[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] I must use "auth-user-pass file"


  • Subject: Re: [Openvpn-users] I must use "auth-user-pass file"
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Tue, 18 Jan 2005 13:20:09 +0100 (CET)

On Tue, 18 Jan 2005, Monty Ree wrote:

Hello, Mathias Sundman.

Hi! First, please don't top-post. Write your comments below the text you quote.


So thanks for your kind answer.
But I can't understand what you said. sorry....

I use openvpn server(linux) "OpenVPN 2.0_rc8" and client OpenVPNGUI(winxp).

I would like to authentificate vpn clients using username/password via VPN server. I read that like below at http://www.openvpn.net/changelog.html. I can't understand why this good function is disabled by default.

See the '"--askpass file" is evil' thread on openvpn-users list. Here's one link to the archive:


http://article.gmane.org/gmane.network.openvpn.user/7581/match=+evil

"The ability to read --askpass and --auth-user-pass
passwords from a file has been disabled by default.
To re-enable, use ./configure --enable-password-save."

Anyway, So I executed (./configure --enable-password-save; make; make install)

You don't need todo this on the server as you will only be authenticating the users here with a script, not store any passwords in a file.


and upgraded to latest OpenVPNGUI and connected.
my config is "auth-user-pass pass.txt"

But ERROR message like below.

Tue Jan 18 14:44:12 2005 us=890289 OpenVPN 2.0_rc6 Win32-MinGW [SSL] [LZO] built on Dec 20 2004
Tue Jan 18 14:44:12 2005 us=890514 Sorry, 'Auth' password cannot be read from a file
Tue Jan 18 14:44:12 2005 us=890549 Exiting

Yes, that's because it's on the client side you miss this feature.

Andt you said.
"You would have to rebuild OpenVPN on Windows with the
--enable-password-save option."
--> Then should do I reinstall OpenVPNGUI? How to rebuild on windows?

No, you don't have to reinstall OpenVPN GUI. You have to rebuild OpenVPN itself.


See the "Notes -- Building from source" section in INSTALL-win32:

http://openvpn.net/INSTALL-win32.html


There is no options when i install OpenVPNGUI?

Nope, this is blocked by OpenVPN, so the OpenVPN GUI can't do anything about it.


I would like to use auto login function at OpenVPNGUI.
Please help me....

I would strongly recommend you to use a certificate to authenticate hosts that you don't want to type any password on.


You can run a second instance of OpenVPN on the server accepting connections authenticated by certificates instead of username/auth for hosts that require un-attended VPN logons.

username/password auth is ment to be typed by humans.

From: Mathias Sundman <mathias@xxxxxxxxxx>
To: Monty Ree <chulmin2@xxxxxxxxxxx>
CC: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] I must use "auth-user-pass file"
Date: Mon, 17 Jan 2005 10:14:59 +0100 (CET)

On Mon, 17 Jan 2005, Monty Ree wrote:

Hello,

I installed openvpn GUI 1.0 beta 26 for client.
and OpenVPN 2.0_rc8 and OpenVPN 2.0_beta16(./configure
--enable-password-save)for server.

Did you need --enable-password-save on the server?

What password are you having in a file there?

But I can't use "auth-user-pass filename" after upgrade.

I assume you mean on the Windows client now, right?

How can I use "auth-user-pass filename"?

You would have to rebuild OpenVPN on Windows with the --enable-password-save option.

In my case, OpenVPN reconnect very often, so reconnection automatically is very important for me without typing username/password...

You can use the --persist-key option on the client. This will cause OpenVPN to cache the password during ping-restarts.

You can also change the following reg-value to "0". That will cause
OpenVPN GUI not to terminate OpenVPN when you put a computer in hibernate
mode.

HKLM\Software\OpenVPN-GUI\disconnect_on_suspend

Now you would only be queried for user auth creds when you have manually
disconnected and want to connect again.

-- _________________________________________________________ Mathias Sundman (^) ASCII Ribbon Campaign NILINGS AB X NO HTML/RTF in e-mail Tel: +46-(0)8-666 32 28 / \ NO Word docs in e-mail


------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users