Using client.ovpn file with cmdline options to openvpn

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
skk6
OpenVpn Newbie
Posts: 6
Joined: Sun Jun 19, 2022 4:19 pm

Using client.ovpn file with cmdline options to openvpn

Post by skk6 » Thu Jun 30, 2022 6:28 am

Hi All,

I am trying to launch openvpn process for client using python's os.system() giving client.ovpn file as argument. However I want to pass the ssl/tls parameters inside os.system() with the '--cert' and '--key' along with the ovpn file path. The problem is I am having my cert/key data held in a buffer inside my python code instead of filepath which we usually mention in ovpn file. So I do not want to provide the cert/key
as files in client.ovpn file. These two arguments I should pass as extra options to openvpn command.

Code: Select all

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca /pathToCaFile/ca.crt
#cert /pathToCertFile/ms.crt
#key /pathToKeyFile/private.key
My current code is like -

Code: Select all

os.system('openvpn --config '+ pathToOpenvpnOvpnFile +' --log '+ pathToOpenvpnLogFile)
I want to do provide the other options with system() as -

Code: Select all

os.system('openvpn --config '+ pathToOpenvpnOvpnFile +' --cert ' + certBufferNotFile + '--key ' + keyBufferNotFile +'--log '+ pathToOpenvpnLogFile)
Whether this can be done or allowed to openvpn command while starting the process.

Please let me know your advice on this.

thanks in advance for your replies.

abis9
OpenVpn Newbie
Posts: 3
Joined: Sun Jul 03, 2022 2:45 am

Re: Using client.ovpn file with cmdline options to openvpn

Post by abis9 » Sun Jul 03, 2022 2:55 am

This is not currently possible with that setup.

skk6
OpenVpn Newbie
Posts: 6
Joined: Sun Jun 19, 2022 4:19 pm

Re: Using client.ovpn file with cmdline options to openvpn

Post by skk6 » Thu Jul 07, 2022 2:18 pm

Thanks @abis9 for the reply. I tried with the above providing both --config and --cert/--key options to openvpn, but I got this error in client logs. Whether this confirms the options --cert & --key not supported now.

Code: Select all

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --ci pher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Options error: No client-side authentication method is specified.  You must use either --cert/--key, --pkcs12, or --auth-user-pass
Use --help for more information.

Post Reply