Opened 6 years ago

Closed 6 years ago

#437 closed Bug / Defect (fixed)

systemd: cannot enter password on stdin as client

Reported by: fkater Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.3.3 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

In my setup I have key files that require password entry when I connect to the openvpn server as a client. When using

openvpn --config my-config.conf

I am asked for the password on the console as expected. However, when started via the systemd service files, the password entry request is printed in systemd's journal but not waited for and thus skipped at once. Thus, password entry is not possible, and the connection fails. systemd uses the following startup command:

openvpn --daemon --writepid ... --cd /etc/openvpn/ --config %i.conf

systemd has password entry helper scripts (systemd-ask-password), however, there seems to be no way to enyble them in the openvpn config for clients.

Also, openvpn's --askpass option does not seem to work for stdin (even without systemd it simply fails since it interprets stdin as a file, see http://community.openvpn.net/openvpn/ticket/248).

So, how could we enter the password on the console under systemd?

Change History (3)

comment:1 Changed 6 years ago by fkater

This seems to have been fixed in the openvpn release 2.3.4 (not yet considered stable on gentoo linux).
The password entry is shown out of the box if required.

comment:2 Changed 6 years ago by David Sommerseth

Support for using systemd-ask-password is available and will be used if OpenVPN is configured at build time using --enable-systemd. This is not enabled on a per config, but per build. I believe this is the issue.

In the latest git master, there are also a few useful fixes improving the systemd integration.

comment:3 Changed 6 years ago by Samuli Seppänen

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.