Script to pass openvpn the username

phunni · 2011-09-08 08:30:23

I currently have a simple script that I use to start an openvpn connection and it uses a credentials file passed via --auth-user-pass

What I want to be able to do is not have to enter the username, but have to enter the password every time. Since this does not appear to be possible with openvpn, I figured that I would try and see if I could script it.

The trouble is that I'm not sure how to pass the username to the prompt...

My script as it stands looks like this:

cd /etc/openvpn                 
sudo modprobe tun               
sudo openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass

Can anyone help me with this?

phunni · 2011-09-08 16:50:42

OK - I've been playing around with this and I now have:

#!/bin/bash
cd /etc/openvpn
sudo modprobe tun
sudo openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass << EOF
<username>
EOF

But it doesn't work - presumably because it's trying to pass the username to sudo?

What am I missing?

phunni · 2011-09-11 16:29:46

No ideas?

phunni · 2011-09-14 14:30:36

bump..

krisoijn · 2011-09-14 14:46:21

phunni wrote:

OK - I've been playing around with this and I now have:
#!/bin/bash
cd /etc/openvpn
sudo modprobe tun
sudo openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass << EOF
<username>
EOF
But it doesn't work - presumably because it's trying to pass the username to sudo?
What am I missing?

#!/bin/bash

# are you looking for this?
# http://tldp.org/LDP/abs/html/othertypesv.html
declare -r username=$1
shift
declare -r password=$1

cd /etc/openvpn
sudo modprobe tun
sudo openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass $username

unixfreak · 2011-09-14 15:19:47

EDIT: nevermind i didn't realize openvpn gave a separate prompt, looks like krisoijn posted what you need.

-------

This is what i would do:

#!/usr/bin/env bash

_path=/etc/openvpn
_conf=/etc/openvpn/secure02.ovpn
_ssec=2

[[ $(id -u) != 0 ]] && echo "Need to be root!" && exit 2


stty -echo
read -p "Enter Password: " ${_pass}
stty echo

cd ${_path}  || exit $?
modprobe tun || exit $?

openvpn --script-security ${_ssec} \
        --config          ${_conf} \
        --auth-user-pass  ${_pass} \
|| exit $?

echo "Connected to VPN."

stty -echo disables the console from printing text as you type, then read -p stores the password in $_pass

Last edited by unixfreak (2011-09-14 15:48:06)

phunni · 2011-09-14 16:04:00

Thanks guys - I'll give these ideas a go! :-)

phunni · 2011-09-14 16:17:46

OK - having looked at this further neither of these solutions will work (unless I'm missing something - quite possible!). --auth-user-pass either takes the name of a file which has a username and a password on a separate line, or it takes no arguments, in which case the user is prompted for a username and password.

I need to either create a temporary, in memory file containing the username and password - the latter to be pulled from the script args, or I need to be able to answer the prompts in the script using variables...

phunni · 2011-09-24 14:44:13

bump

rockin turtle · 2011-09-24 21:38:31

Try this:

#!/bin/bash

upass=$(printf 'phunni\n%s' "$1")
echo "$upass" | sudo openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass

Then invoke it by:

$ runvpn password

Last edited by rockin turtle (2011-09-24 21:45:32)

phunni · 2011-09-25 11:51:53

Thanks for the suggestion, but it simply asked me for the username and password again...

austin.rbn · 2011-09-25 14:00:02

I know you want to write a bash script for this, but "expect" really was made for just such a purpose. Here's an expect script which I think does what you want.

#!/usr/bin/expect

set username "foo\r"
set config "bar"

cd /path/to/config

spawn openvpn $config
expect "Enter Auth Username:"
send $username
interact

phunni · 2011-09-25 15:16:11

Thanks - I wasn't aware of expect, so that's interesting in itself. I tried a version of your script:

