bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#39660: openvpn-client-service does not support auth-user-pass

From: Julien Lepiller
Subject: bug#39660: openvpn-client-service does not support auth-user-pass
Date: Tue, 18 Feb 2020 22:14:28 -0500
User-agent: K-9 Mail for Android 
Le 18 février 2020 09:43:22 GMT-05:00, Joshua Branson via Bug reports for GNU 
Guix <address@hidden> a écrit :
>
>Hello,
>
>I recently bought a vpn service from expressvpn.  They have a closed
>source app to connect, but of course we do not want to use that.
>Luckily, they allow a manual connection via openvpn.  I downloaded
>their script to manually connect.  It looks like they require all
>manual connections to authenticate via a username and password.
>
>Their support team told me that the manually connection must
>authenticate via a username and password.  They do not support any
>other manual connection.  Guix's openvpn-client-service does not
>support authenticating via a username and password.
>
>According to this forum thread
>(https://forums.openvpn.net/viewtopic.php?t=11342), I was able to
>manually connect to expressvpn.  via "sudo expressvpn
>my_expressvpn_<countryname>.ovpn". by changing
>
>"auth-user-pass" to "auth-user-pass login.conf".
>
>login.conf looks like
>
>#+BEGIN_SRC text
>username
>password
>#+END_SRC
>
>The express vpn file that I downloaded looks like this:
>
>#+BEGIN_SRC text
>dev tun
>fast-io
>persist-key
>persist-tun
>nobind
>remote someaddress.expressnetw.com 1195
>
>remote-random
>pull
>comp-lzo no
>tls-client
>verify-x509-name Server name-prefix
>ns-cert-type server
>key-direction 1
>route-method exe
>route-delay 2
>tun-mtu 1500
>fragment 1300
>mssfix 1200
>verb 3
>cipher AES-256-CBC
>keysize 256
>auth SHA512
>sndbuf 524288
>rcvbuf 524288
>auth-user-pass login.conf
>
><cert>
>-----BEGIN CERTIFICATE-----
>secret info
>-----END CERTIFICATE-----
></cert>
><key>
>-----BEGIN RSA PRIVATE KEY-----
>secret info
>-----END RSA PRIVATE KEY-----
></key>
><tls-auth>
>#
># 2048 bit OpenVPN static key
>#
>-----BEGIN OpenVPN Static key V1-----
>secret info
>-----END OpenVPN Static key V1-----
></tls-auth>
><ca>
>-----BEGIN CERTIFICATE-----
>secret info
>-----END CERTIFICATE-----
></ca>
>#+END_SRC
>
>A solution would be to modify our current openvpn-client-service to
>allow authentication via a username and password, or to supply a
>configuration file.
>
>Also it looks like expressvpn may one day move to wireguard:
>
>https://www.expressvpn.com/blog/expressvpn-wireguard-update/
>
>
>I hope this helps!
>
>Thanks,
>
>Joshua

Hi, I just pushed a change to master: the openvpn-client-configuration now 
accepts a auth-user-pass parameter ohich should be a string repnesenting the 
file path of your login.conf. I also added fast-io (not set by default, 
experimental and probably useless on GNU/Linux, according to the openvpn 
manual). Some of your options might be missing, but I think you now have the 
requirel part of your config available in the service definition!
reply via email to
[Prev in Thread] Current Thread [Next in Thread]