OpenVPN on Linux: passing username and password in command line [closed]

Asked 10/8, 2016 at 9:30 Answered 7/8, 2022 at 11:10

I am using IPVanish for using a proxy while surfing; like:

sudo openvpn --config /home/ipv/conf/ipvanish-CA-Toronto-tor-a09.ovpn

Now, I have to enter my username, after that my password. How Can I pass those two params right as one command, so that I just use one command and the username/password are being passed automatically?

Propensity answered 10/8, 2016 at 9:30 Comment(0)

135

The previous answer didn't work for me (still asked for username and password), what did work was putting your credentials in a file (pass.txt), like this

[email protected]
password

and calling openvpn with --auth-user-pass pass.txt.

source

Note that in some OpenVPN versions (e.g. OpenVPN 2.4.11) there is a bug where you have to first use --config and then --auth-user-pass or your auth file will be ignored without any warning.

So, here a complete example:

sudo openvpn --config /home/ipv/conf/ipvanish-CA-Toronto-tor-a09.ovpn --auth-user-pass pass.txt

Marmolada answered 19/2, 2018 at 9:7 Comment(7)

This does not work for me: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: auth-user-pass (2.4.4) – Trouveur 25/3, 2020 at 21:32

In my case it was just username, not an email addres. But it worked like a charm, thanks. – Wing 4/6, 2020 at 12:40

openvpn3 doesn't support this parameter – Checkup 3/11, 2020 at 15:56

Aren't these very vulnerable solutions? – Jacques 12/12, 2020 at 21:46

I was running into issues, but I got around this by including the line auth-user-pass <absolute_path_to_text_file> in my .ovpn file (you can edit with a basic text editor). – Anent 5/4, 2021 at 16:59

@OleTange Me too but I've updated the answer. Try again with --auth-user-pass after --config. – Civic 8/6, 2021 at 13:43

The bug which needs --config to come before --auth-user-pass is still around (just had it on my Suse Leap 15.2) ... Thanx for mentioning it, that saved my sanity :-) – Attenuation 11/7, 2021 at 11:34

Following @Fluffy answer (unfortunately I don't have enough reputation to comment)

There is a nice bash trick that can eliminate need for pass.txt file

Insead of

openvpn ... --auth-user-pass pass.txt

where pass.txt is

opvn_user
ovpn_pass

one can use

openvpn ... --auth-user-pass <(echo -e "opvn_user\novpn_pass")

please note the \n usage between username and password

Foliose answered 18/5, 2019 at 19:2 Comment(7)

is it also possible to use base64 -d encode_data_here instead of this (echo..)? – Situation 24/3, 2020 at 7:59

This did not work for me: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: auth-user-pass (2.4.4) – Trouveur 25/3, 2020 at 21:33

You can use any program that makes sence inside the <() structure. It's stdout will be passed as a file descriptor to openvpn – Foliose 26/3, 2020 at 5:9

Nice idea, but doesn't work when called with sudo openvpn ... '/dev/fd/63': No such file or directory (errno=2) – Jordanna 18/11, 2020 at 9:10

sudo bash -c 'openvpn ... <(echo -e "....")' worked. – Jordanna 18/11, 2020 at 9:17

@OleTange I had that as well, iirc I omitted --config in front of the ovpn file. It works with sudo bash -c 'openvpn --config your.ovpn --auth-user-pass <(echo username; echo password)' (Note that the username/password need "quoting" if they contain special characters like spaces or special Bash symbols.) – Somnambulation 22/2, 2021 at 11:52

@Situation yes, you can use something like --auth-user-pass <(base64 -d <<< b3BlbnNpcHMKcm9ja3MhCg==), which not only protects the bash history a bit, but will also display as /dev/fd/63 in the process command-line, which is fully secure! – Apophyge 2/2, 2022 at 12:41

The problem with the suggested solutions is that all of them are based on a plain text password.

