Issue
If you're using MySQL or MariaDB to store Access Server configuration (which is the default for cluster setups and optional for standalone), you may run into issues after upgrading to version 3.0.0 if your database password contains special characters.
The following error appears in the /var/log/openvpnas.log:
builtins.AttributeError: 'NoneType' object has no attribute 'confdb'
In addition, you will have issues when trying to access the Admin Web UI, such as:
- You can't get past the EULA prompt.
- The Admin Web UI pages won't load at all.
Cause
Special characters in MySQL passwords (like @, :, /, ?, etc.) must be escaped when included in the database string. If they're not, Access Server can't parse the connection string correctly and fails to connect to the database.
What is a Connection String?
Here is the general format of a connection string:
mysql://username:password@host:port/database
Access Server uses separate connection strings for several internal databases:
config_dbcluster_dbuser_prop_dbcerts_dbnotification_db.
All of them are configured in the /usr/local/openvpn_as/etc/as.conf file.
If your password contains special characters, you need to replace those characters with special codes (called percent-encoding or URL encoding).
Why Escape Password Characters?
Some characters like @ or / are interpreted as part of the connection string's structure. If they're not escaped, they can break the login.
Example
Unescaped password:
Pa@ss/word:123
Incorrect URI:
mysql://user:Pa@ss/word:123@localhost:3306/config_db
Correct (escaped) URI:
mysql://user:Pa%40ss%2Fword%3A123@localhost:3306/config_db
Escape Table
| Character | Escape Code |
| @ | %40 |
| / | %2F |
| : | %3A |
How to Escape
Option 1: Manually replace special characters using the table above.
Option 2: Convert password using the Linux command-line interface and Python:
python3 -c "import urllib.parse; print(urllib.parse.quote('MyP@ss:word/123?'))"Option 3 (not recommended for security reasons): Use an online tool, like https://www.urlencoder.org.
Paste your password and click Encode.
Solution
To resolve the issue, you should convert your password and replace it in the /usr/local/openvpn_as/etc/as.conf file with an escaped one.
Example
Your as.conf file contains the following MySQL connection strings:
# certificates database certs_db=mysql://user:MyP@ss:word/123?@db-server.company.com/as_certs # user properties DB user_prop_db=mysql://user:MyP@ss:word/123?@db-server.company.com/as_userprop # configuration DB config_db=mysql://user:MyP@ss:word/123?@db-server.company.com/as_config # Local configuration DB - this must remain a SQLite type database config_db_local=sqlite:///~/db/config_local.db # cluster DB cluster_db=mysql://user:MyP@ss:word/123?@db-server.company.com/as_cluster # notification DB notification_db=mysql://user:MyP@ss:word/123?@db-server.company.com/as_notification
Step 1: Convert the password into an escaped one:
python3 -c "import urllib.parse; print(urllib.parse.quote('MyP@ss:word/123?'))"
MyP%40ss%3Aword/123%3FCopy the escaped password into the clipboard.
Step 2: Update the configuration file
Edit /usr/local/openvpn_as/etc/as.conf and replace the plain-text password with the escaped version.
nano /usr/local/openvpn_as/etc/as.conf
The section with connection strings should look like this:
# certificates database certs_db=mysql://user:MyP%40ss%3Aword/123%3F@db-server.company.com/as_certs # user properties DB user_prop_db=mysql://user:MyP%40ss%3Aword/123%3F@db-server.company.com/as_userprop # configuration DB config_db=mysql://user:MyP%40ss%3Aword/123%3F@db-server.company.com/as_config # Local configuration DB - this must remain a SQLite type database config_db_local=sqlite:///~/db/config_local.db # cluster DB cluster_db=mysql://user:MyP%40ss%3Aword/123%3F@db-server.company.com/as_cluster # notification DB notification_db=mysql://user:MyP%40ss%3Aword/123%3F@db-server.company.com/as_notification
✅ Important note: leave config_db_local string as is (untouched).
Save and exit with Ctrl + X, then Y, and Enter.
Step 3: Restart the openvpnas service
Run the following command to restart the openvpnas service:
service openvpnas restart
Access Server should start properly, and you can log in to Admin Web UI or establish an OpenVPN connection now.
Step 4: Repeat on other nodes
If you're using a clustered deployment or multiple Access Server nodes that share the same MySQL/MariaDB server, repeat steps 2 and 3 on each one.
If you’re on a standalone server using MySQL/MariaDB, you’re done.
If you continue to experience issues or have further questions, please submit a support request here.
Comments
0 comments
Article is closed for comments.