OpenVPN client pass login credentials and passphrase in Linux

October 21, 2023

Broadcast message from root:

Password entry required for 'Enter Private Key Password:' (PID 7380).
Please enter password with the systemd-tty-ask-password-agent tool.

If you want the OpenVPN systemd service to automatically start the OpenVPN connection on boot, but it requires a password or credential to be passed you will need to make some changes to your configuration file. Both can be combined if required.

This post assumes your OpenVPN connection is started as root.

Pass Login Credentials

FIrst we need to store the credentials in a file, the first line of the file must be the login name, and the second line of the file the password that belongs to the login. Create the file as root at the following location.

sudo nano /etc/openvpn/credentials.secret

With the following contents;

MyLoginOrAccountName
MyPassword

README! Make sure that only, and only, root can read this file and no other user on your machine.

# Give only root read/write access to the file
sudo chmod 600 /etc/openvpn/credentials.secret

As last, add the following line to  your OpenVPN client configuration, most likely located at /etc/openvpn/clients/ ;

auth-user-pass /etc/openvpn/credentials.secret

Pass The Passphrase

If your client configuration's private key is password protected we will have to do almost the same steps as above. First create a file containing the password of the private key.

sudo nano /etc/openvpn/password.secret

With the content your password.

MySuperSecurePassphrase

Another readme! Make sure the file is only accessible by root.

# Give only root read/write access to the file
sudo chmod 600 /etc/openvpn/password.secret

As last, add the following line to  your OpenVPN client configuration, most likely located at /etc/openvpn/clients/ ;

askpass /etc/openvpn/password.secret

Security, security, security!

Again for your own good since your password is stored in clear text, make sure that it is only readable by the user that is opening the OpenVPN connection, most probably root. Linux file permissions are your friend.

Note also if you are using this VPN connection in a professional context, there is probably a company policy that doesn't allow this, you will make your CISO1 sad. After all, the use of credentials or passwords indicate elevated access to prevent misuse. In any case; if ever your machine is compromised notify your IT responsible.

Read also

OpenVPN client force DNS servers in Linux
Update DNS records on Client Connect in your OpenVPN Server
The Free Alternative to Windows: Linux
Linux: The World's Largest Open-Source Project
xrandr virtual splitscreen cookbook
Linux Mint Xapp missing library package fix
Comments
References
1
Chief information security officer - Wikipedia

https://en.wikipedia.org/wiki/Chief_information_security_officer

cached copy
Tags

linux, openvpn, vpn, client, credentials, password, automatic, tty, prompt, server

My friends
Save money with Quanloop.
Latest posts
Look at some
Tags
geschiedenis historia culture cultura histoire discrimination cultuur history LGBTQ+ homosexualité homosexualidad sport national deporte nacional discriminación derechos humanos
Save money with Quanloop.