Received: (at 39660) by debbugs.gnu.org; 23 Feb 2020 19:33:40 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 23 14:33:40 2020 Received: from localhost ([127.0.0.1]:51622 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1j5x0V-0004ln-It for submit <at> debbugs.gnu.org; Sun, 23 Feb 2020 14:33:40 -0500 Received: from mx2.dismail.de ([159.69.191.136]:16999) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jbranso@HIDDEN>) id 1j5x0U-0004la-4A for 39660 <at> debbugs.gnu.org; Sun, 23 Feb 2020 14:33:38 -0500 Received: from mx2.dismail.de (localhost [127.0.0.1]) by mx2.dismail.de (OpenSMTPD) with ESMTP id 30dabe3a for <39660 <at> debbugs.gnu.org>; Sun, 23 Feb 2020 20:33:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date :message-id:from:to; s=20190914; bh=y7IBIoP278TOCrNhvCC71yx0XdDA iXiFKZ4/ft1vLeI=; b=KCwiKq4HzVyR+HMmxbDjneIHgf28kbK2a89+BXy3I+Qo lcUQV8LL0h8wyPDMWGAPO3v/jCZeLpCqDF/2dsYiN3urMxTXBqkmYU2427ZvPg31 GPtLTCSr6Z62XD5DqwikJs9UCU4kcutrkXMt7hhZCDnOFT/pdi21kufw36IRWBA5 QyEaIPRHTS4mHSQRTGci0Ji9czuqjZ2wyJbc4TqiLTlGSjeM29K20ZOG5lDft1sa 6eVi1npIsGqxApLKk6glKtLZeWvZSSFZmhmqw74iTwlurdZuz223EmIj2TR4y3SO Dq3A3fBLXb0YI3KzvpGVswFMtBPXWVKsajVT/0M8ZA== Received: from smtp1.dismail.de (<unknown> [10.240.26.11]) by mx2.dismail.de (OpenSMTPD) with ESMTP id 1b2ec4d1 for <39660 <at> debbugs.gnu.org>; Sun, 23 Feb 2020 20:33:31 +0100 (CET) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 2c04a268 for <39660 <at> debbugs.gnu.org>; Sun, 23 Feb 2020 20:33:31 +0100 (CET) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 36486556 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <39660 <at> debbugs.gnu.org>; Sun, 23 Feb 2020 20:33:30 +0100 (CET) Date: Sun, 23 Feb 2020 14:33:28 -0500 Message-Id: <86k14d9jzr.fsf@HIDDEN> From: Joshua Branson <jbranso@HIDDEN> To: 39660 <at> debbugs.gnu.org X-Spam-Score: -0.3 (/) X-Debbugs-Envelope-To: 39660 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.3 (-) >> >>- [ ] "persist-key" >>- [ ] "persist-tun" >We already have both of them. Are they not documented? They should be >persist-key? and persist-tun? respectively. That was my mistake. Please ignore that. They are documented sir. (sorry Military school). >>- [ ] "remote-random" >>- [ ] "pull" >>- [X] "comp-lzo no" >>- [ ] "tls-client" does tls-auth provide this option??? >tls-auth and tls-client are different options. tls-client replaces the client >directive we currently generate for all openvpn-client-configuration. When I look at my currently generated openvpn configuration file I see: #+BEGIN_SRC joshua@dobby ~/prog/guile/guix-config$ cat /gnu/store/nm4dvmsffrghdxjlqj712qhrv6w4fd4m-openvpn.conf client proto udp dev tun ca /home/joshua/prog/guile/guix-config/vpn/ca2.crt cert /home/joshua/prog/guile/guix-config/vpn/client.crt key /home/joshua/prog/guile/guix-config/vpn/client.key persist-key persist-tun fast-io verb 3 auth-user-pass /home/joshua/prog/guile/guix-config/vpn/login.conf remote-cert-tls server nobind resolv-retry infinite remote asecretremote.com 1195 #+END_SRC I do not see the "tls-client" option, but my working vpn client configuration file has "tls-client" in it. My current vpn configuration is: (openvpn-client-service #:config (let ([base-dir "/home/joshua/prog/guile/guix-config/vpn/"]) (openvpn-client-configuration (auth-user-pass (string-append base-dir "login.conf")) (ca (string-append base-dir "ca2.crt")) (cert (string-append base-dir "client.crt")) (key (string-append base-dir "client.key")) ;; the expressvpn file I use disables lzo compression (comp-lzo? #f) (fast-io? #t) (remote (list (openvpn-remote-configuration (name "asecretremote.com") (port 1195))))))) Also, I can confirm that your auth-user-pass does work. Thanks, Joshua
bug-guix@HIDDEN
:bug#39660
; Package guix
.
