-released Tunnelblick version 
3.0b28.

Original comment by jkbull...@gmail.com on 24 Feb 2010 at 5:50

GoogleCodeExporter commented 9 years ago
Thanks a billion thibaut.
I have been going crazy on why i couldnt log in at work and its alle cause 
tunnelblick doesnt prompt me for the wrong password. I guess our office is not 
the only one which demands the users to change password every 3 months so this 
should be possible. My iVPN in windows prompts me for this

Original comment by oivindst...@gmail.com on 9 May 2011 at 9:45