Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openvpn gui still asks for username/password even with auth-user-pass-optional #207

Closed
chanlists opened this issue Mar 4, 2024 · 5 comments
Closed

openvpn gui still asks for username/password even with auth-user-pass-optional #207

chanlists opened this issue Mar 4, 2024 · 5 comments
Labels
❓ question Further information is requested

Comments

@chanlists
Copy link

Problem Statement

Thanks for this great piece of software! I was expecting the OpenVPN GUI to no longer ask for a usernam/password. H have in the OpenVPN server config:

management /run/openvpn/server.sock unix /etc/openvpn/password.txt
management-client-auth
auth-user-pass-optional
auth-gen-token 28800 external-auth
verify-client-cert none

In the client

auth-user-pass
client
dev tun

The GUI still asks for a password, but I can enter any arbitrary password. It will then take me to the web page where I can successfully authenticate. Which mistake am I making? Thanks,

Christian

Environment

  • openvpn-auth-oauth2 Version: 1.19.1
  • OpenVPN Server Version: 2.6.9
  • Server OS: debian bookworm
  • OpenVPN Client (flavor, OS): Windows 10, OpenVPN 2.6.9
@chanlists chanlists added the ❓ question Further information is requested label Mar 4, 2024
@jkroepke
Copy link
Owner

jkroepke commented Mar 4, 2024

You should not define auth-user-pass on client

@chanlists
Copy link
Author

Thanks for the rapid answer! If I do not put this in, it fails and in the logs I get:

2024-03-04 14:59:34 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Options error: No client-side authentication method is specified.  You must use either --cert/--key, --pkcs12, or --auth-user-pass
Use --help for more information.

Neither of the other suggestions seemed to make much sense... Thanks again!

Christian

@jkroepke
Copy link
Owner

jkroepke commented Mar 4, 2024

Thats exactly this: OpenVPN/openvpn#501

A potential workaround would define username/password inline (inside openvpn conf):

<auth-user-pass>
username
pass
</auth-user-pass>

It was documented recently, that this feature exists, but I have no idea, since which OpenVPN version it works.

@chanlists
Copy link
Author 

<auth-user-pass>
username
pass
</auth-user-pass>

Thanks! Ugly workaround, but it fixes it for now. I will get back to you with another question concerning the ReverseProxy setup... Best wishes,

Christian

@jkroepke jkroepke closed this as completed Mar 4, 2024
@jkroepke
Copy link
Owner

jkroepke commented Mar 4, 2024

I have extend the FAQ here: https://github.com/jkroepke/openvpn-auth-oauth2/wiki/FAQ#options-error-no-client-side-authentication-method-is-specified

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
❓ question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkroepke @chanlists