80

I am using IPVanish for using a proxy while surfing; like:

sudo openvpn --config /home/ipv/conf/ipvanish-CA-Toronto-tor-a09.ovpn

Now, I have to enter my username, after that my password. How Can I pass those two params right as one command, so that I just use one command and the username/password are being passed automatically?

Fluffy
  • 27,504
  • 41
  • 151
  • 234
JOhnlw009a
  • 1,012
  • 1
  • 7
  • 12

8 Answers8

111

The previous answer didn't work for me (still asked for username and password), what did work was putting your credentials in a file (pass.txt), like this

username@email.com
password

and calling openvpn with --auth-user-pass pass.txt.

source

Note that in some OpenVPN versions (e.g. OpenVPN 2.4.11) there is a bug where you have to first use --config and then --auth-user-pass or your auth file will be ignored without any warning.

So, here a complete example:

sudo openvpn --config /home/ipv/conf/ipvanish-CA-Toronto-tor-a09.ovpn --auth-user-pass pass.txt
Valerio Bozz
  • 1,176
  • 16
  • 32
Fluffy
  • 27,504
  • 41
  • 151
  • 234
  • 14
    This does not work for me: `Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: auth-user-pass (2.4.4)` – Ole Tange Mar 25 '20 at 21:32
  • In my case it was just username, not an email addres. But it worked like a charm, thanks. – Klesun Jun 04 '20 at 12:40
  • 2
    openvpn3 doesn't support this parameter – Nik Kashi Nov 03 '20 at 15:56
  • 2
    Aren't these very vulnerable solutions? – LeanMan Dec 12 '20 at 21:46
  • 4
    I was running into issues, but I got around this by including the line `auth-user-pass ` in my _.ovpn_ file (you can edit with a basic text editor). – Try431 Apr 05 '21 at 16:59
  • 1
    @OleTange Me too but I've updated the answer. Try again with `--auth-user-pass` after `--config`. – Valerio Bozz Jun 08 '21 at 13:43
  • 5
    The bug which needs --config to come before --auth-user-pass is still around (just had it on my Suse Leap 15.2) ... Thanx for mentioning it, that saved my sanity :-) – Tuxinose Jul 11 '21 at 11:34
36

Following @Fluffy answer (unfortunately I don't have enough reputation to comment)

There is a nice bash trick that can eliminate need for pass.txt file

Insead of

openvpn ... --auth-user-pass pass.txt

where pass.txt is

opvn_user
ovpn_pass

one can use

openvpn ... --auth-user-pass <(echo -e "opvn_user\novpn_pass")

please note the \n usage between username and password

Ohad Zadok
  • 3,452
  • 1
  • 22
  • 26
MrBr
  • 481
  • 4
  • 5
  • is it also possible to use `base64 -d encode_data_here` instead of this `(echo..)`? – codesmith Mar 24 '20 at 07:59
  • 3
    This did not work for me: `Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: auth-user-pass (2.4.4)` – Ole Tange Mar 25 '20 at 21:33
  • You can use any program that makes sence inside the <() structure. It's stdout will be passed as a file descriptor to openvpn – MrBr Mar 26 '20 at 05:09
  • 4
    Nice idea, but doesn't work when called with `sudo openvpn ...` `'/dev/fd/63': No such file or directory (errno=2)` – Günter Zöchbauer Nov 18 '20 at 09:10
  • 6
    `sudo bash -c 'openvpn ... <(echo -e "....")'` worked. – Günter Zöchbauer Nov 18 '20 at 09:17
  • @OleTange I had that as well, iirc I omitted --config in front of the ovpn file. It works with `sudo bash -c 'openvpn --config your.ovpn --auth-user-pass <(echo username; echo password)'` (Note that the username/password need "quoting" if they contain special characters like spaces or special Bash symbols.) – Luc Feb 22 '21 at 11:52
  • @codesmith yes, you can use something like `--auth-user-pass <(base64 -d <<< b3BlbnNpcHMKcm9ja3MhCg==)`, which not only protects the bash history a bit, but will also display as `/dev/fd/63` in the process command-line, which is fully secure! – Liviu Chircu Feb 02 '22 at 12:41
15

