56

I am using IPVanish for using a proxy while surfing; like:

sudo openvpn --config /home/ipv/conf/ipvanish-CA-Toronto-tor-a09.ovpn

Now, I have to enter my username, after that my password. How Can I pass those two params right as one command, so that I just use one command and the username/password are being passed automatically?

Fluffy
  • 26,334
  • 40
  • 143
  • 228
JOhnlw009a
  • 752
  • 1
  • 5
  • 12

7 Answers7

71

The previous answer didn't work for me (still asked for username and password), what did work was putting your credentials in a file (pass.txt), like this

username@email.com
password

and calling openvpn with --auth-user-pass pass.txt.

source

Note that in some OpenVPN versions (e.g. OpenVPN 2.4.11) there is a bug where you have to first use --config and then --auth-user-pass or your auth file will be ignored without any warning.

So, here a complete example:

sudo openvpn --config /home/ipv/conf/ipvanish-CA-Toronto-tor-a09.ovpn --auth-user-pass pass.txt
Valerio Bozz
  • 712
  • 11
  • 25
Fluffy
  • 26,334
  • 40
  • 143
  • 228
  • 14
    This does not work for me: `Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: auth-user-pass (2.4.4)` – Ole Tange Mar 25 '20 at 21:32
  • In my case it was just username, not an email addres. But it worked like a charm, thanks. – Klesun Jun 04 '20 at 12:40
  • 2
    openvpn3 doesn't support this parameter – Mohsen Kashi Nov 03 '20 at 15:56
  • 1
    Aren't these very vulnerable solutions? – LeanMan Dec 12 '20 at 21:46
  • 3
    I was running into issues, but I got around this by including the line `auth-user-pass ` in my _.ovpn_ file (you can edit with a basic text editor). – Try431 Apr 05 '21 at 16:59
  • @OleTange Me too but I've updated the answer. Try again with `--auth-user-pass` after `--config`. – Valerio Bozz Jun 08 '21 at 13:43
  • 2
    The bug which needs --config to come before --auth-user-pass is still around (just had it on my Suse Leap 15.2) ... Thanx for mentioning it, that saved my sanity :-) – Tuxinose Jul 11 '21 at 11:34
33

Following @Fluffy answer (unfortunately I don't have enough reputation to comment)

There is a nice bash trick that can eliminate need for pass.txt file

Insead of

openvpn ... --auth-user-pass pass.txt

where pass.txt is

opvn_user
ovpn_pass

one can use

openvpn ... --auth-user-pass <(echo -e "opvn_user\novpn_pass")

please note the \n usage between username and password

Ohad Zadok
  • 3,207
  • 1
  • 20
  • 25
MrBr
  • 451
  • 4
  • 5
7

The problem with the suggested solutions is that all of them are based on a plain text password.

I came up with the following bash script to solve the problem:

VPN_USER="your user name"
VPN_PASSWORD="$(sudo kwallet-query -l secrets -r your_password)"
CONFIG_FILE=/tmp/your_vpn.ovpn

sudo bash -c 'openvpn --config '"$CONFIG_FILE"' --auth-user-pass <(echo -e "'"$VPN_USER"'\n'"$VPN_PASSWORD"'")'

It queries the password manager (kwallet) to get the password. It also allows you to reuse existing configuration in CONFIG_FILE (just remove the --auth-user-pass entry from it if any)

ka3ak
  • 2,083
  • 2
  • 25
  • 48
  • is there something similar for windows to not need the file? – My1 Jun 03 '21 at 08:21
  • @My1 Not sure as I use Linux only – ka3ak Jun 14 '21 at 12:11
  • Having " char in the password I get: bash: -c: line 0: unexpected EOF while looking for matching `"' – Mesco Dec 17 '21 at 08:19
  • @Mesco You're right. The command isn't ideal. However I wasn't able to rework it in the way so that it works with any characters in the password. To be honest I didn't invest a lot of time in it. Would be great if anyone suggests a solution. – ka3ak Mar 11 '22 at 06:17
  • 1
    for now I've ended up with Python script but I'll share solution if I find it in bash – Mesco Mar 21 '22 at 16:02
6

I'm not new here, but this is my first contribution

This is what I did: (I'm a noob, advices are welcomed)

Seems to me like you have a config file .ovpn with the configuration needed, you need to create a new file that contains the username and password, you can do it like this

vi pass.txt

Add this lines, save and exit

username  
password

Now go the the .ovpn config file and edit, there should be a line that reads auth-user-pass

Add your username and password file

auth-user-pass pass.txt

Ok so now you should be able to authenticate to the VPN just by executing your .ovpn file

If you need to do something like RDP there is also a way to authenticate without typing the password everytime using a #!/bin/bash script, let me know if you need help :)

Franco Miguel Contreras
  • 91
  • 1
  • 2
3

Passing --auth-user-pass as a command line argument did not work for me on OpenVPN 2.5.0. But adding auth-user-pass in .ovpn file before section did the trick as explained here: https://forums.openvpn.net/viewtopic.php?t=11342

florin.iliescu
  • 162
  • 2
  • 10
1

Summary for those who have a problem with --auth-user-path in the command line :

cd /etc/openvpn
sudo bash -c "echo -e 'username\npasswd' > my_auth_pass.txt" # creating/editing the credentials
sudo chmod 600 my_auth_pass.txt # security to disallow reading from group/others
sudo vi ipvanish-CA-Toronto-tor-a09.ovpn

Add my_auth_pass.txt after auth-user-pass in the file:

auth-user-pass my_auth_pass.txt

Close the ovpn file, then

sudo openvpn ipvanish-CA-Toronto-tor-a09.ovpn

should work.

Credits to florin27.

PJ127
  • 716
  • 8
  • 20
0

Because variables are injected by secrets manager, @ka3ak's answer was very useful. I just did small changes to adapt my bash script that runs within a docker container.

$CONF= MyConfigFileName
$USERNAME=User1
$PASSWORD=UserUSer1

openvpn --config /scripts/$CONF-openvpn.ovpn --auth-user-pass <(echo -e $USERNAME"\n"$PASSWORD)
Fausto Gomez
  • 21
  • 4