On 18/05/2019 15:50, Lorenz wrote: > Hey, > > I am currently experimenting with the OpenVPN 3 Linux client and was wondering > if there is any option to automatically pass user credentials to the openvpn2 > front-end. Except using something like an expect script [1]. > > Back in OpenVPN 2 one could specify a file path after the auth-user-pass > configuration option which allowed to save the corresponding credentials > within a second file. This approach does not seem to work in OpenVPN 3 > anymore. > > I already tested the openvpn3-autoload systemd service which allows to specify > credentials within an .autoload file. This does work, but I am curious if > there are any other mechanisms to supply user credentials?
I'd suggest you take a closer look at the openvpn3-autoload code; it's a
Python 3 script which makes use of the openvpn3 Python module. The logic to
pass the user credentials might look a bit tricky, but shouldn't be too bad.
You basically could build it around the start_tunnel() function [0].
I would suggest you use `openvpn3 config-import --config $YOUR_CONFIG
--persistent` first, as the user you want to start the tunnel as. This gives
a quick path forward for the next steps.
The next pieces of code you would need would be something like the code below.
Remember, this code is completely untested, but should be basically what you
would need:
-----------------------------------------------------------------------------
import dbus
import openvpn3
### This needs a copy of the start_tunnel() function
### from openvpn3-autoload. This is not copied into
### this example here
# Get a connection to the D-Bus system bus
sysbus = dbus.SystemBus()
# Establish a link to the configuration manager
# and retrieve the configuration object of the
# configuration profile already imported
configmgr = openvpn3.ConfigurationManager(sysbus)
configs = configmgr.LookupConfigName($YOUR_CONFIG) # substitute $YOUR_CONFIG
if len(configs) != 1:
print("Found %i configs - can only be 1" % len(configs))
# LookupConfigName() always returns a list of config objects,
# with only 1 guaranteed member, we extract only that one.
config = configs[0]
# Put credentials in an .autoload structured dictionary
autoloadcfg = { "user-auth": {"username": "YourUsername",
"password": "YourS3crEtP4ssW0rd"}}
# Establish a link to the session manager ...
sessionmgr = openvpn3.SessionManager(sysbus)
# ... and start the tunnel
session_path = start_tunnel(sessionmgr, config, autoloadcfg)
print("Session path: %s" % session_path)
-----------------------------------------------------------------------------
You can with this method just fill the user credentials in an automated
fashion, generate them on-the-fly if you need to.
[0]
<https://github.com/OpenVPN/openvpn3-linux/blob/e6c66892ba0868206d558ad8b81351140c1195b4/src/python/openvpn3-autoload#L234>
--
kind regards,
David Sommerseth
OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