Full text available.Received: (at 39660) by debbugs.gnu.org; 21 Feb 2020 17:27:31 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 21 12:27:31 2020 Received: from localhost ([127.0.0.1]:48020 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1j5C5L-0002HQ-FD for submit <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:27:31 -0500 Received: from lepiller.eu ([89.234.186.109]:50392) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <julien@HIDDEN>) id 1j5C5I-0002HF-0d for 39660 <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:27:30 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 46026b17; Fri, 21 Feb 2020 17:27:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=2lnDZ1b5G9A/WgbVMjU19LfmF3c=; b=PXCO4ikElm1AlT+OsZ2g0qSVRljR lK8SuZmuK6jr7l/torpGunBBG+Gk2g2SnHyibLjTDLhnny8+j8aNKXKteLIcRdkM NecmNGOo7MBK6u1sEswG3OCxDJFCwKiXDDr5UWuF6Dm2lTXitih2SK7XjcgshY8R gCzfWeCfibtho7KCNUrZQDbdBCxMKSO8ymWBgd4CA7iti4ccHofbPnpKgwXnv570 lJaghv02JAHXaECpytnDae1dwk7rLLAdMI5U5V/yVXgwrG52OjcaP+wwoCJ5VNFN QFvn+2nzxx0y92g6h/+u+po3TXDhfu3SSxhZwKalSs1+qjwQlgRI3gYfLQ== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id ba2312ed (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Fri, 21 Feb 2020 17:27:23 +0000 (UTC) Date: Fri, 21 Feb 2020 12:27:11 -0500 User-Agent: K-9 Mail for Android In-Reply-To: <8636b33lyj.fsf@HIDDEN> References: <86pnec9cs5.fsf@HIDDEN> <8636b33lyj.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: bug#39660: openvpn-client-service does not support auth-user-pass To: Joshua Branson <jbranso@HIDDEN>, Joshua Branson via Bug reports for GNU Guix <bug-guix@HIDDEN>, 39660 <at> debbugs.gnu.org From: Julien Lepiller <julien@HIDDEN> Message-ID: <9BF96819-AE31-4DA1-9D0D-44B749992914@HIDDEN> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 39660 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Le 21 f=C3=A9vrier 2020 12:10:44 GMT-05:00, Joshua Branson via Bug reports = for GNU Guix <bug-guix@gnu=2Eorg> a =C3=A9crit : > >Julien and I discussed on irc that guix currently does not have a >method of generating my config file=2E Here is just an updated list of >the options that I (and possibly others) may need or want=2E > >#+BEGIN_SRC org >These are all the options that my config file has=2E If the box does >not have an X, then we should add this in the service definition=2E > >- [ ] "persist-key" >- [ ] "persist-tun" We already have both of them=2E Are they not documented? They should be pe= rsist-key? and persist-tun? respectively=2E >- [ ] "remote-random" >- [ ] "pull" >- [X] "comp-lzo no" >- [ ] "tls-client" does tls-auth provide this option??? tls-auth and tls-client are different options=2E tls-client replaces the c= lient directive we currently generate for all openvpn-client-configuration= =2E >- [ ] "verify-x509-name Server name-prefix" >- [ ] "ns-cert-type server" This is possibly deprecated? >- [ ] "key-direction 1" This is another way of specifying tls-auth? >- [X] "route-method exe" This is only useful on Windows=2E >- [ ] "route-delay 2" >- [X] "tun-mtu 1500" The documentation says most cases=2E=2E=2EI should > leave this to it's default parameter=2E So unless needed, we probably > shouldn't need to add it to guix=2E > =20 >- The next two options only make sense when we are using the protocol > udp=2E We should probably specify them someway that you can only use > them if protocol is upd=2E Something like: > > #+BEGIN_SRC scheme > (proto udp > (upd-options > (fragment 1300) > (mssfix 1200)) > #+END_SRC > >- [X] "fragment 1300" >- [X] "mssfix 1200" > > >- [ ] "cipher AES-256-CBC" >- [X] keysize 256 deprecated=2E Do not need=2E and my key size is the >cipher size anyway=2E The documentation does not reccommend manually >changing your keysize=2E >- [X] auth SHA512 I have no idea where this is in the documentation >- [X] sndbuf 524288 The documentation says that the default should >work=2E >- [X] rcvbuf 524288 as above >- [X] auth-user-pass login=2Econf >#+END_SRC > >We should also probably allow a file option=2E Some users may have a >working file=2E Perhaps we should support this: > >#+BEGIN_SRC scheme >(openvpn-client-service > #:file "/path/to/openvpn=2Econf") >#+END_SRC > >Joshua
bug-guix@HIDDEN
:bug#39660
; Package guix
.
