Passworded key files

[shaynem]

Please add support for password protected key files. Not all VPNs use username/password auth and use key files per user only.

[hypatia2]

Hi, can you provide the sample openvpn config file? (with private key masked)
We want to make sure we are covering the right use case.

[shaynem]

It would be the same as any .ovpn file without the auth-user-pass

It would be hard to provide any decent information without an actual working key file with a password.

You could generate your own passworded key files by using

"./build-key-pass client1"

from the easy-rsa scripts - it will work alongside of auth-user-pass also

If your using the OpenVPN management port you would simply send something like this..

password 'Private Key' ' + pass +'\r\n'

https://openvpn.net/index.php/open-source/documentation/howto.html

ai:~ # telnet localhost 1337
password type p : Enter password p for a queried OpenVPN password.

This is obviously relevant if your using raw socket to management port already.

Storing plain text username/passwords into a auth-user-pass file is very insecure --- which is why i'm asking for the Password protected key file functionality to be added.. *(Although I haven't looked at the source code to validate this is the way it's done)

"management 127.0.0.1 1337
management-query-passwords" --- This would be application independent and not actually based on the .ovpn file

i.e if you were using tunnelblick or openvpn-gui it would popup and ask for the key password.

example (*Can also use embedded etc )

client
proto udp
dev tun
remote blah 1191
ca /usr/share/openvpn/keys/ca.crt
cert /usr/share/openvpn/keys/cent1.crt
key /usr/share/openvpn/keys/cent1.key
dh /usr/share/openvpn/keys/dh1024.pem
management 127.0.0.1 1337
management-query-passwords