I have OpenVpn running on my new install of 18.06.2 and it works great ( thanks to those who wrote the guide ) and I'd like to add a username/password, but I'm not sure how, I think I need to add -
auth-user-pass "/etc/openvpn/vpnserver.conf"
to /etc/openvpn/vpnclient.ovpn and then add the username/password in /etc/openvpn/vpnserver.conf but that's where I'm stuck, I'm not sure what lines I need in vpnserver.conf.
Or should username/password be created during installation rather than afterwards, if so I'm assuming during this step, but not sure what needs to be done.
Create a separate file that has the user name as the first line and the password as the second line. That should be the only contents of the file. Then put the full path to that file after auth-user-pass in the main config.
Hmm, the .ovpn file imported fine so I assumed there were no errors, but it's not connecting, here's what I added -
A file named userpass in /etc/openvpn with username first, password second (nothing else) and in vpnserver.conf I added -
auth-user-pass /etc/openvpn/userpass
I also tried removing auth-user-pass from /etc/openvpn/vpnserver.conf and adding auth-user-pass to the .ovpn file, but it just produces errors saying it can't be read when importing (permissions seem fine 0400).
edit - it connects fine when auth-user-pass is removed so I assume I'm doing something wrong when adding it, just not sure what, do I need to reinstall openvpn and in these two lines -
# Generate a keypair and sign locally for vpnserver
easyrsa --batch build-server-full vpnserver nopass
# Generate a keypair and sign locally for vpnclient
easyrsa --batch build-client-full vpnclient nopass
change nopass to auth-user-pass-verify and auth-user-pass respectively?
I'm not clear what your usage scenario is. Are you also running the OpenVPN server, or do you just need to set up a client to connect to a third party service?
OpenVPN will parse any and every file ending in .conf in the /etc/openvpn directory, which is usually not what you would want. There should be only one configuration file being loaded, especially if you have downloaded a suggested configuration from a commercial VPN service provider. Thus the convention to name the configuration file .ovpn, and not have any .conf files at all. Then point to the .ovpn file you want to use in /etc/config/openvpn.
Implementing username/password authentication on the server side requires external plugin or script, which you have to compile, write yourself or find somewhere and adapt for OpenWrt.
Actually, nobody uses it on their own server, because it's security level is negligible compared to certificate-based authentication.
And private key password protection is entirely different from username/password authentication.
But most likely you don't need it too, because utilizing it leads to additional potential issues.
@mk24 Just running as a server to connect to when away from home, no commercial vpn.
@vgaetera Ahh thanks, in 18.06.1 I used the previous basic guide which was just copy/paste script, always meant to use the advanced guide so I could have a better understanding but obviously never got around to it, sorry for the confusion.