Full text available.Received: (at submit) by debbugs.gnu.org; 21 Feb 2020 17:27:42 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 21 12:27:42 2020 Received: from localhost ([127.0.0.1]:48028 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1j5C5W-0002IC-6n for submit <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:27:42 -0500 Received: from lists.gnu.org ([209.51.188.17]:36074) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <julien@HIDDEN>) id 1j5C5O-0002Hi-2j for submit <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:27:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:37428) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <julien@HIDDEN>) id 1j5C5M-0004xN-Sw for bug-guix@HIDDEN; Fri, 21 Feb 2020 12:27:33 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <julien@HIDDEN>) id 1j5C5L-0006F0-Ht for bug-guix@HIDDEN; Fri, 21 Feb 2020 12:27:32 -0500 Received: from lepiller.eu ([2a00:5884:8208::1]:38732) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <julien@HIDDEN>) id 1j5C5K-0006DL-Tv for bug-guix@HIDDEN; Fri, 21 Feb 2020 12:27:31 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 46026b17; Fri, 21 Feb 2020 17:27:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=2lnDZ1b5G9A/WgbVMjU19LfmF3c=; b=PXCO4ikElm1AlT+OsZ2g0qSVRljR lK8SuZmuK6jr7l/torpGunBBG+Gk2g2SnHyibLjTDLhnny8+j8aNKXKteLIcRdkM NecmNGOo7MBK6u1sEswG3OCxDJFCwKiXDDr5UWuF6Dm2lTXitih2SK7XjcgshY8R gCzfWeCfibtho7KCNUrZQDbdBCxMKSO8ymWBgd4CA7iti4ccHofbPnpKgwXnv570 lJaghv02JAHXaECpytnDae1dwk7rLLAdMI5U5V/yVXgwrG52OjcaP+wwoCJ5VNFN QFvn+2nzxx0y92g6h/+u+po3TXDhfu3SSxhZwKalSs1+qjwQlgRI3gYfLQ== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id ba2312ed (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Fri, 21 Feb 2020 17:27:23 +0000 (UTC) Date: Fri, 21 Feb 2020 12:27:11 -0500 User-Agent: K-9 Mail for Android In-Reply-To: <8636b33lyj.fsf@HIDDEN> References: <86pnec9cs5.fsf@HIDDEN> <8636b33lyj.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: bug#39660: openvpn-client-service does not support auth-user-pass To: Joshua Branson <jbranso@HIDDEN>, Joshua Branson via Bug reports for GNU Guix <bug-guix@HIDDEN>, 39660 <at> debbugs.gnu.org From: Julien Lepiller <julien@HIDDEN> Message-ID: <9BF96819-AE31-4DA1-9D0D-44B749992914@HIDDEN> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:5884:8208::1 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Le 21 f=C3=A9vrier 2020 12:10:44 GMT-05:00, Joshua Branson via Bug reports = for GNU Guix <bug-guix@gnu=2Eorg> a =C3=A9crit : > >Julien and I discussed on irc that guix currently does not have a >method of generating my config file=2E Here is just an updated list of >the options that I (and possibly others) may need or want=2E > >#+BEGIN_SRC org >These are all the options that my config file has=2E If the box does >not have an X, then we should add this in the service definition=2E > >- [ ] "persist-key" >- [ ] "persist-tun" We already have both of them=2E Are they not documented? They should be pe= rsist-key? and persist-tun? respectively=2E >- [ ] "remote-random" >- [ ] "pull" >- [X] "comp-lzo no" >- [ ] "tls-client" does tls-auth provide this option??? tls-auth and tls-client are different options=2E tls-client replaces the c= lient directive we currently generate for all openvpn-client-configuration= =2E >- [ ] "verify-x509-name Server name-prefix" >- [ ] "ns-cert-type server" This is possibly deprecated? >- [ ] "key-direction 1" This is another way of specifying tls-auth? >- [X] "route-method exe" This is only useful on Windows=2E >- [ ] "route-delay 2" >- [X] "tun-mtu 1500" The documentation says most cases=2E=2E=2EI should > leave this to it's default parameter=2E So unless needed, we