4. OpenVPN pfSense 2.0 RC2 as client with auth_user_pass

OpenVPN pfSense 2.0 RC2 as client with auth_user_pass

  • N

    Hi,

    I've setup VPN>OpenVPN>Client in Peer to peer TLS mode

    My client config is:

    client
dev tun
proto tcp
remote REMOTEHOST
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert personalcert.crt
key privatekey.key
comp-lzo
verb 5
auth-user-pass
tls-remote servervpn

    Problem is the auth-user-pass which only accepts the input from stdin, as per

    .
    ..

    Jun 10 15:05:48 openvpn[17814]: auth_user_pass_verify_script = '[UNDEF]'
    Jun 10 15:05:48 openvpn[17814]: auth_user_pass_verify_script_via_file = DISABLED
    Jun 10 15:05:48 openvpn[17814]: ssl_flags = 0
    Jun 10 15:05:48 openvpn[17814]: port_share_host = '[UNDEF]'
    Jun 10 15:05:48 openvpn[17814]: port_share_port = 0
    Jun 10 15:05:48 openvpn[17814]: client = ENABLED
    Jun 10 15:05:48 openvpn[17814]: pull = ENABLED
    Jun 10 15:05:48 openvpn[17814]: auth_user_pass_file = 'stdin'
    Jun 10 15:05:48 openvpn[17814]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on May 25 2011
    Jun 10 15:05:48 openvpn[17814]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    Jun 10 15:05:48 openvpn[17814]: ERROR: could not read Auth username from stdin
    Jun 10 15:05:48 openvpn[17814]: Exiting

    Anyone know some way of sending the username and password ?

    0
  • N

    sorry..

    bump

    ?

    0
  • N

    Please… anyone... I'm truly desperate...

    0
  • Rebel Alliance Developer Netgate

    I'm not sure if we have enabled the build option for OpenVPN to allow reading user/pass from a file.

    If we did, then it would be:

    auth-user-pass filename

    So you'd want to use:

    auth-user-pass /conf/myvpnpassfile

    And then edit /conf/myvnnpassfile to include the info like OpenVPN wants it formatted.

    Automatically supplying a username and password for a VPN is rather dangerous so they discourage using that option. Using certificates only or shared key is fine, but a username and password is meant to be used be a person, not an automated system.

    From the OpenVPN docs:

    –auth-user-pass [up]
        Authenticate with server using username/password. up is a file containing username/password on 2 lines (Note: OpenVPN will only read passwords from a file if it has been built with the –enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in win/settings.in).

    If up is omitted, username/password will be prompted from the console.

    The server configuration must specify an --auth-user-pass-verify script to verify the username/password provided by the client.

    0
  • N

    Thank you jimp, I'll try your suggestions ASAP then report back.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy