On 18/05/2019 15:50, Lorenz wrote: > Hey, > > I am currently experimenting with the OpenVPN 3 Linux client and was wondering > if there is any option to automatically pass user credentials to the openvpn2 > front-end. Except using something like an expect script [1]. > > Back in OpenVPN 2 one could specify a file path after the auth-user-pass > configuration option which allowed to save the corresponding credentials > within a second file. This approach does not seem to work in OpenVPN 3 > anymore. > > I already tested the openvpn3-autoload systemd service which allows to specify > credentials within an .autoload file. This does work, but I am curious if > there are any other mechanisms to supply user credentials?
I'd suggest you take a closer look at the openvpn3-autoload code; it's a Python 3 script which makes use of the openvpn3 Python module. The logic to pass the user credentials might look a bit tricky, but shouldn't be too bad. You basically could build it around the start_tunnel() function [0]. I would suggest you use `openvpn3 config-import --config $YOUR_CONFIG --persistent` first, as the user you want to start the tunnel as. This gives a quick path forward for the next steps. The next pieces of code you would need would be something like the code below. Remember, this code is completely untested, but should be basically what you would need: ----------------------------------------------------------------------------- import dbus import openvpn3 ### This needs a copy of the start_tunnel() function ### from openvpn3-autoload. This is not copied into ### this example here # Get a connection to the D-Bus system bus sysbus = dbus.SystemBus() # Establish a link to the configuration manager # and retrieve the configuration object of the # configuration profile already imported configmgr = openvpn3.ConfigurationManager(sysbus) configs = configmgr.LookupConfigName($YOUR_CONFIG) # substitute $YOUR_CONFIG if len(configs) != 1: print("Found %i configs - can only be 1" % len(configs)) # LookupConfigName() always returns a list of config objects, # with only 1 guaranteed member, we extract only that one. config = configs[0] # Put credentials in an .autoload structured dictionary autoloadcfg = { "user-auth": {"username": "YourUsername", "password": "YourS3crEtP4ssW0rd"}} # Establish a link to the session manager ... sessionmgr = openvpn3.SessionManager(sysbus) # ... and start the tunnel session_path = start_tunnel(sessionmgr, config, autoloadcfg) print("Session path: %s" % session_path) ----------------------------------------------------------------------------- You can with this method just fill the user credentials in an automated fashion, generate them on-the-fly if you need to. [0] <https://github.com/OpenVPN/openvpn3-linux/blob/e6c66892ba0868206d558ad8b81351140c1195b4/src/python/openvpn3-autoload#L234> -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users