Passing a token pin to openvpn

zoed · Post by **zoed** » Tue Aug 08, 2023 8:53 am

I am working on a project that needs an automatic connection to an OpenVPN server. All infrastructure is in place.
On running openvpn, the client gets prompted for the pin of our PKCS11-token and the connection establishes correctly.

Now, I am trying to automate the openvpn connection process, as this is supposed to be a headless machine with "plug-play" functionality.
The issue is, I have not found a way to pass the pin to the openvpn process in any other way, than just typing it manually during start.

Client config

pkcs11-providers /usr/local/lib/libcvP11.so
pkcs11-id 'pkcs11:model=JavaCardOS;token=%b5SD;manufacturer=cv%20cryptovision%20gmbh%20%28c%29%20v1.0j;serial=9261191350993608;id=%a1%1dI%d1%09%92C%86%b0O%17%b0%03%f3%c5%d4'

client
dev tun
proto udp

remote x.x.x.x 1194

resolv-retry infinite
nobind

persist-key
persist-tun

ca CA.pem
cipher AES-256-CBC

verb 3

Thanks and best,
Zoe

becm · Post by **becm** » Sun Aug 13, 2023 2:27 pm

It is currently not possible to do that.
Some suggestions and plans exist to support this, but no code has made its way into released software so far.

zoed · Post by **zoed** » Sun Aug 20, 2023 2:14 pm

I have managed to use expect as a work-around via the following:

Code: Select all

#!/usr/bin/expect
spawn openvpn --config ovpn.conf
expect "Enter token Password: "
send -- "12345678\r"
set timeout -1
expect eof

-Zoe

OpenVPN Support Forum

Passing a token pin to openvpn

Passing a token pin to openvpn

Re: Passing a token pin to openvpn

Solved: Passing a token pin to openvpn