Re: [Openvpn-users] OpenVPN Client 2FA problem with Backslash

[Jakob C. <jc...@in...>]

Am 10.03.2022 um 12:22 schrieb Jan Just Keijser:

>
>> Thu Mar 10 10:35:32 2022 Restart pause, 5 second(s)
>> *Thu Mar 10 10:35:40 2022 Previous command sent to management failed: 
>> ERROR: Options warning: Bad backslash ('\') usage in TCP:0: remember 
>> that backslashes are treated as shell-escapes and if you need to pass 
>> backslash characters as part of a Windows filename, you sho*
>> Thu Mar 10 10:35:40 2022 MANAGEMENT: CMD 'username "Auth" 
>> "*authpoint\UserName*"'
>> Thu Mar 10 10:35:40 2022 MANAGEMENT: CMD 'password [...]'
>>
>> This sounds like I need to escape the backslash, but if I do this the 
>> Auth fails completely before the 2FA part comes into the picture. I 
>> fear that the normal user authentication part and the 2FA code treat 
>> backslashes differently... how can I get this going, if at all? 
>> Should I contact the openvpn-devel list for this?
>>
>>
>
> before getting into whether this is a bug or not :   most 
> Windows-based authentication systems also accept authpoint/Username 
> (i.e. forward slash).
>
> Other than that, this does seem to be one for the -devel list, as I 
> suspect that in manage.c the "parse_line" call does not differentiate 
> between file paths (for which \\ is needed) and a "domain\username" call.
>
> Alternatively, you might be able to get away with specifying 
> username@FQDN as well.
>
Hello Jan, hello all,

thank you for these ideas  - I had already tried the forward slash, 
without success. I now also tried "@", but this does not work either; I 
suspect the server side (i.e. the WatchGaurd auth module)  does not 
understand the login then. Ok, so I will ask on the -devel list. If I 
have a solution I will add it here. Thank you.