Fixes #4340 encode username same as with password to avoid issues with special chars.

2 files changed, 2 insertions, 1 deletions

diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php
index 3f199e3..e212fb3 100644
--- a/etc/inc/openvpn.auth-user.php
+++ b/etc/inc/openvpn.auth-user.php
@@ -84,7 +84,7 @@ openlog("openvpn", LOG_ODELAY, LOG_AUTH);
 
 if (isset($_GET)) {
 	$authmodes = explode(",", $_GET['authcfg']);
-	$username = $_GET['username'];
+	$username = base64_decode(str_replace('%3D', '=', $_GET['username']));
 	$password = base64_decode(str_replace('%3D', '=', $_GET['password']));
 	$common_name = $_GET['cn'];
 	$modeid = $_GET['modeid'];
diff --git a/usr/local/sbin/ovpn_auth_verify b/usr/local/sbin/ovpn_auth_verify
index 894c8da..b38fcb9 100755
--- a/usr/local/sbin/ovpn_auth_verify
+++ b/usr/local/sbin/ovpn_auth_verify
@@ -5,6 +5,7 @@ if [ "$1" = "tls" ]; then
 else
 	# Single quoting $password breaks getting the value from the variable.
 	password=$(echo -n "${password}" | openssl enc -base64 | sed -e 's/=/%3D/g')
+	username=$(echo -n "${username}" | openssl enc -base64 | sed -e 's/=/%3D/g')
 	RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4")
 fi