Opened 12 years ago

Closed 12 years ago

#38 closed Bug / Defect (notabug)

U/P auth to server fails: Environment Variable missing!

Reported by: Samuli Seppänen Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.1.0 / 2.1.1 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:



I‘m currently writing a tool for OpenVPN for User/Password? authentication on the server. While I did this I found this bug (in version 2.1.1):

I added this to the server config:
Script-security 2
Auth-user-pass-verify “c:

Program Files


MyProgram?.exe” via-env

With this setting the username and password entered by the user are committed to my program via Environment variables.
This works well with OpenVPN v2.0.9 but NOT with OpenVPN v2.1.1: There is only committed the environment variable “username”, the variable “password” misses!!
So the option via-env does not work with the newest version of OpenVPN, one have to use the option via-file, which is much more insecure!

I hope I could help you and you can fix this bug,


Frank Wendel

v2.0.9 EnvVariables? Screenshot:
v2.1.1 EnvVariables? Screenshot:

Change History (3)

comment:1 Changed 12 years ago by Samuli Seppänen

Originally reported to bug tracker by somebody (anonymous).

comment:2 Changed 12 years ago by JJK

this is an RTFM issue: with

script-security 2

passwords are not allowed to be passed via env vars. Use

script-security 3

for that.

comment:3 Changed 12 years ago by David Sommerseth

Resolution: notabug
Status: newclosed
Note: See TracTickets for help on using tickets.