Passing a token pin to openvpn
Posted: Tue Aug 08, 2023 8:53 am
I am working on a project that needs an automatic connection to an OpenVPN server. All infrastructure is in place.
On running openvpn, the client gets prompted for the pin of our PKCS11-token and the connection establishes correctly.
Now, I am trying to automate the openvpn connection process, as this is supposed to be a headless machine with "plug-play" functionality.
The issue is, I have not found a way to pass the pin to the openvpn process in any other way, than just typing it manually during start.
pkcs11-providers /usr/local/lib/libcvP11.so
pkcs11-id 'pkcs11:model=JavaCardOS;token=%b5SD;manufacturer=cv%20cryptovision%20gmbh%20%28c%29%20v1.0j;serial=9261191350993608;id=%a1%1dI%d1%09%92C%86%b0O%17%b0%03%f3%c5%d4'
client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca CA.pem
cipher AES-256-CBC
verb 3
Thanks and best,
Zoe
On running openvpn, the client gets prompted for the pin of our PKCS11-token and the connection establishes correctly.
Now, I am trying to automate the openvpn connection process, as this is supposed to be a headless machine with "plug-play" functionality.
The issue is, I have not found a way to pass the pin to the openvpn process in any other way, than just typing it manually during start.
Client config
pkcs11-providers /usr/local/lib/libcvP11.so
pkcs11-id 'pkcs11:model=JavaCardOS;token=%b5SD;manufacturer=cv%20cryptovision%20gmbh%20%28c%29%20v1.0j;serial=9261191350993608;id=%a1%1dI%d1%09%92C%86%b0O%17%b0%03%f3%c5%d4'
client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca CA.pem
cipher AES-256-CBC
verb 3
Thanks and best,
Zoe