Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN pfSense 2.0 RC2 as client with auth_user_pass

    OpenVPN
    2
    5
    5173
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      namtab last edited by

      Hi,

      I've setup VPN>OpenVPN>Client in Peer to peer TLS mode

      My client config is:

      client
      dev tun
      proto tcp
      remote REMOTEHOST
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      ca ca.crt
      cert personalcert.crt
      key privatekey.key
      comp-lzo
      verb 5
      auth-user-pass
      tls-remote servervpn
      

      Problem is the auth-user-pass which only accepts the input from stdin, as per

      .
      ..
      …
      Jun 10 15:05:48 openvpn[17814]: auth_user_pass_verify_script = '[UNDEF]'
      Jun 10 15:05:48 openvpn[17814]: auth_user_pass_verify_script_via_file = DISABLED
      Jun 10 15:05:48 openvpn[17814]: ssl_flags = 0
      Jun 10 15:05:48 openvpn[17814]: port_share_host = '[UNDEF]'
      Jun 10 15:05:48 openvpn[17814]: port_share_port = 0
      Jun 10 15:05:48 openvpn[17814]: client = ENABLED
      Jun 10 15:05:48 openvpn[17814]: pull = ENABLED
      Jun 10 15:05:48 openvpn[17814]: auth_user_pass_file = 'stdin'
      Jun 10 15:05:48 openvpn[17814]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on May 25 2011
      Jun 10 15:05:48 openvpn[17814]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
      Jun 10 15:05:48 openvpn[17814]: ERROR: could not read Auth username from stdin
      Jun 10 15:05:48 openvpn[17814]: Exiting

      Anyone know some way of sending the username and password ?

      1 Reply Last reply Reply Quote 0
      • N
        namtab last edited by

        sorry..

        bump

        ?

        1 Reply Last reply Reply Quote 0
        • N
          namtab last edited by

          Please… anyone... I'm truly desperate...

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            I'm not sure if we have enabled the build option for OpenVPN to allow reading user/pass from a file.

            If we did, then it would be:

            auth-user-pass filename
            

            So you'd want to use:

            auth-user-pass /conf/myvpnpassfile
            

            And then edit /conf/myvnnpassfile to include the info like OpenVPN wants it formatted.

            Automatically supplying a username and password for a VPN is rather dangerous so they discourage using that option. Using certificates only or shared key is fine, but a username and password is meant to be used be a person, not an automated system.

            From the OpenVPN docs:

            –auth-user-pass [up]
                Authenticate with server using username/password. up is a file containing username/password on 2 lines (Note: OpenVPN will only read passwords from a file if it has been built with the –enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in win/settings.in).

            If up is omitted, username/password will be prompted from the console.

            The server configuration must specify an --auth-user-pass-verify script to verify the username/password provided by the client.

            1 Reply Last reply Reply Quote 0
            • N
              namtab last edited by

              Thank you jimp, I'll try your suggestions ASAP then report back.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy