could not read Auth username from stdin

This forum is for admins who are looking to build or expand their OpenVPN setup.

robertas
OpenVpn Newbie
Posts: 7
Joined: Midweek May 18, 2016 12:58 pm

could non read Auth username from stdin

I am setting up site to site vpn, and then I've setup a service on a debian which starts on boot. Only later some time(~1h) my tunnel disappears. So afterward digging effectually in logs I institute that it complains about auth from stdin, but my config has a password in it.

OpenVPN version:
OpenVPN 2.3.iv x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015

Logs(hostname redacted):

Lawmaking: Select all

                  May eighteen 12:38:39 vpn-hostname ovpn-client[3185]: ERROR: could not read Auth username from stdin May 18 12:38:39 vpn-hostname  ovpn-client[3185]: Exiting due to fatal fault May 18 12:38:39 vpn-hostname  ovpn-client[3185]: /sbin/ip addr del dev tun0 192.168.61.three/24 May 18 12:38:39 vpn-hostname  systemd[1]: openvpn@customer.service: main process exited, lawmaking=exited, status=1/FAILURE May 18 12:38:39 vpn-hostname  systemd[1]: Unit of measurement openvpn@client.service entered failed state.

My configuration exported from pfsense(public domain redacted), pfsense-auth is a file with user/password and it works get-go fourth dimension and should be ok, I tin can restart openvpn service and information technology works again for about 1h.

Customer

dev tun
persist-tun
persist-fundamental
null AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
auth-user-pass pfsense-auth
auth-nocache
remote my-redacted-vpn.com 1194 udp
lport 0
verify-x509-proper name "my-redacted-vpn.com" proper noun
pkcs12 pfSense-udp-1194-scaleway1.my-redacted-vpn.com.p12
tls-auth pfSense-udp-1194-scaleway1.my-redacted-vpn.com-tls.primal 1
ns-cert-type server

robertas
OpenVpn Newbie
Posts: 7
Joined: Wed May 18, 2016 12:58 pm

Re: could not read Auth username from stdin

Mail service by robertas » Thu May 19, 2016 seven:09 pm

That makes sense, but information technology doesn't seem to work. I've added config choice "auth-retry nointeract" which should reread username/passworod from given file. But my connection seems to go on dropping on reauth. I tried rebooting server, which didn't help either. Perhaps options order is incorrect?

Updated configuration:

updated configuration

dev tun
persist-tun
persist-key
nil AES-256-CBC
auth SHA1
tls-customer
client
resolv-retry infinite
auth-user-laissez passer pfsense-auth
auth-retry nointeract
auth-nocache
remote vpn.my-redacted-domain.com 1194 udp
lport 0
verify-x509-proper noun "vpn.my-redacted-domain.com" proper noun
pkcs12 pfSense-udp-1194-scaleway1.my-redacted-domain.com.p12
tls-auth pfSense-udp-1194-scaleway1.my-redacted-domain.com-tls.cardinal 1
ns-cert-type server

Relevant logs:

Lawmaking: Select all

                  May 19 14:ten:19 scw-f1e4c6 ovpn-client[3165]: UDPv4 link local (bound): [undef] May 19 14:10:nineteen scw-f1e4c6 ovpn-client[3165]: UDPv4 link remote: [AF_INET]i.2.3.4:1194 May 19 xiv:10:19 scw-f1e4c6 ovpn-customer[3165]: [my-redacted-domain.com] Peer Connection Initiated with [AF_INET]1.2.3.4:1194 May 19 fourteen:10:21 scw-f1e4c6 ovpn-client[3165]: TUN/TAP device tun0 opened May 19 14:10:21 scw-f1e4c6 ovpn-customer[3165]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 May 19 xiv:10:21 scw-f1e4c6 ovpn-client[3165]: /sbin/ip link set up dev tun0 up mtu 1500 May xix 14:10:21 scw-f1e4c6 ovpn-client[3165]: /sbin/ip addr add together dev tun0 192.168.61.3/24 circulate 192.168.61.255 May 19 14:x:21 scw-f1e4c6 ovpn-client[3165]: Initialization Sequence Completed May 19 xv:11:49 scw-f1e4c6 ovpn-customer[3165]: ERROR: could non read Auth username from stdin May 19 fifteen:11:49 scw-f1e4c6 ovpn-client[3165]: Exiting due to fatal error May nineteen 15:xi:49 scw-f1e4c6 ovpn-client[3165]: /sbin/ip addr del dev tun0 192.168.61.iii/24

User avatar

Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sabbatum Aug 09, 2014 11:24 am

Re: could not read Auth username from stdin

Post by Traffic » Thu May xix, 2016 7:48 pm

It works for me .. I presume you are non dropping privileges ?