probably > shouldn't need to add it to guix=2E > =20 >- The next two options only make sense when we are using the protocol > udp=2E We should probably specify them someway that you can only use > them if protocol is upd=2E Something like: > > #+BEGIN_SRC scheme > (proto udp > (upd-options > (fragment 1300) > (mssfix 1200)) > #+END_SRC > >- [X] "fragment 1300" >- [X] "mssfix 1200" > > >- [ ] "cipher AES-256-CBC" >- [X] keysize 256 deprecated=2E Do not need=2E and my key size is the >cipher size anyway=2E The documentation does not reccommend manually >changing your keysize=2E >- [X] auth SHA512 I have no idea where this is in the documentation >- [X] sndbuf 524288 The documentation says that the default should >work=2E >- [X] rcvbuf 524288 as above >- [X] auth-user-pass login=2Econf >#+END_SRC > >We should also probably allow a file option=2E Some users may have a >working file=2E Perhaps we should support this: > >#+BEGIN_SRC scheme >(openvpn-client-service > #:file "/path/to/openvpn=2Econf") >#+END_SRC > >Joshua
bug-guix@HIDDEN
:bug#39660
; Package guix
.
Full text available.Received: (at 39660) by debbugs.gnu.org; 21 Feb 2020 17:10:57 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 21 12:10:57 2020 Received: from localhost ([127.0.0.1]:48005 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1j5BpJ-0001qz-Ef for submit <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:10:57 -0500 Received: from mx2.dismail.de ([159.69.191.136]:12410) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jbranso@HIDDEN>) id 1j5BpH-0001ql-5p for 39660 <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:10:56 -0500 Received: from mx2.dismail.de (localhost [127.0.0.1]) by mx2.dismail.de (OpenSMTPD) with ESMTP id eb787a6e for <39660 <at> debbugs.gnu.org>; Fri, 21 Feb 2020 18:10:48 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date :message-id:from:to:subject; s=20190914; bh=P0vIAZ88XOsd9TC8AuaE oqHG8TIYCJs/9aDI6RiORh0=; b=WIdp1UYO4Yzge6AD38HXH/9xkQWNzuY2iIS4 yjDIGjf3iXOMPxcRlWlu4RB022uSCSHDag34ImpgflWp0fVJ6R+3TKcd/aUOEjFA 7T5nTSurZC+aL3d5He/dH8eSba6fiXgk9uXFZq9OasiBKU8V2A0ZjRoj1n4Zf7kQ VxiHrLKQu+9Lqvx9tUanzlN1PPVkaPnR4Zv80e7UyFRj9GrYjJVeHlkqhlbieeh8 WuLZZ0Uyp448NgDpzXo//d+aRM6ZwCw/fqmVHLXeBQIBpmoymUYB3e23IRwMd261 EaMYBd5CcNgPnTYLSpW7L3JngLwDhjdqsJkWbod3LoPPF9yFgA== Received: from smtp2.dismail.de (<unknown> [10.240.26.12]) by mx2.dismail.de (OpenSMTPD) with ESMTP id 513365ce for <39660 <at> debbugs.gnu.org>; Fri, 21 Feb 2020 18:10:48 +0100 (CET) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id b9037d49 for <39660 <at> debbugs.gnu.org>; Fri, 21 Feb 2020 18:10:48 +0100 (CET) Received: by dismail.de (OpenSMTPD) with ESMTPSA id f15a53e7 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <39660 <at> debbugs.gnu.org>; Fri, 21 Feb 2020 18:10:47 +0100 (CET) Date: Fri, 21 Feb 2020 12:10:44 -0500 Message-Id: <8636b33lyj.fsf@HIDDEN> From: Joshua Branson <jbranso@HIDDEN> To: 39660 <at> debbugs.gnu.org Subject: openvpn-client-service does not support auth-user-pass X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 39660 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Julien and I discussed on irc that guix currently does not have a method of generating my config file. Here is just an updated list of the options that I (and possibly others) may need or want. #+BEGIN_SRC org These are all the options that my config file has. If the box does not have an X, then we should add this in the service definition. - [ ] "persist-key" - [ ] "persist-tun" - [ ] "remote-random" - [ ] "pull" - [X] "comp-lzo no" - [ ] "tls-client" does tls-auth provide this option??? - [ ] "verify-x509-name Server name-prefix" - [ ] "ns-cert-type