From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Lepiller Subject: bug#39660: openvpn-client-service does not support auth-user-pass Date: Tue, 18 Feb 2020 22:14:28 -0500 Message-ID: References: <86pnec9cs5.fsf@dismail.de> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:34160) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j4FpH-000868-Qo for bug-guix@gnu.org; Tue, 18 Feb 2020 22:15:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1j4FpG-0007qz-Cm for bug-guix@gnu.org; Tue, 18 Feb 2020 22:15:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:35551) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1j4FpG-0007ql-8X for bug-guix@gnu.org; Tue, 18 Feb 2020 22:15:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1j4FpG-0005Bg-3i for bug-guix@gnu.org; Tue, 18 Feb 2020 22:15:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <86pnec9cs5.fsf@dismail.de> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org Sender: "bug-Guix" To: jbranso@dismail.de, 39660@debbugs.gnu.org Le 18 f=C3=A9vrier 2020 09:43:22 GMT-05:00, Joshua Branson via Bug reports = for GNU Guix a =C3=A9crit : > >Hello, > >I recently bought a vpn service from expressvpn=2E They have a closed >source app to connect, but of course we do not want to use that=2E >Luckily, they allow a manual connection via openvpn=2E I downloaded >their script to manually connect=2E It looks like they require all >manual connections to authenticate via a username and password=2E > >Their support team told me that the manually connection must >authenticate via a username and password=2E They do not support any >other manual connection=2E Guix's openvpn-client-service does not >support authenticating via a username and password=2E > >According to this forum thread >(https://forums=2Eopenvpn=2Enet/viewtopic=2Ephp?t=3D11342), I was able to >manually connect to expressvpn=2E via "sudo expressvpn >my_expressvpn_=2Eovpn"=2E by changing > >"auth-user-pass" to "auth-user-pass login=2Econf"=2E > >login=2Econf looks like > >#+BEGIN_SRC text >username >password >#+END_SRC > >The express vpn file that I downloaded looks like this: > >#+BEGIN_SRC text >dev tun >fast-io >persist-key >persist-tun >nobind >remote someaddress=2Eexpressnetw=2Ecom 1195 > >remote-random >pull >comp-lzo no >tls-client >verify-x509-name Server name-prefix >ns-cert-type server >key-direction 1 >route-method exe >route-delay 2 >tun-mtu 1500 >fragment 1300 >mssfix 1200 >verb 3 >cipher AES-256-CBC >keysize 256 >auth SHA512 >sndbuf 524288 >rcvbuf 524288 >auth-user-pass login=2Econf > > >-----BEGIN CERTIFICATE----- >secret info >-----END CERTIFICATE----- > > >-----BEGIN RSA PRIVATE KEY----- >secret info >-----END RSA PRIVATE KEY----- > > ># ># 2048 bit OpenVPN static key ># >-----BEGIN OpenVPN Static key V1----- >secret info >-----END OpenVPN Static key V1----- > > >-----BEGIN CERTIFICATE----- >secret info >-----END CERTIFICATE----- > >#+END_SRC > >A solution would be to modify our current openvpn-client-service to >allow authentication via a username and password, or to supply a >configuration file=2E > >Also it looks like expressvpn may one day move to wireguard: > >https://www=2Eexpressvpn=2Ecom/blog/expressvpn-wireguard-update/ > > >I hope this helps! > >Thanks, > >Joshua Hi, I just pushed a change to master: the openvpn-client-configuration now= accepts a auth-user-pass parameter ohich should be a string repnesenting t= he file path of your login=2Econf=2E I also added fast-io (not set by defau= lt, experimental and probably useless on GNU/Linux, according to the openvp= n manual)=2E Some of your options might be missing, but I think you now hav= e the requirel part of your config available in the service definition!