You are not logged in.

#1 2011-09-08 08:30:23

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Script to pass openvpn the username

I currently have a simple script that I use to start an openvpn connection and it uses a credentials file passed via --auth-user-pass

What I want to be able to do is not have to enter the username, but have to enter the password every time.  Since this does not appear to be possible with openvpn, I figured that I would try and see if I could script it.

The trouble is that I'm not sure how to pass the username to the prompt...

My script as it stands looks like this:

cd /etc/openvpn                 
sudo modprobe tun               
sudo openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass

Can anyone help me with this?

Offline

#2 2011-09-08 16:50:42

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Re: Script to pass openvpn the username

OK - I've been playing around with this and I now have:

#!/bin/bash
cd /etc/openvpn
sudo modprobe tun
sudo openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass << EOF
<username>
EOF

But it doesn't work - presumably because it's trying to pass the username to sudo?

What am I missing?

Offline

#3 2011-09-11 16:29:46

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Re: Script to pass openvpn the username

No ideas?

Offline

#4 2011-09-14 14:30:36

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Re: Script to pass openvpn the username

bump..

Offline

#5 2011-09-14 14:46:21

krisoijn
Member
Registered: 2011-03-18
Posts: 15
Website

Re: Script to pass openvpn the username

phunni wrote:

OK - I've been playing around with this and I now have:

#!/bin/bash
cd /etc/openvpn
sudo modprobe tun
sudo openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass << EOF
<username>
EOF

But it doesn't work - presumably because it's trying to pass the username to sudo?

What am I missing?

#!/bin/bash

# are you looking for this?
# http://tldp.org/LDP/abs/html/othertypesv.html
declare -r username=$1
shift
declare -r password=$1

cd /etc/openvpn
sudo modprobe tun
sudo openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass $username

Offline

#6 2011-09-14 15:19:47

unixfreak
Member
From: United Kingdom
Registered: 2011-09-12
Posts: 9

Re: Script to pass openvpn the username

EDIT: nevermind i didn't realize openvpn gave a separate prompt, looks like krisoijn posted what you need.

-------

This is what i would do:

#!/usr/bin/env bash

_path=/etc/openvpn
_conf=/etc/openvpn/secure02.ovpn
_ssec=2

[[ $(id -u) != 0 ]] && echo "Need to be root!" && exit 2


stty -echo
read -p "Enter Password: " ${_pass}
stty echo

cd ${_path}  || exit $?
modprobe tun || exit $?

openvpn --script-security ${_ssec} \
        --config          ${_conf} \
        --auth-user-pass  ${_pass} \
|| exit $?

echo "Connected to VPN."

stty -echo disables the console from printing text as you type, then read -p stores the password in $_pass

Last edited by unixfreak (2011-09-14 15:48:06)


"Any sufficiently advanced technology is indistinguishable from magic."

Offline

#7 2011-09-14 16:04:00

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Re: Script to pass openvpn the username

Thanks guys - I'll give these ideas a go! :-)

Offline

#8 2011-09-14 16:17:46

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Re: Script to pass openvpn the username

OK - having looked at this further neither of these solutions will work (unless I'm missing something - quite possible!).  --auth-user-pass either takes the name of a file which has a username and a password on a separate line, or it takes no arguments, in which case the user is prompted for a username and password.

I need to either create a temporary, in memory file containing the username and password - the latter to be pulled from the script args, or I need to be able to answer the prompts in the script using variables...

Offline

#9 2011-09-24 14:44:13

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Re: Script to pass openvpn the username

bump

Offline

#10 2011-09-24 21:38:31

rockin turtle
Member
From: Montana, USA
Registered: 2009-10-22
Posts: 227

Re: Script to pass openvpn the username

Try this:

#!/bin/bash

upass=$(printf 'phunni\n%s' "$1")
echo "$upass" | sudo openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass

Then invoke it by:

$ runvpn password

Last edited by rockin turtle (2011-09-24 21:45:32)

Offline

#11 2011-09-25 11:51:53

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Re: Script to pass openvpn the username

Thanks for the suggestion, but it simply asked me for the username and password again...