Seems to me like you have a config file .ovpn with the configuration needed, you need to create a new file that contains the username and password, you can do it like this:

vi pass.txt

Add this lines, save and exit

username  
password

Now go the the .ovpn config file and edit, there should be a line that reads auth-user-pass

Add your username and password file

auth-user-pass pass.txt

Ok so now you should be able to authenticate to the VPN just by executing your .ovpn file

If you need to do something like RDP there is also a way to authenticate without typing the password everytime using a #!/bin/bash script.

Sunderam Dubey
  • 1
  • 11
  • 20
  • 40
Franco Miguel Contreras
  • 181
  • 1
  • 3
15

The problem with the suggested solutions is that all of them are based on a plain text password.

I came up with the following bash script to solve the problem:

VPN_USER="your user name"
VPN_PASSWORD="$(sudo kwallet-query -l secrets -r your_password)"
CONFIG_FILE=/tmp/your_vpn.ovpn

sudo bash -c 'openvpn --config '"$CONFIG_FILE"' --auth-user-pass <(echo -e "'"$VPN_USER"'\n'"$VPN_PASSWORD"'")'

It queries the password manager (kwallet) to get the password. It also allows you to reuse existing configuration in CONFIG_FILE (just remove the --auth-user-pass entry from it if any)

ka3ak
  • 2,435
  • 2
  • 30
  • 57
  • is there something similar for windows to not need the file? – My1 Jun 03 '21 at 08:21
  • @My1 Not sure as I use Linux only – ka3ak Jun 14 '21 at 12:11
  • Having " char in the password I get: bash: -c: line 0: unexpected EOF while looking for matching `"' – Mesco Dec 17 '21 at 08:19
  • @Mesco You're right. The command isn't ideal. However I wasn't able to rework it in the way so that it works with any characters in the password. To be honest I didn't invest a lot of time in it. Would be great if anyone suggests a solution. – ka3ak Mar 11 '22 at 06:17
  • 1
    for now I've ended up with Python script but I'll share solution if I find it in bash – Mesco Mar 21 '22 at 16:02
6

Passing --auth-user-pass as a command line argument did not work for me on OpenVPN 2.5.0. But adding auth-user-pass in .ovpn file before section did the trick as explained here: https://forums.openvpn.net/viewtopic.php?t=11342

smonff
  • 3,399
  • 3
  • 36
  • 46
florin.iliescu
  • 302
  • 4
  • 10
3

Summary for those who have a problem with --auth-user-path in the command line :

cd /etc/openvpn
sudo bash -c "echo -e 'username\npasswd' > my_auth_pass.txt" # creating/editing the credentials
sudo chmod 600 my_auth_pass.txt # security to disallow reading from group/others
sudo vi ipvanish-CA-Toronto-tor-a09.ovpn

Add my_auth_pass.txt after auth-user-pass in the file:

auth-user-pass my_auth_pass.txt

Close the ovpn file, then

sudo openvpn ipvanish-CA-Toronto-tor-a09.ovpn

should work.

Credits to florin27.

PJ127
  • 986
  • 13
  • 23
1

In my case variables are injected by secrets manager, so I just did the changes below to @ka3ak's example to adapt my bash script that runs within a docker container within ECS.

$CONF= MyConfigFileName
$USERNAME=User1
$PASSWORD=UserUSer1

openvpn --config /scripts/$CONF-openvpn.ovpn --auth-user-pass <(echo -e $USERNAME"\n"$PASSWORD)
Fausto Gomez
  • 73
  • 6
0

I had to modify @ka3ak's answer as follows to get it to work:

kwallet-query -f Passwords -r [entry_name] kdewallet,

and then remove sudo from the VPN_PASSWORD line because it was giving a segmentation fault error. I also had to install the package libqt5-dxcbplugin (opensuse tumbleweed). And then since the script has --auth-user-pass in it, I removed that line from my .ovpn config file without any issues.

jmcelroy
  • 1