Works but is painful on Ubuntu 22.04. I'm using "plugin
/usr/lib/openvpn/openvpn-plugin-auth-pam.so login" in the server configuration
and "auth-user-pass" in the client configuration per
https://openvpn.net/community-resources/using-alternative-authentication-methods/.
If started from a user level terminal (in KDE) you're prompted for a root
level password (sudo). Then you need to have a root level shell open to
receive messages and run systemd-tty-ask-password-agent and supply an answer.
After doing "systemctl start openvpn@<configuration>" you get a message saying
Password entry required for '<whatever is needed>:' (PID <number>).Please enter
password with the systemd-tty-ask-password-agent tool.
You run systemd-tty-ask-password-agent which prompts for the answer which you
supply.
The above takes place for the user name, user password and private key password
it, when done you are connected.
systemd-tty-ask-password-agent --watch works better because you don't have to
launch systemd-tty-ask-password-agent to answer each question. However, when
done it stays running (as expected) waiting for more questions to answer.
systemd-tty-ask-password-agent --query works but only for the user name and
password. You have to run systemd-tty-ask-password-agent again to answer the
private key prompt.
I've tried "pre-loading" systemd-tty-ask-password-agent using
<variable>=<value> only to get "systemd-tty-ask-password-agent takes no
arguments." in response (contrary to the man page). Using --plymouth doesn't
help.
The other thing which is happening is that the above broadcast messages are
appearing on both the server and client (in the user terminal is that is used
and in any root level terminal).
Removing the private key password helps but it's still painful. Adding a file
name to the auth-user-pass defeats the purpose because you now have the
username/password pair in a file.
Any input on how to make this less painful (and how to suppress broadcast
messages on the server) would be much appreciated. Thanks.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