Offline

#12 2011-09-25 14:00:02

austin.rbn
Member
Registered: 2010-01-23
Posts: 77

Re: Script to pass openvpn the username

I know you want to write a bash script for this, but "expect" really was made for just such a purpose. Here's an expect script which I think does what you want.

#!/usr/bin/expect

set username "foo\r"
set config "bar"

cd /path/to/config

spawn openvpn $config
expect "Enter Auth Username:"
send $username
interact

"Computer Science is embarrassed by the computer." -- Alan J. Perlis

Offline

#13 2011-09-25 15:16:11

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Re: Script to pass openvpn the username

Thanks - I wasn't aware of expect, so that's interesting in itself.  I tried a version of your script:

#!/usr/bin/expect -f

set username "<username>\r"
set config "--script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass"

cd /etc/openvpn

spawn openvpn $config
expect "Enter Auth Username:"
send $username
interact

Obviously, I'm replacing <username> with my username.  I'm getting the following error:

spawn openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass
Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)
Use --help for more information.
send: spawn id exp6 not open
    while executing
"send $username"

Offline

#14 2011-09-25 15:25:22

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Re: Script to pass openvpn the username

If it's of any help; the output of "expect -d bin/private" (bin/private obviously being the path to my script) is:

expect version 5.45
argv[0] = expect  argv[1] = -d  argv[2] = bin/private  
set argc 0
set argv0 "bin/private"
set argv ""
executing commands from command file bin/private
spawn openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {7215}

expect: does "" (spawn_id exp6) match glob pattern "Enter Auth Username:"? no
Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)
expect: does "Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)" (spawn_id exp6) match glob pattern "Enter Auth Username:"? no


expect: does "Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)\r\n" (spawn_id exp6) match glob pattern "Enter Auth Username:"? no
Use --help for more information.
expect: does "Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)\r\nUse --help for more information." (spawn_id exp6) match glob pattern "Enter Auth Username:"? no


expect: does "Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)\r\nUse --help for more information.\r\n" (spawn_id exp6) match glob pattern "Enter Auth Username:"? no
expect: read eof
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)\r\nUse --help for more information.\r\n"
send: sending "<username>\n" to { exp6 send: spawn id exp6 not open
    while executing
"send $username"
    (file "bin/private" line 10)

Again, I've replaced my username with <username>

If I run the command that gets spawned, I get the expected output - i.e. "Enter Auth Username:"

Last edited by phunni (2011-09-25 15:26:23)

Offline

#15 2011-09-25 21:41:49

austin.rbn
Member
Registered: 2010-01-23
Posts: 77

Re: Script to pass openvpn the username

Hmmm. I'm not sure about that. I am a bit new to expect as well. However, after fiddling with it a bit, I've confirmed that this one does work:

#!/usr/bin/expect

set username "<name>\r"
set config "/etc/openvpn/secure02.ovpn"

spawn openvpn --script-security 2  --config $config --auth-user-pass
expect "Enter Auth Username:"
send $username
interact

Hope this helps. I really don't have any idea why you can't seem to pass a string of options as a variable.

Last edited by austin.rbn (2011-09-25 21:42:33)


"Computer Science is embarrassed by the computer." -- Alan J. Perlis

Offline

#16 2011-09-26 16:56:16

phunni
Member
From: Bristol, UK
Registered: 2003-08-13
Posts: 768

Re: Script to pass openvpn the username

Brilliant - thank you! That worked perfectly :-)

Offline

#17 2011-10-01 07:14:39

gdane195
Member
From: Canada
Registered: 2009-10-11
Posts: 6

Re: Script to pass openvpn the username

Try this.....works for me.

./Ovpn.exp username password

#!/usr/bin/expect -f
#

set config "/etc/openvpn/secure02.ovpn"
set username [lrange $argv 0 0]
set password [lrange $argv 1 1]


set force_conservative 1  ;# set to 1 to force conservative mode even if
                          ;# script wasn't run conservatively originally
if {$force_conservative} {
        set send_slow {1 .1}
        proc send {ignore arg} {
                sleep .1
                exp_send -s -- $arg
        }
}

set timeout -1
spawn openvpn --script-security 2  --config $config --auth-user-pass
match_max 100000
expect -exact "Openvpn UserName and password: "
send -- "$username\r"
send -- "$password\r"

#interact

Offline

Board footer

Powered by FluxBB