Opened 5 years ago

Closed 5 years ago

#628 closed Feature Wish (fixed)

OpenVPN: allow storing authentication user name in configuration

Reported by: thoger Owned by:
Priority: minor Milestone: release 2.3.9
Component: Configuration Version: OpenVPN 2.3.8 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

When using OpenVPN as client with username/password authentication, it would be nice to have a way to store username in configuration so there's no need to enter it for every connection. Currently, it only seems possible to store both username and password in a file specified using an optional "up" argument for --auth-user-pass.

Existing mechanism using "up" file can probably be extended to allow having the file have one or two lines. With just one line, only username from the file will be used, password will still have to be entered.

Change History (4)

comment:1 Changed 5 years ago by Gert Döring

If I'm not totally mistaken this is already in our patch queue somewhere... so it should show up "in the near future".

comment:2 Changed 5 years ago by Gert Döring

OK, here we go... part one of this is "permit a username-and-password file that only has a username in it", which was written some months ago, but not merged until today. Still needs an extra file, but at least it can hold the username for you...

commit 6e9373c84639382c16d9eb8f1f78f60079bb89df
Author: Michal Ludvig <mludvig@…>
Date: Sun Oct 11 10:44:20 2015 +0200

Support for username-only auth file.

Message-Id: <1444553060-15946-1-git-send-email-dejong@…>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10255

Part 2 is "allow making --auth-user-pass inline", so you can do

<auth-user-pass>
myusername
</auth-user-pass>

... unfortunately, the second patch is too complex for inclusion in the "maintenance phase" of 2.3 - so it will only be part of 2.4 (somewhat undecided on the first one).

Plus, it has not even be merged yet, but will come "in the next days" :-)

comment:3 in reply to:  2 Changed 5 years ago by thoger

Replying to cron2:

OK, here we go... part one of this is "permit a username-and-password file that only has a username in it", which was written some months ago, but not merged until today. Still needs an extra file, but at least it can hold the username for you...

Thank you, that's the solution I asked for and which is good enough for me.

Linking github PR where the patch can be obtained:

https://github.com/OpenVPN/openvpn/pull/5

comment:4 Changed 5 years ago by Gert Döring

Milestone: release 2.3.9
Resolution: fixed
Status: newclosed

OK, discussed this at IRC meeting, and cherry-picked "Part 1" to release/2.3 as well - will be part of 2.3.9 to be released soonish.

The "inline" bit will only go to git master / 2.4, as it is too intrusive.

But since you're happy with the first part already I can now go ahead and close this :-)

Note: See TracTickets for help on using tickets.