openvpn

1. OpenVpn doc
2. Debian OpenVpn
3. How to automate your VPN login – user and password
4. my_config.ovpn
5. logs
6. Good tutorials

1 OpenVpn doc

/usr/share/doc/openvpn/README.Debian.gz

/usr/share/doc/openvpn/examples

When OpenVPN is started by /etc/init.d/openvpn the default is to start a separate openvpn daemon for each .conf configuration file in the /etc/openvpn directory. The /etc/default/openvpn file may be used to alter this behavior.

2 Debian OpenVpn

http://ral-arturo.org/2017/04/07/openvpn-debian-stretch.html

3 How to automate your VPN login – user and password

In the config file, provide option --auth-user-pass with a file containing the user and password

--auth-user-pass [up]
       Authenticate with server using username/password.  up is a file containing username/password on 2 lines (Note: OpenVPN will only read  passwords  from  a
       file if it has been built with the --enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in win/settings.in).

       If up is omitted, username/password will be prompted from the console.

       The server configuration must specify an --auth-user-pass-verify script to verify the username/password provided by the client.

NOTE: In the Authfile, the username and password must be on two consecutive lines

4 `my_config.ovpn`

client
dev tun
proto udp
remote exampleserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass user_pass.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem

5 logs

 Preserving previous TUN/TAP instance: tun0
 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
ch process
 ERROR: Linux route delete command failed: external program exited with error status: 2
 /sbin/ip addr del dev tun0 local 10.143.1.6 peer 10.143.1.5
 TUN/TAP device tun0 opened
 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
 /sbin/ip link set dev tun0 up mtu 1500
 /sbin/ip addr add dev tun0 local 10.136.1.6 peer 10.136.1.5
 Initialization Sequence Completed
 [Private Internet Access] Inactivity timeout (--ping-restart), restarting
 SIGUSR1[soft,ping-restart] received, process restarting
 UDPv4 link local: [undef]
 UDPv4 link remote: [AF_INET] XXX.XXX.XXX.XXX:1194
 [Private Internet Access] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1194
 Preserving previous TUN/TAP instance: tun0

 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.

 /sbin/ip addr del dev tun0 local 10.136.1.6 peer 10.136.1.5
 TUN/TAP device tun0 opened
 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
 /sbin/ip link set dev tun0 up mtu 1500
 /sbin/ip addr add dev tun0 local 10.172.1.6 peer 10.172.1.5
 Initialization Sequence Completed

6 Good tutorials

Configure server and client
- https://networklessons.com/linux/openvpn-server-usernamepassword-authentication/