Automatically adding user and password to openvpn script

I have a working script, which allows me to do a vpn connection. It looks like this:

openvpn --config VPNBook.com-OpenVPN-Euro1/vpnbook-euro1-tcp443.ovpn

All is good, but I have to input the publicly available vpn and password every time I run this script. (Don’t worry, I’m not going to do banking or anything serious over a free VPN, this is more for learning).

This is the username and the password available publicly on their website:

Username: vpnbook

Password: he2qv5h

After firing up, the script prompts me for username and password which now I need to copy and paste. 

Tue Aug 15 11:54:51 2017 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Enter Auth Username: vpnbook
Enter Auth Password:

Is there a way of doing it so the script inputs the values on its own?

I tried echoing it, but it isn’t that easy.

Or do I have to edit the command itself, somewhere in the files? If yes, can someone point me in the right direction for doing it?

Asked By: Alex Ironside

||
Source

You have two choices, one is to use a file containing username and password in clear text (not recommended) the other is using certificate authentication.

To use username and password in a file, use --auth-user-pass <file> where <file> is as Jesse_b proposed a file containing username on first line, password on second (community.openvpn.net/openvpn/wiki/Openvpn23ManPage).

However, I think this is bad practice (REALLY!!!!!!!!), you are better off doing certificate authentication, that way, even IF your certificate is retrieved by a 3rd party, they will at least not be able to change the user’s password without the root password and many more things, especially if you have sudo and your user is on the sudoers list etc …

Read: https://openvpn.net/community-resources/how-to/#setting-up-your-own-certificate-authority-ca-and-generating-certificates-and-keys-for-an-openvpn-server-and-multiple-clients

You need a to issue the following:

init config

Next, initialize the PKI. On Linux/BSD/Unix:

. ./vars
./clean-all
./build-ca

On Windows:

vars
clean-all
build-ca

Note that in the above sequence, most queried parameters were defaulted to the values set in the vars or vars.bat files. The only parameter which must be explicitly entered is the Common Name.

Next, we will generate a certificate and private key for the server. On Linux/BSD/Unix:

./build-key-server server

On Windows:

build-key-server server

Generating client certificates is very similar to the previous step. On Linux/BSD/Unix:

./build-key client1
./build-key client2
./build-key client3

On Windows:

build-key client1
build-key client2
build-key client3

Remember that for each client, make sure to type the appropriate Common Name when prompted, i.e. “client1”, “client2”, or “client3”. Always use a unique common name for each client.

This is easy and so much more secure than using a password with plain text username and password, believe me, please!

Answered By: thecarpy
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.