Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passworded key files #2

Open
shaynem opened this issue Apr 4, 2016 · 2 comments
Open

Passworded key files #2

shaynem opened this issue Apr 4, 2016 · 2 comments

Comments

@shaynem
Copy link

shaynem commented Apr 4, 2016

Please add support for password protected key files. Not all VPNs use username/password auth and use key files per user only.

@hypatia2
Copy link
Collaborator

hypatia2 commented Apr 6, 2016

Hi, can you provide the sample openvpn config file? (with private key masked)
We want to make sure we are covering the right use case.

@shaynem
Copy link
Author

shaynem commented Apr 7, 2016

It would be the same as any .ovpn file without the auth-user-pass

It would be hard to provide any decent information without an actual working key file with a password.

You could generate your own passworded key files by using

"./build-key-pass client1"

from the easy-rsa scripts - it will work alongside of auth-user-pass also

If your using the OpenVPN management port you would simply send something like this..

password 'Private Key' ' + pass +'\r\n'

https://openvpn.net/index.php/open-source/documentation/howto.html

ai:~ # telnet localhost 1337
password type p : Enter password p for a queried OpenVPN password.

This is obviously relevant if your using raw socket to management port already.

Storing plain text username/passwords into a auth-user-pass file is very insecure --- which is why i'm asking for the Password protected key file functionality to be added.. *(Although I haven't looked at the source code to validate this is the way it's done)

"management 127.0.0.1 1337
management-query-passwords" --- This would be application independent and not actually based on the .ovpn file

i.e if you were using tunnelblick or openvpn-gui it would popup and ask for the key password.

example (*Can also use embedded etc )

client
proto udp
dev tun
remote blah 1191
ca /usr/share/openvpn/keys/ca.crt
cert /usr/share/openvpn/keys/cent1.crt
key /usr/share/openvpn/keys/cent1.key
dh /usr/share/openvpn/keys/dh1024.pem
management 127.0.0.1 1337
management-query-passwords

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants