OpenVPN pfSense 2.0 RC2 as client with auth_user_pass
I've setup VPN>OpenVPN>Client in Peer to peer TLS mode
My client config is:
client dev tun proto tcp remote REMOTEHOST resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert personalcert.crt key privatekey.key comp-lzo verb 5 auth-user-pass tls-remote servervpn
Problem is the auth-user-pass which only accepts the input from stdin, as per
Jun 10 15:05:48 openvpn: auth_user_pass_verify_script = '[UNDEF]'
Jun 10 15:05:48 openvpn: auth_user_pass_verify_script_via_file = DISABLED
Jun 10 15:05:48 openvpn: ssl_flags = 0
Jun 10 15:05:48 openvpn: port_share_host = '[UNDEF]'
Jun 10 15:05:48 openvpn: port_share_port = 0
Jun 10 15:05:48 openvpn: client = ENABLED
Jun 10 15:05:48 openvpn: pull = ENABLED
Jun 10 15:05:48 openvpn: auth_user_pass_file = 'stdin'
Jun 10 15:05:48 openvpn: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on May 25 2011
Jun 10 15:05:48 openvpn: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Jun 10 15:05:48 openvpn: ERROR: could not read Auth username from stdin
Jun 10 15:05:48 openvpn: Exiting
Anyone know some way of sending the username and password ?
Please… anyone... I'm truly desperate...
I'm not sure if we have enabled the build option for OpenVPN to allow reading user/pass from a file.
If we did, then it would be:
So you'd want to use:
And then edit /conf/myvnnpassfile to include the info like OpenVPN wants it formatted.
Automatically supplying a username and password for a VPN is rather dangerous so they discourage using that option. Using certificates only or shared key is fine, but a username and password is meant to be used be a person, not an automated system.
From the OpenVPN docs:
Authenticate with server using username/password. up is a file containing username/password on 2 lines (Note: OpenVPN will only read passwords from a file if it has been built with the –enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in win/settings.in).
If up is omitted, username/password will be prompted from the console.
The server configuration must specify an --auth-user-pass-verify script to verify the username/password provided by the client.
Thank you jimp, I'll try your suggestions ASAP then report back.