OpenVPN pfSense 2.0 RC2 as client with auth_user_pass



  • Hi,

    I've setup VPN>OpenVPN>Client in Peer to peer TLS mode

    My client config is:

    client
    dev tun
    proto tcp
    remote REMOTEHOST
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert personalcert.crt
    key privatekey.key
    comp-lzo
    verb 5
    auth-user-pass
    tls-remote servervpn
    

    Problem is the auth-user-pass which only accepts the input from stdin, as per

    .
    ..

    Jun 10 15:05:48 openvpn[17814]: auth_user_pass_verify_script = '[UNDEF]'
    Jun 10 15:05:48 openvpn[17814]: auth_user_pass_verify_script_via_file = DISABLED
    Jun 10 15:05:48 openvpn[17814]: ssl_flags = 0
    Jun 10 15:05:48 openvpn[17814]: port_share_host = '[UNDEF]'
    Jun 10 15:05:48 openvpn[17814]: port_share_port = 0
    Jun 10 15:05:48 openvpn[17814]: client = ENABLED
    Jun 10 15:05:48 openvpn[17814]: pull = ENABLED
    Jun 10 15:05:48 openvpn[17814]: auth_user_pass_file = 'stdin'
    Jun 10 15:05:48 openvpn[17814]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on May 25 2011
    Jun 10 15:05:48 openvpn[17814]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    Jun 10 15:05:48 openvpn[17814]: ERROR: could not read Auth username from stdin
    Jun 10 15:05:48 openvpn[17814]: Exiting

    Anyone know some way of sending the username and password ?



  • sorry..

    bump

    ?



  • Please… anyone... I'm truly desperate...


  • Rebel Alliance Developer Netgate

    I'm not sure if we have enabled the build option for OpenVPN to allow reading user/pass from a file.

    If we did, then it would be:

    auth-user-pass filename
    

    So you'd want to use:

    auth-user-pass /conf/myvpnpassfile
    

    And then edit /conf/myvnnpassfile to include the info like OpenVPN wants it formatted.

    Automatically supplying a username and password for a VPN is rather dangerous so they discourage using that option. Using certificates only or shared key is fine, but a username and password is meant to be used be a person, not an automated system.

    From the OpenVPN docs:

    –auth-user-pass [up]
        Authenticate with server using username/password. up is a file containing username/password on 2 lines (Note: OpenVPN will only read passwords from a file if it has been built with the –enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in win/settings.in).

    If up is omitted, username/password will be prompted from the console.

    The server configuration must specify an --auth-user-pass-verify script to verify the username/password provided by the client.



  • Thank you jimp, I'll try your suggestions ASAP then report back.


Locked