server" This is possibly deprecated? - [ ] "key-direction 1" This is another way of specifying tls-auth? - [X] "route-method exe" This is only useful on Windows. - [ ] "route-delay 2" - [X] "tun-mtu 1500" The documentation says most cases...I should leave this to it's default parameter. So unless needed, we probably shouldn't need to add it to guix. - The next two options only make sense when we are using the protocol udp. We should probably specify them someway that you can only use them if protocol is upd. Something like: #+BEGIN_SRC scheme (proto udp (upd-options (fragment 1300) (mssfix 1200)) #+END_SRC - [X] "fragment 1300" - [X] "mssfix 1200" - [ ] "cipher AES-256-CBC" - [X] keysize 256 deprecated. Do not need. and my key size is the cipher size anyway. The documentation does not reccommend manually changing your keysize. - [X] auth SHA512 I have no idea where this is in the documentation - [X] sndbuf 524288 The documentation says that the default should work. - [X] rcvbuf 524288 as above - [X] auth-user-pass login.conf #+END_SRC We should also probably allow a file option. Some users may have a working file. Perhaps we should support this: #+BEGIN_SRC scheme (openvpn-client-service #:file "/path/to/openvpn.conf") #+END_SRC Joshua
bug-guix@HIDDEN
:bug#39660
; Package guix
.
Full text available.Received: (at submit) by debbugs.gnu.org; 19 Feb 2020 03:15:08 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 18 22:15:08 2020 Received: from localhost ([127.0.0.1]:41528 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1j4FpI-0005CL-6i for submit <at> debbugs.gnu.org; Tue, 18 Feb 2020 22:15:08 -0500 Received: from lists.gnu.org ([209.51.188.17]:35687) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <julien@HIDDEN>) id 1j4FpG-0005C2-V6 for submit <at> debbugs.gnu.org; Tue, 18 Feb 2020 22:15:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:34139) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <julien@HIDDEN>) id 1j4FpF-0007zZ-GE for bug-guix@HIDDEN; Tue, 18 Feb 2020 22:15:02 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <julien@HIDDEN>) id 1j4FpD-0007ok-Tr for bug-guix@HIDDEN; Tue, 18 Feb 2020 22:15:01 -0500 Received: from lepiller.eu ([89.234.186.109]:52104) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <julien@HIDDEN>) id 1j4FpD-0007n8-AU for bug-guix@HIDDEN; Tue, 18 Feb 2020 22:14:59 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 60eaffb5; Wed, 19 Feb 2020 03:14:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=7zdWCwMBnJoI3yM5oBuLq14TvMs=; b=FSeIsVJsGDanYlzVJZM0CY17esy4 jcxo64D4la0gSrQT5f1obvB/Ps93dIe42tlhCY1BhnIKwnuRNRGBcFuM3BpPyTBL /51weHmS1z/Ob+Y4vrYxGhavRQmo1qgxClTiVsbavskpKF4MRXmRFOqL0+Xc49pw V4S62EIHoUBcRexUQgACSqevQLZfT4Cx/OgwZU4igLGaM751iU8li58WBtyLO6XG p5hdCI7d/PO7pRqTjqvbpEy9U2O0WXwdh3Gag3BcC4AFVGNSvmh4VAfR9bHw4Lna 4vgNsndWwlgpZ5a8M0pnBZzvhFW6pZ22/mZM+mnXuBUChZWAl3UaBR33Xw== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 71f1137b (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Wed, 19 Feb 2020 03:14:53 +0000 (UTC) Date: Tue, 18 Feb 2020 22:14:28 -0500 User-Agent: K-9 Mail for Android In-Reply-To: <86pnec9cs5.fsf@HIDDEN> References: <86pnec9cs5.