When the user's password is longer than 49 characters, authentication fails. If the password length is decreased to 49 characters, authentication is successful.
This inhibits the use of some types of two-factor hardware tokens, like YubiKeys, which allow you to submit both factors (password + hardware generated OTP) by appending the OTP string to the end of the password. In YubiKey's case, the OTP string is 44 characters, which leaves only 5 characters for the user's actual password, which is prohibitively short.
Passwords > 49 characters work fine with the openvpn GUI software I've tested on OS X, such as Tunnelblik.
Could we please increase this to something larger like 100 characters?
I'd guess the issue is this line in openvpn.c:
206 TCHAR buf[50];
but I don't have the tools to compile it and test.
Thanks.
Thanks for the report!
This is fixed in git now. The next binary snapshot of the GUI and/or openvpn-2.3 alpha installer will contain the changes.