#!/usr/bin/expect -f

set username "<username>\r"
set config "--script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass"

cd /etc/openvpn

spawn openvpn $config
expect "Enter Auth Username:"
send $username
interact

Obviously, I'm replacing <username> with my username. I'm getting the following error:

spawn openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass
Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)
Use --help for more information.
send: spawn id exp6 not open
    while executing
"send $username"

phunni · 2011-09-25 15:25:22

If it's of any help; the output of "expect -d bin/private" (bin/private obviously being the path to my script) is:

expect version 5.45
argv[0] = expect  argv[1] = -d  argv[2] = bin/private  
set argc 0
set argv0 "bin/private"
set argv ""
executing commands from command file bin/private
spawn openvpn --script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {7215}

expect: does "" (spawn_id exp6) match glob pattern "Enter Auth Username:"? no
Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)
expect: does "Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)" (spawn_id exp6) match glob pattern "Enter Auth Username:"? no


expect: does "Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)\r\n" (spawn_id exp6) match glob pattern "Enter Auth Username:"? no
Use --help for more information.
expect: does "Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)\r\nUse --help for more information." (spawn_id exp6) match glob pattern "Enter Auth Username:"? no


expect: does "Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)\r\nUse --help for more information.\r\n" (spawn_id exp6) match glob pattern "Enter Auth Username:"? no
expect: read eof
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "Options error: Unrecognized option or missing parameter(s) in [CMD-LINE]:1: script-security 2  --config /etc/openvpn/secure02.ovpn --auth-user-pass (2.2.1)\r\nUse --help for more information.\r\n"
send: sending "<username>\n" to { exp6 send: spawn id exp6 not open
    while executing
"send $username"
    (file "bin/private" line 10)

Again, I've replaced my username with <username>

If I run the command that gets spawned, I get the expected output - i.e. "Enter Auth Username:"

Last edited by phunni (2011-09-25 15:26:23)

austin.rbn · 2011-09-25 21:41:49

Hmmm. I'm not sure about that. I am a bit new to expect as well. However, after fiddling with it a bit, I've confirmed that this one does work:

#!/usr/bin/expect

set username "<name>\r"
set config "/etc/openvpn/secure02.ovpn"

spawn openvpn --script-security 2  --config $config --auth-user-pass
expect "Enter Auth Username:"
send $username
interact

Hope this helps. I really don't have any idea why you can't seem to pass a string of options as a variable.

Last edited by austin.rbn (2011-09-25 21:42:33)

phunni · 2011-09-26 16:56:16

Brilliant - thank you! That worked perfectly :-)

gdane195 · 2011-10-01 07:14:39

Try this.....works for me.

./Ovpn.exp username password

#!/usr/bin/expect -f
#

set config "/etc/openvpn/secure02.ovpn"
set username [lrange $argv 0 0]
set password [lrange $argv 1 1]

set force_conservative 1 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}

set timeout -1
spawn openvpn --script-security 2 --config $config --auth-user-pass
match_max 100000
expect -exact "Openvpn UserName and password: "
send -- "$username\r"
send -- "$password\r"

#interact

Arch Linux

#1 2011-09-08 08:30:23

Script to pass openvpn the username

#2 2011-09-08 16:50:42

Re: Script to pass openvpn the username

#3 2011-09-11 16:29:46

Re: Script to pass openvpn the username

#4 2011-09-14 14:30:36

Re: Script to pass openvpn the username

#5 2011-09-14 14:46:21

Re: Script to pass openvpn the username

#6 2011-09-14 15:19:47

Re: Script to pass openvpn the username

#7 2011-09-14 16:04:00

Re: Script to pass openvpn the username

#8 2011-09-14 16:17:46

Re: Script to pass openvpn the username

#9 2011-09-24 14:44:13

Re: Script to pass openvpn the username

#10 2011-09-24 21:38:31

Re: Script to pass openvpn the username

#11 2011-09-25 11:51:53

Re: Script to pass openvpn the username

#12 2011-09-25 14:00:02

Re: Script to pass openvpn the username

#13 2011-09-25 15:16:11

Re: Script to pass openvpn the username

#14 2011-09-25 15:25:22

Re: Script to pass openvpn the username

#15 2011-09-25 21:41:49

Re: Script to pass openvpn the username

#16 2011-09-26 16:56:16

Re: Script to pass openvpn the username

#17 2011-10-01 07:14:39

Re: Script to pass openvpn the username

Board footer