I came up with the following bash script to solve the problem:

VPN_USER="your user name"
VPN_PASSWORD="$(sudo kwallet-query -l secrets -r your_password)"
CONFIG_FILE=/tmp/your_vpn.ovpn

sudo bash -c 'openvpn --config '"$CONFIG_FILE"' --auth-user-pass <(echo -e "'"$VPN_USER"'\n'"$VPN_PASSWORD"'")'

It queries the password manager (kwallet) to get the password. It also allows you to reuse existing configuration in CONFIG_FILE (just remove the --auth-user-pass entry from it if any)

Brie answered 21/12, 2020 at 7:54 Comment(6)

is there something similar for windows to not need the file? – Part 3/6, 2021 at 8:21

@Part Not sure as I use Linux only – Brie 14/6, 2021 at 12:11

Having " char in the password I get: bash: -c: line 0: unexpected EOF while looking for matching `"' – Speak 17/12, 2021 at 8:19

@Speak You're right. The command isn't ideal. However I wasn't able to rework it in the way so that it works with any characters in the password. To be honest I didn't invest a lot of time in it. Would be great if anyone suggests a solution. – Brie 11/3, 2022 at 6:17

for now I've ended up with Python script but I'll share solution if I find it in bash – Speak 21/3, 2022 at 16:2

for those who prefer using keepassx-cli over kwallet: VPN_PASSWORD="$(keepassxc-cli show -sa PASSWORD [database path] [entry])" – Keefe 6/9, 2023 at 21:54

Seems to me like you have a config file .ovpn with the configuration needed, you need to create a new file that contains the username and password, you can do it like this:

vi pass.txt

Add this lines, save and exit

username  
password

Now go the the .ovpn config file and edit, there should be a line that reads auth-user-pass

Add your username and password file

auth-user-pass pass.txt

Ok so now you should be able to authenticate to the VPN just by executing your .ovpn file

If you need to do something like RDP there is also a way to authenticate without typing the password everytime using a #!/bin/bash script.

Tush answered 17/2, 2020 at 7:52 Comment(1)

This is what finally worked for me in 2021. I'm using a raspberry pi. – Smoothspoken 11/3, 2021 at 16:5

Passing --auth-user-pass as a command line argument did not work for me on OpenVPN 2.5.0. But adding auth-user-pass in .ovpn file before section did the trick as explained here: https://forums.openvpn.net/viewtopic.php?t=11342

Decorator answered 17/2, 2021 at 4:15 Comment(0)

Summary for those who have a problem with --auth-user-path in the command line :

cd /etc/openvpn
sudo bash -c "echo -e 'username\npasswd' > my_auth_pass.txt" # creating/editing the credentials
sudo chmod 600 my_auth_pass.txt # security to disallow reading from group/others
sudo vi ipvanish-CA-Toronto-tor-a09.ovpn

Add my_auth_pass.txt after auth-user-pass in the file:

auth-user-pass my_auth_pass.txt

Close the ovpn file, then

sudo openvpn ipvanish-CA-Toronto-tor-a09.ovpn

should work.

Credits to florin27.

Bennington answered 6/10, 2021 at 6:35 Comment(0)

In my case variables are injected by secrets manager, so I just did the changes below to @ka3ak's example to adapt my bash script that runs within a docker container within ECS.

$CONF= MyConfigFileName
$USERNAME=User1
$PASSWORD=UserUSer1

openvpn --config /scripts/$CONF-openvpn.ovpn --auth-user-pass <(echo -e $USERNAME"\n"$PASSWORD)

Swithin answered 13/4, 2022 at 22:45 Comment(0)

I had to modify @ka3ak's answer as follows to get it to work:

kwallet-query -f Passwords -r [entry_name] kdewallet,

and then remove sudo from the VPN_PASSWORD line because it was giving a segmentation fault error. I also had to install the package libqt5-dxcbplugin (opensuse tumbleweed). And then since the script has --auth-user-pass in it, I removed that line from my .ovpn config file without any issues.

Audi answered 7/8, 2022 at 11:10 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags