bug#39660: openvpn-client-service does not support auth-user-pass

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#39660: openvpn-client-service does not support auth-user-pass

From:	Joshua Branson
Subject:	bug#39660: openvpn-client-service does not support auth-user-pass
Date:	Tue, 18 Feb 2020 09:43:22 -0500

Hello,

I recently bought a vpn service from expressvpn.  They have a closed
source app to connect, but of course we do not want to use that.
Luckily, they allow a manual connection via openvpn.  I downloaded
their script to manually connect.  It looks like they require all
manual connections to authenticate via a username and password.

Their support team told me that the manually connection must
authenticate via a username and password.  They do not support any
other manual connection.  Guix's openvpn-client-service does not
support authenticating via a username and password.

According to this forum thread
(https://forums.openvpn.net/viewtopic.php?t=11342), I was able to
manually connect to expressvpn.  via "sudo expressvpn
my_expressvpn_<countryname>.ovpn". by changing

"auth-user-pass" to "auth-user-pass login.conf".

login.conf looks like

#+BEGIN_SRC text
username
password
#+END_SRC

The express vpn file that I downloaded looks like this:

#+BEGIN_SRC text
dev tun
fast-io
persist-key
persist-tun
nobind
remote someaddress.expressnetw.com 1195

remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass login.conf

<cert>
-----BEGIN CERTIFICATE-----
secret info
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
secret info
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
secret info
-----END OpenVPN Static key V1-----
</tls-auth>
<ca>
-----BEGIN CERTIFICATE-----
secret info
-----END CERTIFICATE-----
</ca>
#+END_SRC

A solution would be to modify our current openvpn-client-service to
allow authentication via a username and password, or to supply a
configuration file.

Also it looks like expressvpn may one day move to wireguard:

https://www.expressvpn.com/blog/expressvpn-wireguard-update/


I hope this helps!

Thanks,

Joshua

[Prev in Thread]

Current Thread

[Next in Thread]

bug#39660: openvpn-client-service does not support auth-user-pass, Joshua Branson <=
- bug#39660: openvpn-client-service does not support auth-user-pass, Julien Lepiller, 2020/02/18
- bug#39660: openvpn-client-service does not support auth-user-pass, Joshua Branson, 2020/02/21
  - bug#39660: openvpn-client-service does not support auth-user-pass, Julien Lepiller, 2020/02/21
- bug#39660: (no subject), Joshua Branson, 2020/02/23

Prev by Date: bug#23286: Hunting #23286: Unable to unlock xscreensaver in Xfce
Next by Date: bug#39665: r-readr in a container has got no timezone data
Previous by thread: bug#23286: Hunting #23286: Unable to unlock xscreensaver in Xfce
Next by thread: bug#39660: openvpn-client-service does not support auth-user-pass
Index(es):
- Date
- Thread