Login/Register
Openvpn with username and password
Asked Answered
Solved authenticationopenvpn
A

2

6

I have configure OpenVPN it is working fine. But I always need to import configuration and it has ca certificate, I enabled username and password authentication. But still I need to add this certificate.

How can I connect openvpn without certificate and configuration but only username and password.

Server Configuration

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
auth SHA512
tls-auth /etc/openvpn/ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 94.237.127.99"
push "dhcp-option DNS 94.237.40.99"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4
crl-verify /etc/openvpn/crl.pem
--verify-client-cert none
log-append /var/log/openvpn.log
script-security 2
auth-user-pass-verify /etc/openvpn/example.sh via-file

client configuration

client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 94.237.88.154 1194
resolv-retry 5
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
setenv opt block-outside-dns
key-direction 1
verb 3
auth-user-pass
script-security 2

<ca>
-----BEGIN CERTIFICATE-----
###
###
-----END CERTIFICATE-------

Now when I import this file and use my userid and password it connect, but I want to connect openvpn client without importing this client file and only providing username and password.

Algiers answered 29/5, 2019 at 9:56 Comment(3)
Can you share how you implemented auth-user-pass-verify?Implied
I don't think that is possible You still have to use certificates and then user athentication.Algiers
I want to use both certificates as well as username and password-based authentication as a dual-layer security. How to setup different username and passwords for different clients?Implied
M
9

There's a directive you can use in your server.conf, depending on your OpenVPN version.

  • client-cert-not-required:

    Makes your VPN a less secure as the cert is not required to authenticate (deprecated).

  • verify-client-cert none|optional|require:

    Using verify-client-cert none is the equivalent of the aforementioned option.

Source Link: Click here

Mcnair answered 12/7, 2019 at 22:43 Comment(4)
I think this answer is unrelated to the question.Yours
With all due respect, I don't think it's unrelated. He's asking how to do username/password authentication without requiring certificate authentication. This setting allows exactly that. How is it unrelated?Mcnair
I think the question here is how clients should connect to the VPN with no certificateHelminthology
@Helminthology Yup, that's right. But if the server requires the certificate, there's nothing he can do, except applying my solution. So he must remove certificate validation/requirement on the server side, in order to achieve that.Mcnair
T
0

Maybe you can try using OpenVPN Connect for Windows on the client side. By using this software you can establish connection to vpn server with just username and password. No configuration and certificates required. https://openvpn.net/client-connect-vpn-for-windows/

Thrush answered 24/1, 2020 at 11:39 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.