could not read Auth username from stdin

This forum is for admins who are looking to build or expand their OpenVPN setup.

robertas
OpenVpn Newbie
Posts: vii
Joined: Midweek May 18, 2016 12:58 pm

could not read Auth username from stdin

I am setting upward site to site vpn, so I've setup a service on a debian which starts on boot. Just after some time(~1h) my tunnel disappears. So after digging around in logs I institute that it complains virtually auth from stdin, but my config has a password in it.

OpenVPN version:
OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] congenital on Nov 12 2015

Logs(hostname redacted):

Lawmaking: Select all

                  May 18 12:38:39 vpn-hostname ovpn-customer[3185]: Mistake: could not read Auth username from stdin May 18 12:38:39 vpn-hostname  ovpn-client[3185]: Exiting due to fatal error May eighteen 12:38:39 vpn-hostname  ovpn-client[3185]: /sbin/ip addr del dev tun0 192.168.61.3/24 May eighteen 12:38:39 vpn-hostname  systemd[1]: openvpn@client.service: chief process exited, lawmaking=exited, condition=i/FAILURE May 18 12:38:39 vpn-hostname  systemd[ane]: Unit openvpn@client.service entered failed state.

My configuration exported from pfsense(public domain redacted), pfsense-auth is a file with user/password and it works first time and should be ok, I can restart openvpn service and it works over again for about 1h.

Client

dev tun
persist-tun
persist-key
cypher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
auth-user-pass pfsense-auth
auth-nocache
remote my-redacted-vpn.com 1194 udp
lport 0
verify-x509-name "my-redacted-vpn.com" name
pkcs12 pfSense-udp-1194-scaleway1.my-redacted-vpn.com.p12
tls-auth pfSense-udp-1194-scaleway1.my-redacted-vpn.com-tls.key 1
ns-cert-type server

robertas
OpenVpn Newbie
Posts: 7
Joined: Wed May 18, 2016 12:58 pm

Re: could non read Auth username from stdin

Post by robertas » Thu May 19, 2016 seven:09 pm

That makes sense, but it doesn't seem to work. I've added config selection "auth-retry nointeract" which should reread username/passworod from given file. Just my connection seems to keep dropping on reauth. I tried rebooting server, which didn't help either. Perchance options gild is incorrect?

Updated configuration:

updated configuration

dev tun
persist-tun
persist-key
goose egg AES-256-CBC
auth SHA1
tls-customer
customer
resolv-retry infinite
auth-user-pass pfsense-auth
auth-retry nointeract
auth-nocache
remote vpn.my-redacted-domain.com 1194 udp
lport 0
verify-x509-name "vpn.my-redacted-domain.com" name
pkcs12 pfSense-udp-1194-scaleway1.my-redacted-domain.com.p12
tls-auth pfSense-udp-1194-scaleway1.my-redacted-domain.com-tls.cardinal 1
ns-cert-type server

Relevant logs:

Code: Select all

                  May nineteen fourteen:10:19 scw-f1e4c6 ovpn-client[3165]: UDPv4 link local (bound): [undef] May nineteen 14:10:19 scw-f1e4c6 ovpn-customer[3165]: UDPv4 link remote: [AF_INET]1.2.three.4:1194 May 19 14:10:19 scw-f1e4c6 ovpn-client[3165]: [my-redacted-domain.com] Peer Connection Initiated with [AF_INET]1.ii.3.4:1194 May xix 14:10:21 scw-f1e4c6 ovpn-client[3165]: TUN/TAP device tun0 opened May xix 14:10:21 scw-f1e4c6 ovpn-client[3165]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 May nineteen 14:x:21 scw-f1e4c6 ovpn-client[3165]: /sbin/ip link set dev tun0 upward mtu 1500 May nineteen fourteen:10:21 scw-f1e4c6 ovpn-customer[3165]: /sbin/ip addr add dev tun0 192.168.61.three/24 circulate 192.168.61.255 May 19 xiv:10:21 scw-f1e4c6 ovpn-client[3165]: Initialization Sequence Completed May 19 15:eleven:49 scw-f1e4c6 ovpn-client[3165]: ERROR: could not read Auth username from stdin May 19 fifteen:11:49 scw-f1e4c6 ovpn-customer[3165]: Exiting due to fatal error May 19 15:xi:49 scw-f1e4c6 ovpn-client[3165]: /sbin/ip addr del dev tun0 192.168.61.3/24

User avatar

Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sabbatum Aug 09, 2014 xi:24 am

Re: could not read Auth username from stdin

Post past Traffic » Thu May 19, 2016 7:48 pm

It works for me .. I presume y'all are not dropping privileges ?

