Hy

is one openvpn.ipkg compiling with this option ?

why using auth-user-pass ?
1 key's set works for many user without revocation Problem ;-)
just add
username-as-common-name
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so

but it,s OK for client mode, but none for router mode who can't write login and pass in auto mode.

At this time
official openvpn ipkg works fine in my wrt54gs, but without auto-start.
manual launch works and i write login and pass in console mode.

So i'm searching for one openvpn.ipkg who is make with --enable-password-save configure  option

CF man openvpn
--auth-user-pass [up]
              Authenticate  with server using username/password.  up  is a file containing username/password on 2 lines (Note: OpenVPN will  only read passwords from a file if it has
              been built with the --enable-password-save configure  option, or on Windows by defining ENABLE_PASSWORD_SAVE in config- win32.h).
              If up is omitted, username/password will be prompted  from the console.
              The server configuration must specify an --auth-user- pass-verify script to verify the username/password provided by the  client.

Maybe you can edit the Makefile for openvpn ? It is located in <whitherussian topdir>/package/openvpn/Makefile

Then, add the line --enabe-password-save at the end of the configure script (just after $(DISABLE_HTTP))

I'm not a good cross compiler :-(

is there anybody to make openvpn for openwrt with this option (--enable-password-save) ?

whit this option you can realise Lan2Lan "routed tunnel" at same time you realise lan2One

just add
username-as-common-name
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so

1 directory ccd
client-config-dir ccd

route 192.168.2.0 255.255.255.255.0 in openvpn.conf
iroute 192.168.2.0 255.255.255.255.0 in ccd/login_1_Lan2lan (attention Iroute, not route)

login_x access in Lan2One routed mode
if login_1 have ccd/login_1 file with iroute directive it's a Lan2Lan

at this time 1 key's set works for all your user's. It's very simple to manage with openvpn-auth-pam.so it works with ldap, sql, /etc/passwd

at launch time up cmd receive all ENV params to launch good rules in your firewall

Please

thank's a lot

Hi there,

I have problem with PLUGIN enabling in OpenVPN. My firmware is made using build process with "make menuconfig" where I have included openvpn package and later installed on my router.
Now I have working configuration and can login through vpn to my router and network behind it from Windows and Linux workstations. For security, I use certificates/keys I have made.

In futher, I would like to enable username/password in combination to certs/keys. Now, I have problem because my router does or does not recognize plugin instructions and I need help from someone.

On router /etc/openvpn/server.conf at bottom I have put:
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login
username-as-common-name

On Linux workstation /etc/openvpn/client.conf at bottom I have put:
auth-user-pass

When I look at syslog output , my router (openvpn server) do not mind such configuration.... no errors or warnings during boot process....
When start client, to connect, it asks me for username and password and whatever I put as username/password it goes and two systems connects to each other. When I comment out "auth-user-pass" from client.conf I try to connect to server and again it connects without problems !!!

Now, I assume that:
1) openvpn server is not configured as it should be, OR
2) openvpn server, I have build into my firmware, do not work with plugins
3) OR....

Seeing discussion from above, I have tried to search for .../trunk/package/openvpn to edit Makefile and edit it manually but I don't have that folder in my SVN download folder.

Can someone help me with this?

EDIT:
plugin /overlay/etc/openvpn/plugin/openvpn-auth-pam.so login

(Last edited by liquid.o on 23 Dec 2010, 12:14)