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: bug#39660: openvpn-client-service does not support auth-user-pass To: Joshua Branson <jbranso@HIDDEN>, Joshua Branson via Bug reports for GNU Guix <bug-guix@HIDDEN>, 39660 <at> debbugs.gnu.org From: Julien Lepiller <julien@HIDDEN> Message-ID: <CA67AAE3-527C-4D1C-B5F0-09BDA1888B51@HIDDEN> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 89.234.186.109 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Le 18 f=C3=A9vrier 2020 09:43:22 GMT-05:00, Joshua Branson via Bug reports = for GNU Guix <bug-guix@gnu=2Eorg> a =C3=A9crit : > >Hello, > >I recently bought a vpn service from expressvpn=2E They have a closed >source app to connect, but of course we do not want to use that=2E >Luckily, they allow a manual connection via openvpn=2E I downloaded >their script to manually connect=2E It looks like they require all >manual connections to authenticate via a username and password=2E > >Their support team told me that the manually connection must >authenticate via a username and password=2E They do not support any >other manual connection=2E Guix's openvpn-client-service does not >support authenticating via a username and password=2E > >According to this forum thread >(https://forums=2Eopenvpn=2Enet/viewtopic=2Ephp?t=3D11342), I was able to >manually connect to expressvpn=2E via "sudo expressvpn >my_expressvpn_<countryname>=2Eovpn"=2E by changing > >"auth-user-pass" to "auth-user-pass login=2Econf"=2E > >login=2Econf looks like > >#+BEGIN_SRC text >username >password >#+END_SRC > >The express vpn file that I downloaded looks like this: > >#+BEGIN_SRC text >dev tun >fast-io >persist-key >persist-tun >nobind >remote someaddress=2Eexpressnetw=2Ecom 1195 > >remote-random >pull >comp-lzo no >tls-client >verify-x509-name Server name-prefix >ns-cert-type server >key-direction 1 >route-method exe >route-delay 2 >tun-mtu 1500 >fragment 1300 >mssfix 1200 >verb 3 >cipher AES-256-CBC >keysize 256 >auth SHA512 >sndbuf 524288 >rcvbuf 524288 >auth-user-pass login=2Econf > ><cert> >-----BEGIN CERTIFICATE----- >secret info >-----END CERTIFICATE----- ></cert> ><key> >-----BEGIN RSA PRIVATE KEY----- >secret info >-----END RSA PRIVATE KEY----- ></key> ><tls-auth> ># ># 2048 bit OpenVPN static key ># >-----BEGIN OpenVPN Static key V1----- >secret info >-----END OpenVPN Static key V1----- ></tls-auth> ><ca> >-----BEGIN CERTIFICATE----- >secret info >-----END CERTIFICATE----- ></ca> >#+END_SRC > >A solution would be to modify our current openvpn-client-service to >allow authentication via a username and password, or to supply a >configuration file=2E > >Also it looks like expressvpn may one day move to wireguard: > >https://www=2Eexpressvpn=2Ecom/blog/expressvpn-wireguard-update/ > > >I hope this helps! > >Thanks, > >Joshua Hi, I just pushed a change to master: the openvpn-client-configuration now= accepts a auth-user-pass parameter ohich should be a string repnesenting t= he file path of your login=2Econf=2E I also added fast-io (not set by defau= lt, experimental and probably useless on GNU/Linux, according to the openvp= n manual)=2E Some of your options might be missing, but I think you now hav= e the requirel part of your config available in the service definition!
bug-guix@HIDDEN
:bug#39660
; Package guix
.
Full text available.Received: (at 39660) by debbugs.gnu.org; 19 Feb 2020 03:14:59 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 18 22:14:59 2020 Received: from localhost ([127.0.0.1]:41524 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1j4FpC-0005B9-S4 for submit <at> debbugs.gnu.org; Tue, 18 Feb 2020 22:14:59 -0500 Received: from lepiller.eu ([89.234.186.109]:46192) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <julien@HIDDEN>) id 1j4FpA-0005B0-6a for 39660 <at> debbugs.gnu.org; Tue, 18 Feb 2020 22:14:57 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 60eaffb5; Wed, 19 Feb 2020 03:14:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=7zdWCwMBnJoI3yM5oBuLq14TvMs=; b=FSeIsVJsGDanYlzVJZM0CY17esy4 jcxo64D4la0gSrQT5f1obvB/Ps93dIe42tlhCY1BhnIKwnuRNRGBcFuM3BpPyTBL /51weHmS1z/Ob+Y4vrYxGhavRQmo1qgxClTiVsbavskpKF4MRXmRFOqL0+Xc49pw V4S62EIHoUBcRexUQgACSqevQLZfT4Cx/OgwZU4igLGaM751iU8li58WBtyLO6XG p5hdCI7d/PO7pRqTjqvbpEy9U2O0WXwdh3Gag3BcC4AFVGNSvmh4VAfR9bHw4Lna 4vgNsndWwlgpZ5a8M0pnBZzvhFW6pZ22/mZM+mnXuBUChZWAl3UaBR33Xw== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 71f1137b (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Wed, 19 Feb 2020 03:14:53 +0000 (UTC) Date: Tue, 18 Feb 2020 22:14:28 -0500 User-Agent: K-9 Mail for Android In-Reply-To: <86pnec9cs5.fsf@HIDDEN> References: <86pnec9cs5.