How to make a Linux box connect to OpenVPN server on boot without a user present?

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
BobAGI
OpenVPN Power User
Posts: 156
Joined: Mon May 05, 2014 10:17 pm

How to make a Linux box connect to OpenVPN server on boot without a user present?

Post by BobAGI » Sun May 02, 2021 1:11 pm

I have used OpenVPN since 6-7 years or more but only as a means for a user to connect to a private network such as a business office or someone else's home network. In all these cases an action by the user has started the process, which includes entering a password.

Now I am building remote monitoring systems using Raspberry Pi devices and these need to connect as clients to a "home base" OpenVPN server when they operate. But there is no user present to do this...
I could do it the same way as if a user is there via some cron or startup job, but this will not work because there is no user to enter the password on connection...

So how should the client.conf file be written to make this happen?
Is there some limitation on the server side for it to work?

I have read the 2X HOWTO Guide about automatically running on start. But what it states does not solve the user password entry problem. It looks more like how to set up OpenVPN server to run on start...

I need the client to connect on system start and it says that if there is a conf file in the /etc/openvpn dir on startup then it will autoconnect using that. I guess that what the HOWTO states is that each conf file triggers one instance of openvpn to run with that conf. This would make sense for servers, but for clients there is the password entry problem...

All of my ovpn files (used on Windows) or conf files (on Linux) cause a login dialog on connection and there is no user there to enter anything into that...

So how can I set up the client (or server?) conf files such that the connection can proceed automatically?
Is there a trick when creating the user.conf/user.ovpn files or is there some server side setting that needs to be used?

300000
OpenVPN Expert
Posts: 510
Joined: Tue May 01, 2012 9:30 pm

Re: How to make a Linux box connect to OpenVPN server on boot without a user present?

Post by 300000 » Sun May 02, 2021 4:21 pm

It is very simple to do that as follow . If you got system is working now and your home is openvpn server and you want your client install raspberry pi connect to your home server automatic with username and password so let do it

open client and add this line

sudo nano /ect/openvpn/client.conf

"auth-user-pass /etc/openvpn/auth.txt"

after that close and save the config file

inside openvpn folder create new text file name it as auth.txt then open it add user name and password as


"jonh"
"password"

save it and close auth.txt file .after that add this line in terminal to make openvpn start automatic on reboot

"systemctl enable openvpn"

you maybe get some file permission so correct it and try it should work as you like.

BobAGI
OpenVPN Power User
Posts: 156
Joined: Mon May 05, 2014 10:17 pm

Re: How to make a Linux box connect to OpenVPN server on boot without a user present?

Post by BobAGI » Mon May 03, 2021 9:31 pm

After I digested the problem a while and looked at how we make password protected ovpn files I realized that this sequence in the easy-rsa directory will work:

Code: Select all

source vars
./build-key <ClientName> #Make key without password
./MakeOVPN_NP <ClientName>
The MakeOVPN_NP script is a modified version of the one we normally use (NP stands for NoPassword).
In this we use the key produced by the build-key command rather than encrypting it using 3des as we do for the normal ovpn files.

Tested and it worked like a charm.

Post Reply