is "auth-user-pass" option encrypted?

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
nordex1
OpenVpn Newbie
Posts: 2
Joined: Thu Aug 31, 2017 12:07 pm

is "auth-user-pass" option encrypted?

Post by nordex1 » Thu Aug 31, 2017 12:27 pm

Hello everyone, just one quick security question from my side:

When I configure client with this option

auth-user-pass

I get user/pass dialog which is passed to the server (shell script), which then checks credentials which can be found in txt file or check auth aginst LDAP.

so my question would be, is this option safe to use, is it encrypted?
Tried to google but I found nowhere answer to this.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: is "auth-user-pass" option encrypted?

Post by TinCanTech » Thu Aug 31, 2017 12:38 pm

nordex1 wrote:Tried to google but I found nowhere answer to this
https://openvpn.net/index.php/open-sour ... .html#auth
nordex1 wrote:is it encrypted?
is what encrypted ?
nordex1 wrote:is this option safe to use
That depends on how you use it ..

nordex1
OpenVpn Newbie
Posts: 2
Joined: Thu Aug 31, 2017 12:07 pm

Re: is "auth-user-pass" option encrypted?

Post by nordex1 » Thu Aug 31, 2017 12:56 pm

Thanks, somehow I overlooked that!
Using alternative authentication methods

OpenVPN 2.0 and later include a feature that allows the OpenVPN server to securely obtain a username and password from a connecting client, and to use that information as a basis for authenticating the client.

Post Reply