OpenVPN not reading credentials automatically R7800 19.07

speedcube76 · February 13, 2020, 9:38am

Morning,

I've come from DDWRT and have now been running OpenWRT for several months without issues. I believe I was on 18.02 when I first setup my R7800 but this week I decided to try and add VPN functionality. So I thought I'd update to the firmware and start fresh. I followed the links from the specific R7800 supported device page and am now running this;

Hardware: Netgear Nighthawk X4S R7800
Firmware Version: OpenWrt 19.07.1 r10911-c155900f66 / LuCI openwrt-19.07 branch git-20.029.45734-adbbd5c
Kernel Version: 4.14.167

Other than adblock/luci-adblock it is completely vanilla.

I then followed this guide; https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci

I got my .opvn file from my provider (tested it manually on my PC so I know it works) and uploaded it using the luci interface as per the guide. I added my credentials too and I can see the contents of the files in /etc/openvpn (.ovpn and .auth) and all looks ok. I added tun0 in the firewall as per the guide and if I run it manually from cli using; openvpn --config /etc/openvpn/myvpn.ovpn --auth-user-pass it prompts me to type in the credentials and then it connects/works and I can confirm via an attached client that the VPN is up as my external IP changes etc. When I hangup the manual connect, my IP reverts back to my normal ISP.

Problem:

If I restart the router, the VPN doesn't come up automatically (enabled is ticked in luci)
If I click start in luci OpenVPN page, nothing happens

Checking logread I see this:

daemon.notice openvpn(myvpn)[18122]: OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
daemon.notice openvpn(myvpn)[18122]: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
daemon.err openvpn(myvpn)[18122]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
daemon.notice openvpn(myvpn)[18122]: Exiting due to fatal error

So I understand the issue is relating to it being started by daemon and therefore no user input can be received i.e. the credentials, so I expected it to read the .auth file and proceed, but clearly it isn't. I tried adding the askpass token in to the config but got the same result.

Please could someone help with this? Sorry I just don't know what to do or where to start. Any advice greatly appreciated.

(first post here, hopefully I wasn't too noob).

Many thanks

aboaboit · February 13, 2020, 10:16am

Hello and welcome

After uploading the ovpn file, did you also enter username and password as described in the guide?
You're indeed correct that it is failing because of lack of input.

speedcube76 · February 13, 2020, 10:18am

Yep sure did.

aboaboit · February 13, 2020, 10:23am

Hmm, that was my only idea ^^;
I have openvpn but as a server instead of client.

If no one else can help you, I might be able to test the validity of the guide with two of my installations but it's gonna be a while before I get time to do it.

eduperez · February 13, 2020, 12:21pm

In the .opvn file, you must add a reference to the .auth file:

auth-user-pass "/etc/openvpn/myvpn.auth"

speedcube76 · February 13, 2020, 12:32pm

So simple!! Thank you very much. Working perfectly now.

I re-read the initial installation guide and couldn't see this explicitly mentioned, so maybe this can be edited to help others in future.

Appreciate your help.

system · February 23, 2020, 12:32pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.