1

How do one go about handling individual client configurations in OpenVPN where the common name of the certificate includes non-UTF8 characters (Such as Swedish names)?

I had a look at the OpenVPN logs and it says:

10.0.0.6:33157 [l  vberg] Peer Connection Initiated with [AF_INET]...
l  vberg/10.0.0.6:33157 MULTI_sva: pool returned IPv4...
l  vberg/10.0.0.6:33157 MULTI: Learn: ...
l  vberg/10.0.0.6:33157 SENT CONTROL [l  vberg]: 'PUSH_REPLY...

So i dumped the "binary" representation of the log and this is what it actually says:

10.0.0.6:33157 [l\xef\xbf\xbd\xef\xbf\xbdvberg] Peer Connection Initiated with [AF_INET]...

Which translates to:

10.0.0.6:33157 [lövberg] Peer Connection Initiated with [AF_INET]...

Now, I thought of just naming the /etc/openvpn/ccd/lovberg file to:

/etc/openvpn/ccd/lövberg
/etc/openvpn/ccd/lv\xef\xbf\xbd\xef\xbf\xbdberg

However none of which works. The easy solution here would obviously be to change the common name in the certificates and re-issue the certificate, but I would prefer to solve this without having to do so.

Is this possible?

Edit: Yes, I used Python and I copied the output of the log from tail -f openvpn.log into Python in order to get the "binary" representation of the ö.

OpenVPN 2.3.10 i386-openbsd5.9 (OpenSSL)

Torxed
  • 225
  • 1
  • 5
  • 18
  • 1
    FWIW this line of Python code demonstrates the most likely sequence of incorrect conversions leading to the garbled string: `u'lövberg'.encode('utf8').decode('ascii', 'replace').encode('utf8')` – kasperd Apr 26 '16 at 13:45
  • @kasperd Ah crap I'm using Python2.7 because BSD. Yea you might be right. Normally openin the file as a binary file handle and not using print on the string but `print([data])` gives you a rather accurate description of the content without modifying it first. The only downside being the terminal encoding but usually none of the `.encode().decode()` chain problems. – Torxed Apr 26 '16 at 13:47
  • @kasperd You got me thinking, I did as you guessed garbled up the output of the log by copying the line somewhere into a text editor and save it in Python to print it (because I was lazy). Correct way to do it is `with open('/var/log/openvpn/openvpn.log', 'rb') as fh: print([fh.read()])` and that got me `\xc3\x83\xc2\xb6` for the `ö` and renaming the client configuration to `/etc/openvpn/ccd/l\xc3\x83\xc2\xb6vberg` worked. Write up a answer and the solution points are yours. – Torxed Apr 26 '16 at 13:57
  • 1
    Honestly, I would be very tempted to simply use strace/ktrace and watch what filenames OpenVPN tries to access in the ccd when the client connects. – Zoredache Apr 26 '16 at 16:52

1 Answers1

1

As an educated guess: your example may not work due to different encoding between your console and openvpn. You may get lucky trying UTF-8 or isolatin1.

grin
  • 304
  • 1
  • 8
  • You were not far from it, and your guess is qualified so please leave it here for any other brave soul wondering about this post. – Torxed Apr 26 '16 at 13:58