Reputation: 2399
Openvpn with username and password
I have configure OpenVPN it is working fine. But I always need to import configuration and it has ca certificate, I enabled username and password authentication. But still I need to add this certificate.
How can I connect openvpn without certificate and configuration but only username and password.
Server Configuration
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
auth SHA512
tls-auth /etc/openvpn/ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 94.237.127.99"
push "dhcp-option DNS 94.237.40.99"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4
crl-verify /etc/openvpn/crl.pem
--verify-client-cert none
log-append /var/log/openvpn.log
script-security 2
auth-user-pass-verify /etc/openvpn/example.sh via-file
client configuration
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 94.237.88.154 1194
resolv-retry 5
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
setenv opt block-outside-dns
key-direction 1
verb 3
auth-user-pass
script-security 2
<ca>
-----BEGIN CERTIFICATE-----
###
###
-----END CERTIFICATE-------
Now when I import this file and use my userid and password it connect, but I want to connect openvpn client without importing this client file and only providing username and password.
Upvotes: 6
Views: 32587
Answers (3)
Reputation: 4605
Server requirements are clear: specify client-cert-not-required or its replacement, verify-client-cert.
But on the client, there is an undocumented requirement that pull must be specified if you wish not to send a client certificate. client (as was used in this case) is also okay since it implies pull. Despite this not being mentioned anywhere, it is pretty clear from the code that it is intentional... I imagine the rationale is that if pull is not specified, then OpenVPN takes the role of a point-to-point tunnel, and auth-pass-user isn't supported there.
In order to enable client role (pull) while still preventing options from being pulled, you can do pull-filter ignore "". However some basic options such as cipher and ping are worth pulling anyways.
Upvotes: 0
Reputation: 19
Maybe you can try using OpenVPN Connect for Windows on the client side. By using this software you can establish connection to vpn server with just username and password. No configuration and certificates required. https://openvpn.net/client-connect-vpn-for-windows/
Upvotes: -1
Reputation: 126
There's a directive you can use in your server.conf, depending on your OpenVPN version.
client-cert-not-required:
Makes your VPN a less secure as the cert is not required to authenticate (deprecated).
verify-client-cert none|optional|require:
Using verify-client-cert none is the equivalent of the aforementioned option.
Source Link: Click here
Upvotes: 9
Related Questions
- openvpn3: session-start: how to pass username and password
- How do you generate a certificate and key for VPN authentication
- OpenVPN Connection Using Python (Windows)
- Openvpn connection programmatically in java
- Bash Script for automated OpenVPN logon
- OpenVPN user certificates
- Connection to OPENVPN using c#
- Openvpn password authentication
- How to configure an openvpn in Ubuntu
- Passing a password for an SSL-Key in openvpn