Things you can attempt:

  • Specify the complete path to the user/pass file ..
    Although, that does not announced to be that problem .. ie. this error:

    Code: Select all

                          Error: could non read Auth username from stdin
  • Install the version from the OpenVPN Repo:
    https://community.openvpn.net/openvpn/w ... twareRepos

Let us know :)

robertas
OpenVpn Newbie
Posts: vii
Joined: Wed May 18, 2016 12:58 pm

Re: could not read Auth username from stdin

Mail by robertas » Thu May 19, 2016 nine:12 pm

I am using standard openvpn installation on centos 7 using systemd provided openvpn service, then I'm not certain about privileges. Volition try accented path. Link you provided seems to exist ubuntu/debian repository, could try building latest version from source if that'due south non too hard.

Thanks for help!

User avatar

Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sabbatum Aug 09, 2014 xi:24 am

Re: could not read Auth username from stdin

Postal service by Traffic » Thu May 19, 2016 9:58 pm

robertas wrote:I am using standard openvpn installation on centos 7 using systemd provided openvpn service

Please post the service file.

robertas
OpenVpn Newbie
Posts: seven
Joined: Wed May 18, 2016 12:58 pm

Re: could not read Auth username from stdin

Post by robertas » Fri May 20, 2016 xi:45 am

openvpn.service

Code: Select all

                  # This service is really a systemd target, # only we are using a service since targets cannot be reloaded.  [Unit] Clarification=OpenVPN service Later=network.target  [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/truthful ExecReload=/bin/truthful WorkingDirectory=/etc/openvpn  [Install] WantedBy=multi-user.target

Openvpn client template(openvpn@.service)

Code: Select all

                  [Unit of measurement] Description=OpenVPN connection to %i PartOf=openvpn.service ReloadPropagatedFrom=openvpn.service  [Service] Type=forking ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf ExecReload=/bin/kill -HUP $MAINPID WorkingDirectory=/etc/openvpn  [Install] WantedBy=multi-user.target
robertas
OpenVpn Newbie
Posts: 7
Joined: Midweek May 18, 2016 12:58 pm

Re: could not read Auth username from stdin

Mail service past robertas » Fri May 20, 2016 11:47 am

And accented path didn't work, and then I'm will be building openvpn from source through the weekend.

User avatar

Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: could not read Auth username from stdin

Post by Traffic » Fri May xx, 2016 i:31 pm

robertas wrote:I've setup a service on a debian

robertas wrote:I am using standard openvpn installation on centos 7

which is it ? exist specific ..

robertas
OpenVpn Newbie
Posts: 7
Joined: Wed May eighteen, 2016 12:58 pm

Re: could not read Auth username from stdin

Post past robertas » Fri May 20, 2016 5:47 pm

Sorry for messing that up, I'm using debian 8.

Simply tried passing passing pkcs12 and tls-auth options using accented paths(previously tried adding accented path to auth-user-laissez passer) which didn't help either.

It takes an 60 minutes to debug it, then its quite wearisome process. Adjacent I'm trying to launch openvpn --config client.conf to rule out if information technology'south the service problem or the configuration.

robertas
OpenVpn Newbie
Posts: seven
Joined: Wednesday May 18, 2016 12:58 pm

Re: could not read Auth username from stdin

Postal service by robertas » Sat May 21, 2016 12:24 pm

Just upgraded to 2.3.xi and it is working! Thanks for your help!

User avatar

Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sabbatum Aug 09, 2014 11:24 am

Re: could not read Auth username from stdin

Postal service by Traffic » Sat May 21, 2016 iii:46 pm

Excellent .. thanks for letting us know the solution 8-)

I look it was an former compile time setting in the version you were using.