[Solved] Raspberry PI4 and VPN error login

peppect84 · December 28, 2020, 4:46pm

Good evening, I'm trying to start an openVPN client ".ovpn" with relative user and password but I get these errors

Mon Dec 28 16:30:22 2020 daemon.warn openvpn(adminIT)[3713]: DEPRECATED OPTION: http-proxy-retry and socks-proxy-retry: In OpenVPN 2.4 proxy connection retries are handled like regular connections. Use connect-retry-max 1 to get a similar behavior as before.
Mon Dec 28 16:30:22 2020 daemon.warn openvpn(adminIT)[3713]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Mon Dec 28 16:30:22 2020 daemon.notice openvpn(adminIT)[3713]: OpenVPN 2.5.0 aarch64-openwrt-linux-gnu [SSL (mbed TLS)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Dec 28 16:30:22 2020 daemon.notice openvpn(adminIT)[3713]: library versions: mbed TLS 2.16.8
Mon Dec 28 16:30:22 2020 daemon.err openvpn(adminIT)[3713]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Mon Dec 28 16:30:22 2020 daemon.notice openvpn(adminIT)[3713]: Exiting due to fatal error

the user and password are correct, I can't explain why it can't connect to the vpn

mk24 · December 28, 2020, 6:02pm

Since its non interactive mode the user and pasword need to be stored in a file. OpenVPN then needs to be informed of this file by adding the complete path to the file to the auth-user-pass setting.

auth-user-pass /etc/openvpn/adminIT.auth

Also you should fix the warnings reported in the first two lines. Apparently whoever wrote the .ovpn file was using an old version of OpenVPN.

peppect84 · December 28, 2020, 6:38pm

I added this line to the file but the result hasn't changed

Mon Dec 28 18:33:59 2020 daemon.warn openvpn(adminIT)[5768]: DEPRECATED OPTION: http-proxy-retry and socks-proxy-retry: In OpenVPN 2.4 proxy connection retries are handled like regular connections. Use connect-retry-max 1 to get a similar behavior as before.
Mon Dec 28 18:33:59 2020 daemon.warn openvpn(adminIT)[5768]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Mon Dec 28 18:33:59 2020 daemon.notice openvpn(adminIT)[5768]: OpenVPN 2.5.0 aarch64-openwrt-linux-gnu [SSL (mbed TLS)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Mon Dec 28 18:33:59 2020 daemon.notice openvpn(adminIT)[5768]: library versions: mbed TLS 2.16.8
Mon Dec 28 18:33:59 2020 daemon.err openvpn(adminIT)[5768]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Mon Dec 28 18:33:59 2020 daemon.notice openvpn(adminIT)[5768]: Exiting due to fatal error

mk24 · December 28, 2020, 6:54pm

You added it to the user pass file. That is wrong, that file must be only two lines: your user name on the first line and password on the second line.

In the .ovpn configuration file, change the line that is now just auth-user-pass to include the filename.

system · January 7, 2021, 6:54pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.