OpenVPN. How to Provide Interactive Credentials in a Script

WinBoss

5/12/23, 2:02 PM

I have a script that installs and sets up VPN then connects to it:

apt install apt-transport-https
wget https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub
apt-key add openvpn-repo-pkg-key.pub
wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-focal.list
apt update
apt install openvpn3
openvpn3 session-start --config profile-59.ovpn

When I run it on Ubuntu Desktop it asks for credentials interactively:

How can I adjust the script to pass credentials avoiding interactive prompt? The purpose for this is to have a Docker container connect to VPN automatically.

0 + 0

openvpn

bac0n

5/12/23, 3:07 PM

Is there a reason you can't use `auth-user-pass` config option?

WinBoss

5/12/23, 3:22 PM

Never heard of it. How can I do that?

Score:2

Ubuntu

matigo

5/12/23, 2:09 PM

You might want to examine something like expect, which would allow you to do something like this:

spawn vpn_connect.sh
expect "Auth User name:"
send "protractor-container\r"
expect "Password:"
send "superSecretPassword!123\r"

Of course this might not be ideal in the event a number of people have the ability to connect to the Docker container or read the source files that get packaged in the build, as clear text passwords can create problems.

One option would be to create a separate file that contains the credentials and store it in a location within the Docker container, such as /root/.private/vpn-creds. This file would contain just two lines:

protractor-container
superSecretPassword!123

Then you can edit your expect script to look like this:

#!/usr/bin/expect -f

set passfile [open "/root/.private/vpn-creds" r]
gets $passfile username
gets $passfile password
close $passfile

spawn vpn_connect.sh
expect "Auth User name:"
send "$username\r"
expect "Password:"
send "$password\r"

Mind you, if everyone has root access, there’s not much you can do in an automated fashion to hide the credentials. A determined person with sudo who knows how to use StackExchange will find a way to get the information they want

0 + 0

WinBoss

5/12/23, 3:18 PM

That would require to store password in a file, right? Can we do that without it?

matigo

5/12/23, 3:40 PM

@WinBoss added a bit to show how to read credentials from elsewhere, with a caveat

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: OpenVPN. How to Provide Interactive Credentials in a Script

TH: โอเพ่นVPN. วิธีการให้ข้อมูลประจำตัวแบบโต้ตอบในสคริปต์

RO: OpenVPN. Cum să furnizați acreditări interactive într-un script

RU: OpenVPN. Как предоставить интерактивные учетные данные в скрипте

VI: MởVPN. Cách cung cấp thông tin xác thực tương tác trong tập lệnh

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.