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: bug#39660: openvpn-client-service does not support auth-user-pass To: Joshua Branson <jbranso@HIDDEN>, Joshua Branson via Bug reports for GNU Guix <bug-guix@HIDDEN>, 39660 <at> debbugs.gnu.org From: Julien Lepiller <julien@HIDDEN> Message-ID: <CA67AAE3-527C-4D1C-B5F0-09BDA1888B51@HIDDEN> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 39660 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Le 18 f=C3=A9vrier 2020 09:43:22 GMT-05:00, Joshua Branson via Bug reports = for GNU Guix <bug-guix@gnu=2Eorg> a =C3=A9crit : > >Hello, > >I recently bought a vpn service from expressvpn=2E They have a closed >source app to connect, but of course we do not want to use that=2E >Luckily, they allow a manual connection via openvpn=2E I downloaded >their script to manually connect=2E It looks like they require all >manual connections to authenticate via a username and password=2E > >Their support team told me that the manually connection must >authenticate via a username and password=2E They do not support any >other manual connection=2E Guix's openvpn-client-service does not >support authenticating via a username and password=2E > >According to this forum thread >(https://forums=2Eopenvpn=2Enet/viewtopic=2Ephp?t=3D11342), I was able to >manually connect to expressvpn=2E via "sudo expressvpn >my_expressvpn_<countryname>=2Eovpn"=2E by changing > >"auth-user-pass" to "auth-user-pass login=2Econf"=2E > >login=2Econf looks like > >#+BEGIN_SRC text >username >password >#+END_SRC > >The express vpn file that I downloaded looks like this: > >#+BEGIN_SRC text >dev tun >fast-io >persist-key >persist-tun >nobind >remote someaddress=2Eexpressnetw=2Ecom 1195 > >remote-random >pull >comp-lzo no >tls-client >verify-x509-name Server name-prefix >ns-cert-type server >key-direction 1 >route-method exe >route-delay 2 >tun-mtu 1500 >fragment 1300 >mssfix 1200 >verb 3 >cipher AES-256-CBC >keysize 256 >auth SHA512 >sndbuf 524288 >rcvbuf 524288 >auth-user-pass login=2Econf > ><cert> >-----BEGIN CERTIFICATE----- >secret info >-----END CERTIFICATE----- ></cert> ><key> >-----BEGIN RSA PRIVATE KEY----- >secret info >-----END RSA PRIVATE KEY----- ></key> ><tls-auth> ># ># 2048 bit OpenVPN static key ># >-----BEGIN OpenVPN Static key V1----- >secret info >-----END OpenVPN Static key V1----- ></tls-auth> ><ca> >-----BEGIN CERTIFICATE----- >secret info >-----END CERTIFICATE----- ></ca> >#+END_SRC > >A solution would be to modify our current openvpn-client-service to >allow authentication via a username and password, or to supply a >configuration file=2E > >Also it looks like expressvpn may one day move to wireguard: > >https://www=2Eexpressvpn=2Ecom/blog/expressvpn-wireguard-update/ > > >I hope this helps! > >Thanks, > >Joshua Hi, I just pushed a change to master: the openvpn-client-configuration now= accepts a auth-user-pass parameter ohich should be a string repnesenting t= he file path of your login=2Econf=2E I also added fast-io (not set by defau= lt, experimental and probably useless on GNU/Linux, according to the openvp= n manual)=2E Some of your options might be missing, but I think you now hav= e the requirel part of your config available in the service definition!
bug-guix@HIDDEN
:bug#39660
; Package guix
.
