OpenVPN failing with config file and MFA

Question

I can use OpenVPN fine from the command line when entering my username / password and MFA. E.g. sudo openvpn --config ~/conf/client.ovpn

However, if I then put my username and password in a config file and run it with: sudo openvpn --config ~/conf/client.ovpn --auth-user-pass ~/conf/vpn.pass.conf it skips the MFA auth stage and errors with:

Thu Apr  2 09:09:42 2020 VERIFY OK: nsCertType=SERVER
Thu Apr  2 09:09:42 2020 VERIFY OK: depth=0, CN=OpenVPN Server
Thu Apr  2 09:09:42 2020 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Apr  2 09:09:42 2020 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr  2 09:09:42 2020 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Apr  2 09:09:42 2020 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr  2 09:09:42 2020 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Thu Apr  2 09:09:42 2020 [OpenVPN Server] Peer Connection Initiated with [AF_INET]51.179.222.40:2194
Thu Apr  2 09:09:45 2020 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Thu Apr  2 09:09:45 2020 AUTH: Received control message: AUTH_FAILED,SESSION: Your session has expired, please reauthenticate
Thu Apr  2 09:09:45 2020 SIGTERM[soft,auth-failure] received, process exiting

Is there a way to put my username / password into an auth file and get it to prompt for my MFA?

Answer 1

You can do the on of the followings:

1) Adding this line to the ~/conf/client.ovpn file:

auth-user-pass /full/path/conf/vpn.pass.conf

2) Adding the following lines to your ~/conf/client.ovpn file:

<auth-user-pass>
my-username
my-password
</auth-user-pass>