Openvpn (2.3.8-1) client, ask for password

simonvik · 2015-09-23 08:44:20

I'm having problems with the latest openvpn client when running it as a systemd-unit.
The service fails to ask for password with error :

neither stdin nor stderr are a tty device, can't ask for Private Key password.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and y...e --auth-nocache.

The unit-file i run looks like:

[Unit]
Description=OpenVPN connection to %i
After=network.target
Requires=systemd-ask-password-wall.service

[Service]
Type=forking
ExecStart=/usr/bin/openvpn --askpass --cd /etc/openvpn/%i --config /etc/openvpn/%i/openvpn.conf --daemon openvpn@%i
[Install]
WantedBy=multi-user.target

I have also tried the openvpn-upstream unit file openvpn-client@.service at github and that fails too .

Does anyone have a solution to this error, or do you experience this your self?

jonlorusso · 2015-09-23 16:03:04

Same issue here.

brebs · 2015-09-23 17:47:57

These previous threads might help:

https://bbs.archlinux.org/viewtopic.php?id=129509
https://bbs.archlinux.org/viewtopic.php?id=150440
https://alan-mushi.github.io/2014/10/26 … stemd.html

simonvik · 2015-09-23 18:33:05

Checked a bit more, Im pretty sure that the following code broke it :

+#ifndef WIN32
+         /* did we --daemon'ize before asking for passwords? */
+         if ( !isatty(0) && !isatty(2) )
+           { msg(M_FATAL, "neither stdin nor stderr are a tty device, can't ask for %s password.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.", prefix ); }
+#endif

They changed how they daemonize and they added this check to make sure that they ask for password before forking.
Openvpn supports systemd-ask-pass but this code gets executed before that.

Removing the code + setting "--askpass" solves the issue.

tomaszc · 2015-09-24 16:34:23

I reported the bug:
https://bugs.archlinux.org/task/46422

Arch Linux

#1 2015-09-23 08:44:20

Openvpn (2.3.8-1) client, ask for password

#2 2015-09-23 16:03:04

Re: Openvpn (2.3.8-1) client, ask for password

#3 2015-09-23 17:47:57

Re: Openvpn (2.3.8-1) client, ask for password

#4 2015-09-23 18:33:05

Re: Openvpn (2.3.8-1) client, ask for password

#5 2015-09-24 16:34:23

Re: Openvpn (2.3.8-1) client, ask for password

Board footer