Full text available.Received: (at submit) by debbugs.gnu.org; 18 Feb 2020 14:43:37 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 18 09:43:37 2020 Received: from localhost ([127.0.0.1]:39768 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1j4465-00019S-4Q for submit <at> debbugs.gnu.org; Tue, 18 Feb 2020 09:43:37 -0500 Received: from lists.gnu.org ([209.51.188.17]:46085) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jbranso@HIDDEN>) id 1j4462-00019K-Ri for submit <at> debbugs.gnu.org; Tue, 18 Feb 2020 09:43:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:58980) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <jbranso@HIDDEN>) id 1j4461-0003GS-7m for bug-guix@HIDDEN; Tue, 18 Feb 2020 09:43:34 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_MED, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <jbranso@HIDDEN>) id 1j4460-000196-0p for bug-guix@HIDDEN; Tue, 18 Feb 2020 09:43:33 -0500 Received: from mx1.dismail.de ([78.46.223.134]:16053) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <jbranso@HIDDEN>) id 1j445z-00016E-F8 for bug-guix@HIDDEN; Tue, 18 Feb 2020 09:43:31 -0500 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 14f9fdf7 for <bug-guix@HIDDEN>; Tue, 18 Feb 2020 15:43:26 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date :message-id:from:to:subject; s=20190914; bh=2s/eNIiWCA0H7rpOAreY qg6W1tULAMTXAnaNaV7qU+U=; b=pt8lnfxK4zMLz5z4r8qkRUYu/bLrszZ4ZSOn cRtraOizKVPYlOMcDe/rRFOzjYvuwq2x/6qkZV7mpUVOWtor3NS9rEtruBVw+H+D 2xU0pik/22JlVSWyv/+QM77NVBlUgfLfxNBsTuZpX6+Uijo32oNbpNrBB8ahE3Aq WDcyfbL0x5K1h8E9O5X6k1eewbzo9d+oFCsOfEk13otbq/Lf0VWIhK3OpJEh5pXR RZGMWG70TGggIKicU+c5kM20O8ekaVucISTP5P5qor6dLPOa7YDgtPXxo6TFAJEd QKCCDXyHKEqeiO8Qdy+fEX82l4H4z6pOj18WYfu2LKhOVv5BPg== Received: from smtp1.dismail.de (<unknown> [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id fb37472c for <bug-guix@HIDDEN>; Tue, 18 Feb 2020 15:43:26 +0100 (CET) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 90645ab1 for <bug-guix@HIDDEN>; Tue, 18 Feb 2020 15:43:26 +0100 (CET) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 1e4d07e4 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <bug-guix@HIDDEN>; Tue, 18 Feb 2020 15:43:25 +0100 (CET) Date: Tue, 18 Feb 2020 09:43:22 -0500 Message-Id: <86pnec9cs5.fsf@HIDDEN> From: Joshua Branson <jbranso@HIDDEN> To: bug-guix@HIDDEN Subject: openvpn-client-service does not support auth-user-pass X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 78.46.223.134 X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.8 (/) Hello, I recently bought a vpn service from expressvpn. They have a closed source app to connect, but of course we do not want to use that. Luckily, they allow a manual connection via openvpn. I downloaded their script to manually connect. It looks like they require all manual connections to authenticate via a username and password. Their support team told me that the manually connection must authenticate via a username and password. They do not support any other manual connection. Guix's openvpn-client-service does not support authenticating via a username and password. According to this forum thread (https://forums.openvpn.net/viewtopic.php?t=11342), I was able to manually connect to expressvpn. via "sudo expressvpn my_expressvpn_<countryname>.ovpn". by changing "auth-user-pass" to "auth-user-pass login.conf". login.conf looks like #+BEGIN_SRC text username password #+END_SRC The express vpn file that I downloaded looks like this: #+BEGIN_SRC text dev tun fast-io persist-key persist-tun nobind remote someaddress.expressnetw.com 1195 remote-random pull comp-lzo no tls-client verify-x509-name Server name-prefix ns-cert-type server key-direction 1 route-method exe route-delay 2 tun-mtu 1500 fragment 1300 mssfix 1200 verb 3 cipher AES-256-CBC keysize 256 auth SHA512 sndbuf 524288 rcvbuf 524288 auth-user-pass login.conf <cert> -----BEGIN CERTIFICATE----- secret info -----END CERTIFICATE----- </cert> <key> -----BEGIN RSA PRIVATE KEY----- secret info -----END RSA PRIVATE KEY----- </key> <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- secret info -----END OpenVPN Static key V1----- </tls-auth> <ca> -----BEGIN CERTIFICATE----- secret info -----END CERTIFICATE----- </ca> #+END_SRC A solution would be to modify our current openvpn-client-service to allow authentication via a username and password, or to supply a configuration file. Also it looks like expressvpn may one day move to wireguard: https://www.expressvpn.com/blog/expressvpn-wireguard-update/ I hope this helps! Thanks, Joshua
Joshua Branson <jbranso@HIDDEN>
:bug-guix@HIDDEN
.
Full text available.bug-guix@HIDDEN
:bug#39660
; Package guix
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.