Things y'all tin try:

  • Specify the complete path to the user/pass file ..
    Although, that does not appear to be that trouble .. ie. this error:

    Code: Select all

                          ERROR: could non read Auth username from stdin
  • Install the version from the OpenVPN Repo:
    https://community.openvpn.net/openvpn/w ... twareRepos

Let usa know :)

robertas
OpenVpn Newbie
Posts: 7
Joined: Midweek May 18, 2016 12:58 pm

Re: could not read Auth username from stdin

Post by robertas » Thu May 19, 2016 9:12 pm

I am using standard openvpn installation on centos 7 using systemd provided openvpn service, so I'thou not sure near privileges. Will attempt accented path. Link you provided seems to be ubuntu/debian repository, could try building latest version from source if that'south not as well hard.

Thanks for help!

User avatar

Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sabbatum Aug 09, 2014 xi:24 am

Re: could not read Auth username from stdin

Postal service by Traffic » Thu May xix, 2016 9:58 pm

robertas wrote:I am using standard openvpn installation on centos 7 using systemd provided openvpn service

Delight mail service the service file.

robertas
OpenVpn Newbie
Posts: 7
Joined: Wed May eighteen, 2016 12:58 pm

Re: could non read Auth username from stdin

Post by robertas » Fri May 20, 2016 11:45 am

openvpn.service

Lawmaking: Select all

                  # This service is actually a systemd target, # only nosotros are using a service since targets cannot be reloaded.  [Unit] Description=OpenVPN service Later on=network.target  [Service] Type=oneshot RemainAfterExit=yep ExecStart=/bin/true ExecReload=/bin/truthful WorkingDirectory=/etc/openvpn  [Install] WantedBy=multi-user.target

Openvpn client template(openvpn@.service)

Code: Select all

                  [Unit] Description=OpenVPN connection to %i PartOf=openvpn.service ReloadPropagatedFrom=openvpn.service  [Service] Blazon=forking ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf ExecReload=/bin/kill -HUP $MAINPID WorkingDirectory=/etc/openvpn  [Install] WantedBy=multi-user.target
robertas
OpenVpn Newbie
Posts: 7
Joined: Wed May 18, 2016 12:58 pm

Re: could non read Auth username from stdin

Post by robertas » Friday May twenty, 2016 11:47 am

And accented path didn't work, so I'g will be building openvpn from source through the weekend.

User avatar

Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: could not read Auth username from stdin

Post by Traffic » Friday May xx, 2016 1:31 pm

robertas wrote:I've setup a service on a debian

robertas wrote:I am using standard openvpn installation on centos seven

which is it ? be specific ..

robertas
OpenVpn Newbie
Posts: 7
Joined: Wed May 18, 2016 12:58 pm

Re: could not read Auth username from stdin

Mail service by robertas » Fri May twenty, 2016 5:47 pm

Sorry for messing that upward, I'thou using debian 8.

Just tried passing passing pkcs12 and tls-auth options using accented paths(previously tried adding absolute path to auth-user-pass) which didn't help either.

It takes an hour to debug it, so its quite ho-hum process. Side by side I'chiliad trying to launch openvpn --config client.conf to rule out if it's the service problem or the configuration.

robertas
OpenVpn Newbie
Posts: seven
Joined: Wed May 18, 2016 12:58 pm

Re: could not read Auth username from stdin

Mail by robertas » Sabbatum May 21, 2016 12:24 pm

Merely upgraded to two.3.eleven and it is working! Thanks for your assist!

User avatar

Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: could non read Auth username from stdin

Postal service by Traffic » Sat May 21, 2016 3:46 pm

Excellent .. cheers for letting united states of america know the solution 8-)

I wait it was an old compile time setting in the version y'all were using.