diff --git a/vpnsession.go b/vpnsession.go
index a48c474..6dfe952 100644
--- a/vpnsession.go
+++ b/vpnsession.go
@@ -102,38 +102,42 @@ func (c *vpnSession) ParseSessionId(line string) error {
 func (c *vpnSession) ParseEnv(s *OpenVpnMgt, infos *[]string) error {
 	var err error
 	r := regexp.MustCompile("[^a-zA-Z0-9./_@-]")
-
+	renv := regexp.MustCompile("^>CLIENT:ENV,([^=]*)=(.*)$")
 	for _, line := range *infos {
-		p := strings.Split(strings.Replace(line, ">CLIENT:ENV,", "", 1), "=")
-		switch p[0] {
+		p := renv.FindStringSubmatch(line)
+		if len(p) != 3 {
+			continue
+		}
+
+		switch p[1] {
 		case "trusted_port":
-			if c.port, err = strconv.Atoi(r.ReplaceAllString(p[1], "")); err != nil {
+			if c.port, err = strconv.Atoi(r.ReplaceAllString(p[2], "")); err != nil {
 				return err
 			}
 		case "untrusted_port":
-			if c.port, err = strconv.Atoi(r.ReplaceAllString(p[1], "")); err != nil {
+			if c.port, err = strconv.Atoi(r.ReplaceAllString(p[2], "")); err != nil {
 				return err
 			}
 		case "trusted_ip":
-			c.IP = r.ReplaceAllString(p[1], "")
+			c.IP = r.ReplaceAllString(p[2], "")
 		case "untrusted_ip":
-			c.IP = r.ReplaceAllString(p[1], "")
+			c.IP = r.ReplaceAllString(p[2], "")
 		case "ifconfig_pool_remote_ip":
-			c.PrivIP = r.ReplaceAllString(p[1], "")
+			c.PrivIP = r.ReplaceAllString(p[2], "")
 		case "ifconfig_local":
-			c.localIP = r.ReplaceAllString(p[1], "")
+			c.localIP = r.ReplaceAllString(p[2], "")
 		case "bytes_received":
-			if c.BwWrite, err = strconv.Atoi(p[1]); err != nil {
+			if c.BwWrite, err = strconv.Atoi(p[2]); err != nil {
 				break
 			}
 		case "bytes_sent":
-			if c.BwRead, err = strconv.Atoi(p[1]); err != nil {
+			if c.BwRead, err = strconv.Atoi(p[2]); err != nil {
 				break
 			}
 		case "password":
 			switch {
-			case strings.HasPrefix(p[1], "CRV1"):
-				split := strings.Split(p[1], ":")
+			case strings.HasPrefix(p[2], "CRV1"):
+				split := strings.Split(p[2], ":")
 				if len(split) != 5 {
 					break
 				}
@@ -143,8 +147,8 @@ func (c *vpnSession) ParseEnv(s *OpenVpnMgt, infos *[]string) error {
 					c.otpCode = "***"
 				}
 			// don't check that password against the ibp database
-			case strings.HasPrefix(p[1], "SCRV1"):
-				split := strings.Split(p[1], ":")
+			case strings.HasPrefix(p[2], "SCRV1"):
+				split := strings.Split(p[2], ":")
 				if len(split) != 3 {
 					break
 				}
@@ -156,7 +160,7 @@ func (c *vpnSession) ParseEnv(s *OpenVpnMgt, infos *[]string) error {
 
 				data, err = base64.StdEncoding.DecodeString(split[2])
 				if err != nil {
-					c.password = p[1]
+					c.password = p[2]
 					break
 				}
 				c.otpCode = string(data)
@@ -169,7 +173,7 @@ func (c *vpnSession) ParseEnv(s *OpenVpnMgt, infos *[]string) error {
 					go s.CheckPwn(c)
 				}
 			default:
-				c.password = p[1]
+				c.password = p[2]
 				c.otpCode = ""
 				// only check if the password is pwned on the first connection
 				if c.Operation == "log in" {
@@ -178,11 +182,11 @@ func (c *vpnSession) ParseEnv(s *OpenVpnMgt, infos *[]string) error {
 			}
 
 		case "username":
-			c.Login = r.ReplaceAllString(p[1], "")
+			c.Login = r.ReplaceAllString(p[2], "")
 		case "dev":
-			c.dev = r.ReplaceAllString(p[1], "")
+			c.dev = r.ReplaceAllString(p[2], "")
 		case "ifconfig_netmask":
-			c.netmask = r.ReplaceAllString(p[1], "")
+			c.netmask = r.ReplaceAllString(p[2], "")
 		}
 	}
 	return nil