OpenVPN pfSense 2.0 RC2 as client with auth_user_pass
-
Hi,
I've setup VPN>OpenVPN>Client in Peer to peer TLS mode
My client config is:
client dev tun proto tcp remote REMOTEHOST resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert personalcert.crt key privatekey.key comp-lzo verb 5 auth-user-pass tls-remote servervpnProblem is the auth-user-pass which only accepts the input from stdin, as per
.
..
…
Jun 10 15:05:48 openvpn[17814]: auth_user_pass_verify_script = '[UNDEF]'
Jun 10 15:05:48 openvpn[17814]: auth_user_pass_verify_script_via_file = DISABLED
Jun 10 15:05:48 openvpn[17814]: ssl_flags = 0
Jun 10 15:05:48 openvpn[17814]: port_share_host = '[UNDEF]'
Jun 10 15:05:48 openvpn[17814]: port_share_port = 0
Jun 10 15:05:48 openvpn[17814]: client = ENABLED
Jun 10 15:05:48 openvpn[17814]: pull = ENABLED
Jun 10 15:05:48 openvpn[17814]: auth_user_pass_file = 'stdin'
Jun 10 15:05:48 openvpn[17814]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on May 25 2011
Jun 10 15:05:48 openvpn[17814]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Jun 10 15:05:48 openvpn[17814]: ERROR: could not read Auth username from stdin
Jun 10 15:05:48 openvpn[17814]: ExitingAnyone know some way of sending the username and password ?
-
sorry..
bump
?
-
Please… anyone... I'm truly desperate...
-
I'm not sure if we have enabled the build option for OpenVPN to allow reading user/pass from a file.
If we did, then it would be:
auth-user-pass filenameSo you'd want to use:
auth-user-pass /conf/myvpnpassfileAnd then edit /conf/myvnnpassfile to include the info like OpenVPN wants it formatted.
Automatically supplying a username and password for a VPN is rather dangerous so they discourage using that option. Using certificates only or shared key is fine, but a username and password is meant to be used be a person, not an automated system.
From the OpenVPN docs:
–auth-user-pass [up]
Authenticate with server using username/password. up is a file containing username/password on 2 lines (Note: OpenVPN will only read passwords from a file if it has been built with the –enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in win/settings.in).If up is omitted, username/password will be prompted from the console.
The server configuration must specify an --auth-user-pass-verify script to verify the username/password provided by the client.
-
Thank you jimp, I'll try your suggestions ASAP then report back.
