Problem with auth-user-pass and systemd

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
heinzelrumpel
OpenVpn Newbie
Posts: 19
Joined: Fri Jan 11, 2013 10:59 am

Problem with auth-user-pass and systemd

Post by heinzelrumpel » Sun Mar 19, 2017 7:02 pm

Hi,

just installed openvpn 2.4.0 on Debian Jessie with systemd. Now, on strange thing happens. I have

Code: Select all

auth-user-pass /etc/open/login.txt
within my config file. When starting openvpn via

Code: Select all

systemctl start openvpn@germany.service
I get a username/password prompt. Journal -xn shows

Code: Select all


Mär 19 19:55:33 pissoff systemd[1]: Started Forward Password Requests to Wall.
-- Subject: Unit systemd-ask-password-wall.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-ask-password-wall.service has finished starting up.
-- 
-- The start-up result is done.
Mär 19 19:55:34 pissoff ovpn-Germany[714]: ERROR: Auth username is empty
Mär 19 19:55:34 pissoff ovpn-Germany[714]: Exiting due to fatal error
Mär 19 19:55:34 pissoff systemd[1]: openvpn@Germany.service: control process exited, code=exited status=1
Mär 19 19:55:34 pissoff systemd[1]: Failed to start OpenVPN connection to Germany.
-- Subject: Unit openvpn@Germany.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit openvpn@Germany.service has failed.
-- 
-- The result is failed.
Mär 19 19:55:34 pissoff systemd[1]: Unit openvpn@Germany.service entered failed state.
root@pissoff:/etc/openvpn# 
Of course the login.txt is not empty.

any ideas?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Problem with aut-user--pass

Post by TinCanTech » Sun Mar 19, 2017 7:21 pm

Please post full details of:

Code: Select all

$ openvpn --version

heinzelrumpel
OpenVpn Newbie
Posts: 19
Joined: Fri Jan 11, 2013 10:59 am

Re: Problem with auth-user-pass and systemd

Post by heinzelrumpel » Sun Mar 19, 2017 7:27 pm

Code: Select all

OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 27 2016
library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_ifconfig_path=/sbin/ifconfig with_iproute_path=/sbin/ip with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_route_path=/sbin/route with_sysroot=no
Installed it from the openvpn repro

Code: Select all

deb http://build.openvpn.net/debian/openvpn/release/2.4 jessie main
First I tried the build in from Jessie

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Problem with auth-user-pass and systemd

Post by TinCanTech » Sun Mar 19, 2017 7:46 pm

Please try the openvpn prepared systemd unit file openvpn-client@.service

There is also a openvpn-server@.service version.

heinzelrumpel
OpenVpn Newbie
Posts: 19
Joined: Fri Jan 11, 2013 10:59 am

Re: Problem with auth-user-pass and systemd

Post by heinzelrumpel » Sun Mar 19, 2017 8:16 pm

What do you mean with that?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Problem with auth-user-pass and systemd

Post by TinCanTech » Sun Mar 19, 2017 9:36 pm

Hopefully, it will be something like this:

Code: Select all

# systemctl disable openvpn@german
# systemctl enable openvpn-client@german
# systemctl reboot

heinzelrumpel
OpenVpn Newbie
Posts: 19
Joined: Fri Jan 11, 2013 10:59 am

Re: Problem with auth-user-pass and systemd

Post by heinzelrumpel » Mon Mar 20, 2017 3:23 pm

Unfortunatly this does not work

Code: Select all

root@pissoff:~# systemctl enable openvpn-client@Germany.service
Failed to execute operation: No such file or directory
root@pissoff:~# systemctl enable openvpn-client@Germany
Failed to execute operation: No such file or directory

heinzelrumpel
OpenVpn Newbie
Posts: 19
Joined: Fri Jan 11, 2013 10:59 am

Re: Problem with auth-user-pass and systemd

Post by heinzelrumpel » Tue Mar 21, 2017 9:26 am

Could it be a problem with systemd-ask-password-wall.service ?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Problem with auth-user-pass and systemd

Post by TinCanTech » Tue Mar 21, 2017 12:21 pm

Please post your client log file at --verb 4

Also, to use the openvpn-client@.service the openvpn client config file needs to be located in
/etc/openvpn/client/Germany.conf

heinzelrumpel
OpenVpn Newbie
Posts: 19
Joined: Fri Jan 11, 2013 10:59 am

Re: Problem with auth-user-pass and systemd

Post by heinzelrumpel » Mon Mar 27, 2017 2:42 pm

Code: Select all

-- Logs begin at Mon 2017-03-27 16:21:38 CEST, end at Mon 2017-03-27 16:36:40 CEST. --
Mär 27 16:36:08 pissoff openvpn[677]: OpenVPN 2.4.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2017
Mär 27 16:36:08 pissoff openvpn[677]: library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Mär 27 16:36:09 pissoff systemd[1]: Started Forward Password Requests to Wall.
-- Subject: Unit systemd-ask-password-wall.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit systemd-ask-password-wall.service has finished starting up.
--
-- The start-up result is done.
Mär 27 16:36:09 pissoff openvpn[677]: ERROR: Auth username is empty
Mär 27 16:36:09 pissoff openvpn[677]: Exiting due to fatal error
Mär 27 16:36:09 pissoff systemd[1]: openvpn-client@Germany.service: main process exited, code=exited, status=1/FAILURE
Mär 27 16:36:09 pissoff systemd[1]: Failed to start OpenVPN tunnel for Germany.
-- Subject: Unit openvpn-client@Germany.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit openvpn-client@Germany.service has failed.
--
-- The result is failed.
Mär 27 16:36:09 pissoff systemd[1]: Unit openvpn-client@Germany.service entered failed state.
Mär 27 16:36:39 pissoff systemd[1]: Starting Cleanup of Temporary Directories...
-- Subject: Unit systemd-tmpfiles-clean.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit systemd-tmpfiles-clean.service has begun starting up.
Mär 27 16:36:40 pissoff systemd[1]: Started Cleanup of Temporary Directories.
-- Subject: Unit systemd-tmpfiles-clean.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit systemd-tmpfiles-clean.service has finished starting up.
--
-- The start-up result is done.
No change with client directory

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Problem with auth-user-pass and systemd

Post by TinCanTech » Mon Mar 27, 2017 2:47 pm

Is your OS up to date ? (eg. systemctl --version & uname -a)

It would also help if you post your openvpn config file and openvpn log file @ --verb 4

heinzelrumpel
OpenVpn Newbie
Posts: 19
Joined: Fri Jan 11, 2013 10:59 am

Re: Problem with auth-user-pass and systemd

Post by heinzelrumpel » Mon Mar 27, 2017 3:23 pm

Yes, Debian Jessie latest updates installed

Here is my config

Code: Select all


client
dev tun
proto tcp
remote XXXXXX 501
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
auth sha256
auth-user-pass /etc/openvpn/auth-pia
tls-client
remote-cert-tls server
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.4096.pem
ca ca.rsa.4096.crt
disable-occ
While copy/paste this config I notice that directive auth-user-pass is not included to clipboard. Very weird. I just deleted the whole line and recreated, NOW it works. Well, no clue what happened

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Problem with auth-user-pass and systemd

Post by TinCanTech » Mon Mar 27, 2017 4:19 pm

Perhaps something to do with your first post:
heinzelrumpel wrote:Code:
auth-user-pass /etc/open/login.txt

Post Reply