Accessing OpenVPN Server via CLI?

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
kgoerbig
OpenVpn Newbie
Posts: 6
Joined: Fri Feb 05, 2016 2:44 pm

Accessing OpenVPN Server via CLI?

Post by kgoerbig » Fri Feb 05, 2016 3:12 pm

Hi All,

This is my first post, so go easy on me. :D

My setup:

Raspberry PI2 #1 - Setup as a VPN Server. I setup the server using this script:

https://github.com/StarshipEngineer/OpenVPN-Setup.git

Raspberry PI2 #2 - Setup as a dedicated Media Center using OSMC

I am able to access from my MediaCenter, login, and I can see traffic pass across tun0 and traffic passing on the physical vpn eth0 while it is running, so I know it is working in that respect.

My isssue, is that I can only login via CLI from the mediacenter, and when I do I am presented with a request for a "Private Password":


root@osmc:~# openvpn /home/osmc/vpn-config/osmc.ovpn
Fri Feb 5 09:57:22 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 19 2015
Fri Feb 5 09:57:22 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Enter Private Key Password:




Same applies using the Kodi "openvpn" addon (https://github.com/brianhornsby/script.openvpn). I try to initiate the VPN connection with the addon, and with the debug mode on a prompt for a private key flashes.

I want to be able to automate the entering "Private Key Password". Is this possible with a script? Or can I build a key that does not require a private key password? Or is a better method for accessing through a media center?


My ovpn:


client
dev tun
proto udp
remote 192.168.2.20 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
#auth-user-pass /home/osmc/vpn-config/pass.txt
management localhost 1337
cipher AES-128-CBC
comp-lzo
verb 1
mute 20

-----BEGIN CERTIFICATE-----


<MY Certs>



-----------------------------

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Accessing OpenVPN Server via CLI?

Post by Traffic » Fri Feb 05, 2016 4:38 pm

Did you use EasyRSA to create your PKI ?

kgoerbig
OpenVpn Newbie
Posts: 6
Joined: Fri Feb 05, 2016 2:44 pm

Re: Accessing OpenVPN Server via CLI?

Post by kgoerbig » Fri Feb 05, 2016 4:50 pm

I am using EasyRSA.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Accessing OpenVPN Server via CLI?

Post by Traffic » Fri Feb 05, 2016 5:23 pm

kgoerbig wrote:can I build a key that does not require a private key password?
Yes - When you build your server or client key do so like so:

Code: Select all

./easyrsa build-server-full <filename-base> [ cmd-opts ]
add 'nopass' as the cmd-opt to disable password encryption on the file. eg:

Code: Select all

./easyrsa build-server-full server01 nopass
do the same for ca, server and client commands.

Start from scratch ..

kgoerbig
OpenVpn Newbie
Posts: 6
Joined: Fri Feb 05, 2016 2:44 pm

Re: Accessing OpenVPN Server via CLI?

Post by kgoerbig » Sat Feb 13, 2016 4:37 pm

Alright, I think I have this working. Testing connection from:

client (PI media Center) - to - server (PI VPN server):

traceroute to http://www.google.com (216.58.216.196), 30 hops max, 60 byte packets
1 10.8.0.1 (10.8.0.1) 6.491 ms 6.466 ms 6.486 ms
2 OpenWrt.lan (192.168.2.1) 6.643 ms 6.622 ms 6.717 ms
3 96.120.40.241 (96.120.40.241) 12.166 ms 18.453 ms 19.028 ms

...[remaining hops excluded]....

I am also able to connect to the vpn server from the client without a private key password prompt. So, if I were to say stream video via a torrent session with my Media Center PI while connected to my VPN server, would that be sufficient enough to encrypt the traffic so not to get picked off for any type of copyright violation?

Post Reply