Opened 7 months ago

Closed 6 days ago

#1360 closed Bug / Defect (fixed-external)

--askpass no longer works since 2.5.0-3

Reported by: TimCostrop Owned by:
Priority: blocker Milestone:
Component: Configuration Version: OpenVPN 2.5.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: askpass
Cc: tincantech

Description

Hi

I have configured the openvpn client as a systemd service, which reads a file with password with the askpass option.

Since I upgraded to 2.5.0-3 this no longer works, and always gives a permissions error.
I've tried different chmod configuration to see if any would give me a working result, but no avail.

openvpn.log, slightly redacted

Dec 07 10:38:38 Gjoll systemd[1]: Starting OpenVPN tunnel for xxx...
Dec 07 10:38:39 Gjoll openvpn[13826]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-cip>
Dec 07 10:38:39 Gjoll openvpn[13826]: Options error: --askpass fails with 'xxx-login.conf': Permission denied >
Dec 07 10:38:39 Gjoll openvpn[13826]: Options error: Please correct these errors.
Dec 07 10:38:39 Gjoll openvpn[13826]: Use --help for more information.
Dec 07 10:38:39 Gjoll systemd[1]: openvpn-client@xxx.service: Main process exited, code=exited, status=1/FAILU>
Dec 07 10:38:39 Gjoll systemd[1]: openvpn-client@xxx.service: Failed with result 'exit-code'.
Dec 07 10:38:39 Gjoll systemd[1]: Failed to start OpenVPN tunnel for xxx.

Device info

$> uname -r
5.9.11-arch2-1
$> lsb_release -a
LSB Version:    1.4
Distributor ID: Arch
Description:    Arch Linux
Release:        rolling
Codename:       n/a
$> openvpn --version
OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  6 2020
library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines:

Change History (7)

comment:1 Changed 7 months ago by tincantech

Cc: tincantech added

comment:2 Changed 7 months ago by Pippin

Check the owner and group of the password file.
I'm on Manjaro and

/etc/openvpn/client

and

/etc/openvpn/server

should be

openvpn:network

Including the files in those folders.

This changed with OpenVPN 2.5.

comment:3 Changed 6 months ago by Gert Döring

This looks more like an arch packaging issue. We didn't change anything related to --askpass in openvpn upstream (at least nothing I am aware of), and "permission denied" definitely reads like "the systemd unit file is running openvpn with not the right permissions to access that file (or the directory where it is in)".

comment:5 Changed 4 months ago by Gert Döring

so, what to do with this ticket? close as "notabug" or "fixed-external"?

comment:6 Changed 3 months ago by Gert Döring

Milestone: release 2.5release 2.5.3

comment:7 Changed 6 days ago by Gert Döring

Milestone: release 2.5.3
Resolution: fixed-external
Status: newclosed

Since nobody is telling me otherwise, I assume this can be closed.

Also removing the milestone since there is no fixed-in version if we do not fix anything.

Note: See TracTickets for help on using tickets.