Opened 3 years ago

Closed 3 years ago

#1360 closed Bug / Defect (fixed-external)

--askpass no longer works since 2.5.0-3

Reported by: TimCostrop Owned by:
Priority: blocker Milestone:
Component: Configuration Version: OpenVPN 2.5.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: askpass
Cc: tct

Description

Hi

I have configured the openvpn client as a systemd service, which reads a file with password with the askpass option.

Since I upgraded to 2.5.0-3 this no longer works, and always gives a permissions error.
I've tried different chmod configuration to see if any would give me a working result, but no avail.

openvpn.log, slightly redacted

Dec 07 10:38:38 Gjoll systemd[1]: Starting OpenVPN tunnel for xxx...
Dec 07 10:38:39 Gjoll openvpn[13826]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-cip>
Dec 07 10:38:39 Gjoll openvpn[13826]: Options error: --askpass fails with 'xxx-login.conf': Permission denied >
Dec 07 10:38:39 Gjoll openvpn[13826]: Options error: Please correct these errors.
Dec 07 10:38:39 Gjoll openvpn[13826]: Use --help for more information.
Dec 07 10:38:39 Gjoll systemd[1]: openvpn-client@xxx.service: Main process exited, code=exited, status=1/FAILU>
Dec 07 10:38:39 Gjoll systemd[1]: openvpn-client@xxx.service: Failed with result 'exit-code'.
Dec 07 10:38:39 Gjoll systemd[1]: Failed to start OpenVPN tunnel for xxx.

Device info

$> uname -r
5.9.11-arch2-1
$> lsb_release -a
LSB Version:    1.4
Distributor ID: Arch
Description:    Arch Linux
Release:        rolling
Codename:       n/a
$> openvpn --version
OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  6 2020
library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines:

Change History (7)

comment:1 Changed 3 years ago by tct

Cc: tct added

comment:2 Changed 3 years ago by Pippin

Check the owner and group of the password file.
I'm on Manjaro and

/etc/openvpn/client

and

/etc/openvpn/server

should be

openvpn:network

Including the files in those folders.

This changed with OpenVPN 2.5.

comment:3 Changed 3 years ago by Gert Döring

This looks more like an arch packaging issue. We didn't change anything related to --askpass in openvpn upstream (at least nothing I am aware of), and "permission denied" definitely reads like "the systemd unit file is running openvpn with not the right permissions to access that file (or the directory where it is in)".

comment:5 Changed 3 years ago by Gert Döring

so, what to do with this ticket? close as "notabug" or "fixed-external"?

comment:6 Changed 3 years ago by Gert Döring

Milestone: release 2.5release 2.5.3

comment:7 Changed 3 years ago by Gert Döring

Milestone: release 2.5.3
Resolution: fixed-external
Status: newclosed

Since nobody is telling me otherwise, I assume this can be closed.

Also removing the milestone since there is no fixed-in version if we do not fix anything.

Note: See TracTickets for help on using tickets.