OpenVPN Update Broke Script

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
gw1500se
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 09, 2018 12:42 pm

OpenVPN Update Broke Script

Post by gw1500se » Thu Aug 09, 2018 12:53 pm

I have a script that runs in background and was working until CentOS 7 updated to version openvpn-2.4.6. Apparently this version now requires authentication to run the client. How do I turn this off so it behaves as it did prior to this update? Why was this feature made default? Since it is running as root it has already been authorized and running in background there is no easy way to answer the prompt. I can find information on providing a password required to access the server (auth-user-password which I already have) but nothing on just running the client. TIA.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Update Broke Script

Post by TinCanTech » Thu Aug 09, 2018 1:09 pm


gw1500se
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 09, 2018 12:42 pm

Re: OpenVPN Update Broke Script

Post by gw1500se » Thu Aug 09, 2018 3:14 pm

OK, I looked at it and don't see anything about asking what changes were made to the latest version. There is nothing in the release notes about prompting for a client password or that there was even a change requiring it. Keep in mind that I had a working client.conf until this update. All I want to know is what was changed but undocumented that now requires a client password. If someone can point me to a client configuration option that addresses this and I am not finding, that is all I need.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Update Broke Script

Post by TinCanTech » Thu Aug 09, 2018 3:23 pm

gw1500se wrote:
Thu Aug 09, 2018 3:14 pm
All I want to know is what was changed but undocumented that now requires a client password
Nothing changed "that now requires a client password" .. in openvpn. Maybe your server requires a password. We really don't understand what you want and you have not given us the details we require to help ... soo ..

gw1500se
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 09, 2018 12:42 pm

Re: OpenVPN Update Broke Script

Post by gw1500se » Thu Aug 09, 2018 4:11 pm

This is client only. The server is not mine. When I try to run my script, I get this:
Thu Aug 9 12:05:39 2018 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Thu Aug 9 12:05:39 2018 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Enter Auth Password: Thu Aug 9 12:05:39 2018 ERROR: Failed retrieving username or password
Thu Aug 9 12:05:39 2018 Exiting due to fatal error
It never even gets to the point where I am accessing the server. I first thought it was an OpenSSL issue but those folks sent me here. This prompt did not occur before the last OpenVPN update. If I run the script in foreground and enter the password, it works. It is the password requirement that is new and I don't want/need.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Update Broke Script

Post by TinCanTech » Thu Aug 09, 2018 4:27 pm

gw1500se wrote:
Thu Aug 09, 2018 4:11 pm
It is the password requirement that is new and I don't want/need
It is not new .. it is in your config file.

You can disable it by commenting out auth-user-pass

gw1500se
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 09, 2018 12:42 pm

Re: OpenVPN Update Broke Script

Post by gw1500se » Thu Aug 09, 2018 5:45 pm

That directive applies to the server password, does it not? This password is the one required to run the client (why one is needed in the first place eludes me). I had to set that password locally after the update using 'systemd-tty-ask-password-agent ' which I've never seen or used before.

Post Reply