Results 1 to 6 of 6

Thread: A safe method of passing login credentials to openvpn automatically?

  1. #1
    Join Date
    Apr 2020
    Location
    where the work takes me
    Beans
    196
    Distro
    Ubuntu 20.04 Focal Fossa

    A safe method of passing login credentials to openvpn automatically?

    Hello all,

    So every time I want to connect to my VPN, I have to open the providers site, sign in, get my login credentials for openvpn and then copy them across and connect from the terminal. Not the most arduous task as I set the login page as my home screen and aliased the openvpn command, but it would be nice if it connected automatically each time I connected to the internet.

    Is there some method of automating the procedure which is also secure?

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    21,621
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: A safe method of passing login credentials to openvpn automatically?

    I use login.cf.

    Inside the .ovpn file,
    Code:
    auth-user-pass /etc/openvpn/login.cf
    OpenVPN says this method can make the keys available in RAM.

    Inside /etc/openvpn/login.cf
    Code:
    {userid}
    {password}
    and nothing else. For example:
    Code:
    thefu32299
    ac01ad25c06ea%96@e2eZd*0(d
    The /etc/openvpn/ directory is 700 root:root
    and the file is
    Code:
    # ll ../login.cf 
    -rw------- 1 root root 21 Mar 31  2016 ../login.cf

  3. #3
    Join Date
    Apr 2020
    Location
    where the work takes me
    Beans
    196
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: A safe method of passing login credentials to openvpn automatically?

    This is amazing, thanks.

  4. #4
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    21,621
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: A safe method of passing login credentials to openvpn automatically?

    Quote Originally Posted by jcdenton1995 View Post
    This is amazing, thanks.
    Be certain you can accept the security implications of doing this. There are some internal to the OpenVPN code, not just on your local file system.
    For me, it removed the hassle of entering passwords almost daily. OTOH, I'm running the client AND the server and use IPs, not DNS, to make the connection between clients and servers. All my home wifi devices use a VPN to connect into my wired LAN, for example. There are too many security faults with wifi implementations.

    I use 1 commercial VPN service too, mainly to shift my apparent location on the planet. This year, that need has dropped off to almost zero thanks to the virus.

    I also have a calendar reminder to change VPN passwords every 6 months and follow that religiously with a commercial VPN provider.

  5. #5
    Join Date
    Apr 2020
    Location
    where the work takes me
    Beans
    196
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: A safe method of passing login credentials to openvpn automatically?

    Quote Originally Posted by TheFu View Post
    Be certain you can accept the security implications of doing this. There are some internal to the OpenVPN code, not just on your local file system.
    You mean with regards to an attacker being able to reveal my VPN password by exploting openvpn or gaining access to /etc/openvpn/login.cf?

    What would be the consequence if this did happen? that they would be able to operate a VPN as myself?

  6. #6
    Join Date
    Aug 2017
    Beans
    134

    Re: A safe method of passing login credentials to openvpn automatically?

    I know this is marked solved, but we like to secure our VPN connections with SSL certs as well.
    Attached Images Attached Images

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •