GNU bug report logs - #39660
openvpn-client-service does not support auth-user-pass

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Joshua Branson <jbranso@HIDDEN>; dated Tue, 18 Feb 2020 14:44:01 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 39660 <at> debbugs.gnu.org:

Received: (at 39660) by debbugs.gnu.org; 23 Feb 2020 19:33:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 23 14:33:40 2020
Received: from localhost ([127.0.0.1]:51622 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j5x0V-0004ln-It
	for submit <at> debbugs.gnu.org; Sun, 23 Feb 2020 14:33:40 -0500
Received: from mx2.dismail.de ([159.69.191.136]:16999)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jbranso@HIDDEN>) id 1j5x0U-0004la-4A
 for 39660 <at> debbugs.gnu.org; Sun, 23 Feb 2020 14:33:38 -0500
Received: from mx2.dismail.de (localhost [127.0.0.1])
 by mx2.dismail.de (OpenSMTPD) with ESMTP id 30dabe3a
 for <39660 <at> debbugs.gnu.org>; Sun, 23 Feb 2020 20:33:31 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date
 :message-id:from:to; s=20190914; bh=y7IBIoP278TOCrNhvCC71yx0XdDA
 iXiFKZ4/ft1vLeI=; b=KCwiKq4HzVyR+HMmxbDjneIHgf28kbK2a89+BXy3I+Qo
 lcUQV8LL0h8wyPDMWGAPO3v/jCZeLpCqDF/2dsYiN3urMxTXBqkmYU2427ZvPg31
 GPtLTCSr6Z62XD5DqwikJs9UCU4kcutrkXMt7hhZCDnOFT/pdi21kufw36IRWBA5
 QyEaIPRHTS4mHSQRTGci0Ji9czuqjZ2wyJbc4TqiLTlGSjeM29K20ZOG5lDft1sa
 6eVi1npIsGqxApLKk6glKtLZeWvZSSFZmhmqw74iTwlurdZuz223EmIj2TR4y3SO
 Dq3A3fBLXb0YI3KzvpGVswFMtBPXWVKsajVT/0M8ZA==
Received: from smtp1.dismail.de (<unknown> [10.240.26.11])
 by mx2.dismail.de (OpenSMTPD) with ESMTP id 1b2ec4d1
 for <39660 <at> debbugs.gnu.org>; Sun, 23 Feb 2020 20:33:31 +0100 (CET)
Received: from smtp1.dismail.de (localhost [127.0.0.1])
 by smtp1.dismail.de (OpenSMTPD) with ESMTP id 2c04a268
 for <39660 <at> debbugs.gnu.org>; Sun, 23 Feb 2020 20:33:31 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 36486556
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO)
 for <39660 <at> debbugs.gnu.org>; Sun, 23 Feb 2020 20:33:30 +0100 (CET)
Date: Sun, 23 Feb 2020 14:33:28 -0500
Message-Id: <86k14d9jzr.fsf@HIDDEN>
From: Joshua Branson <jbranso@HIDDEN>
To: 39660 <at> debbugs.gnu.org
X-Spam-Score: -0.3 (/)
X-Debbugs-Envelope-To: 39660
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.3 (-)


>>
>>- [ ] "persist-key"
>>- [ ] "persist-tun"
>We already have both of them. Are they not documented? They should be 
>persist-key? and persist-tun? respectively.

That was my mistake.  Please ignore that.  They are documented sir.
(sorry Military school).

>>- [ ] "remote-random"
>>- [ ] "pull"
>>- [X] "comp-lzo no"
>>- [ ] "tls-client"  does tls-auth provide this option???
>tls-auth and tls-client are different options. tls-client replaces the client 
>directive we currently generate for all openvpn-client-configuration.

When I look at my currently generated openvpn configuration file I see:
#+BEGIN_SRC
joshua@dobby ~/prog/guile/guix-config$ cat /gnu/store/nm4dvmsffrghdxjlqj712qhrv6w4fd4m-openvpn.conf
client
proto udp
dev tun
ca /home/joshua/prog/guile/guix-config/vpn/ca2.crt
cert /home/joshua/prog/guile/guix-config/vpn/client.crt
key /home/joshua/prog/guile/guix-config/vpn/client.key
persist-key 
persist-tun 
fast-io 
verb 3
auth-user-pass /home/joshua/prog/guile/guix-config/vpn/login.conf
remote-cert-tls server
nobind
resolv-retry infinite
remote asecretremote.com 1195
#+END_SRC

I do not see the "tls-client" option, but my working vpn client configuration file has "tls-client" in it.

My current vpn configuration is:

   (openvpn-client-service
    #:config
    (let ([base-dir "/home/joshua/prog/guile/guix-config/vpn/"])
      (openvpn-client-configuration
       (auth-user-pass (string-append base-dir "login.conf"))
       (ca (string-append base-dir "ca2.crt"))
       (cert (string-append base-dir "client.crt"))
       (key (string-append base-dir "client.key"))
       ;; the expressvpn file I use disables lzo compression
       (comp-lzo? #f)
       (fast-io? #t)
       (remote
        (list
         (openvpn-remote-configuration
          (name "asecretremote.com")
          (port 1195)))))))


Also, I can confirm that your auth-user-pass does work.

Thanks,

Joshua

Information forwarded to bug-guix@HIDDEN:
bug#39660; Package guix. Full text available.

Message received at 39660 <at> debbugs.gnu.org:

Received: (at 39660) by debbugs.gnu.org; 21 Feb 2020 17:27:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 21 12:27:31 2020
Received: from localhost ([127.0.0.1]:48020 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j5C5L-0002HQ-FD
	for submit <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:27:31 -0500
Received: from lepiller.eu ([89.234.186.109]:50392)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@HIDDEN>) id 1j5C5I-0002HF-0d
 for 39660 <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:27:30 -0500
Received: from lepiller.eu (localhost [127.0.0.1])
 by lepiller.eu (OpenSMTPD) with ESMTP id 46026b17;
 Fri, 21 Feb 2020 17:27:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=lepiller.eu; h=date
 :in-reply-to:references:mime-version:content-type
 :content-transfer-encoding:subject:to:from:message-id; s=dkim;
 bh=2lnDZ1b5G9A/WgbVMjU19LfmF3c=; b=PXCO4ikElm1AlT+OsZ2g0qSVRljR
 lK8SuZmuK6jr7l/torpGunBBG+Gk2g2SnHyibLjTDLhnny8+j8aNKXKteLIcRdkM
 NecmNGOo7MBK6u1sEswG3OCxDJFCwKiXDDr5UWuF6Dm2lTXitih2SK7XjcgshY8R
 gCzfWeCfibtho7KCNUrZQDbdBCxMKSO8ymWBgd4CA7iti4ccHofbPnpKgwXnv570
 lJaghv02JAHXaECpytnDae1dwk7rLLAdMI5U5V/yVXgwrG52OjcaP+wwoCJ5VNFN
 QFvn+2nzxx0y92g6h/+u+po3TXDhfu3SSxhZwKalSs1+qjwQlgRI3gYfLQ==
Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id ba2312ed
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Fri, 21 Feb 2020 17:27:23 +0000 (UTC)
Date: Fri, 21 Feb 2020 12:27:11 -0500
User-Agent: K-9 Mail for Android
In-Reply-To: <8636b33lyj.fsf@HIDDEN>
References: <86pnec9cs5.fsf@HIDDEN> <8636b33lyj.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: bug#39660: openvpn-client-service does not support auth-user-pass
To: Joshua Branson <jbranso@HIDDEN>,
 Joshua Branson via Bug reports for GNU Guix <bug-guix@HIDDEN>,
 39660 <at> debbugs.gnu.org
From: Julien Lepiller <julien@HIDDEN>
Message-ID: <9BF96819-AE31-4DA1-9D0D-44B749992914@HIDDEN>
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 39660
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Le 21 f=C3=A9vrier 2020 12:10:44 GMT-05:00, Joshua Branson via Bug reports =
for GNU Guix <bug-guix@gnu=2Eorg> a =C3=A9crit :
>
>Julien and I discussed on irc that guix currently does not have a
>method of generating my config file=2E  Here is just an updated list of
>the options that I (and possibly others) may need or want=2E
>
>#+BEGIN_SRC org
>These are all the options that my config file has=2E  If the box does
>not have an X, then we should add this in the service definition=2E
>
>- [ ] "persist-key"
>- [ ] "persist-tun"
We already have both of them=2E Are they not documented? They should be pe=
rsist-key? and persist-tun? respectively=2E

>- [ ] "remote-random"
>- [ ] "pull"
>- [X] "comp-lzo no"
>- [ ] "tls-client"  does tls-auth provide this option???
tls-auth and tls-client are different options=2E tls-client replaces the c=
lient directive we currently generate for all openvpn-client-configuration=
=2E

>- [ ] "verify-x509-name Server name-prefix"
>- [ ] "ns-cert-type server"  This is possibly deprecated?
>- [ ] "key-direction 1" This is another way of specifying tls-auth?
>- [X] "route-method exe" This is only useful on Windows=2E
>- [ ] "route-delay 2"
>- [X] "tun-mtu 1500" The documentation says most cases=2E=2E=2EI should
>  leave this to it's default parameter=2E  So unless needed, we probably
>  shouldn't need to add it to guix=2E
> =20
>- The next two options only make sense when we are using the protocol
>  udp=2E  We should probably specify them someway that you can only use
>  them if protocol is upd=2E  Something like:
>
>   #+BEGIN_SRC scheme
>   (proto udp
>     (upd-options
>       (fragment 1300)
>       (mssfix 1200))
>   #+END_SRC
>
>- [X] "fragment 1300"
>- [X] "mssfix 1200"
>
>
>- [ ] "cipher AES-256-CBC"
>- [X] keysize 256 deprecated=2E  Do not need=2E and my key size is the
>cipher size anyway=2E  The documentation does not reccommend manually
>changing your keysize=2E
>- [X] auth SHA512  I have no idea where this is in the documentation
>- [X] sndbuf 524288  The documentation says that the default should
>work=2E
>- [X] rcvbuf 524288  as above
>- [X] auth-user-pass login=2Econf
>#+END_SRC
>
>We should also probably allow a file option=2E  Some users may have a
>working file=2E  Perhaps we should support this:
>
>#+BEGIN_SRC scheme
>(openvpn-client-service
>  #:file  "/path/to/openvpn=2Econf")
>#+END_SRC
>
>Joshua

Information forwarded to bug-guix@HIDDEN:
bug#39660; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 21 Feb 2020 17:27:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 21 12:27:42 2020
Received: from localhost ([127.0.0.1]:48028 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j5C5W-0002IC-6n
	for submit <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:27:42 -0500
Received: from lists.gnu.org ([209.51.188.17]:36074)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@HIDDEN>) id 1j5C5O-0002Hi-2j
 for submit <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:27:34 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:37428)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <julien@HIDDEN>) id 1j5C5M-0004xN-Sw
 for bug-guix@HIDDEN; Fri, 21 Feb 2020 12:27:33 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED
 autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <julien@HIDDEN>) id 1j5C5L-0006F0-Ht
 for bug-guix@HIDDEN; Fri, 21 Feb 2020 12:27:32 -0500
Received: from lepiller.eu ([2a00:5884:8208::1]:38732)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <julien@HIDDEN>) id 1j5C5K-0006DL-Tv
 for bug-guix@HIDDEN; Fri, 21 Feb 2020 12:27:31 -0500
Received: from lepiller.eu (localhost [127.0.0.1])
 by lepiller.eu (OpenSMTPD) with ESMTP id 46026b17;
 Fri, 21 Feb 2020 17:27:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=lepiller.eu; h=date
 :in-reply-to:references:mime-version:content-type
 :content-transfer-encoding:subject:to:from:message-id; s=dkim;
 bh=2lnDZ1b5G9A/WgbVMjU19LfmF3c=; b=PXCO4ikElm1AlT+OsZ2g0qSVRljR
 lK8SuZmuK6jr7l/torpGunBBG+Gk2g2SnHyibLjTDLhnny8+j8aNKXKteLIcRdkM
 NecmNGOo7MBK6u1sEswG3OCxDJFCwKiXDDr5UWuF6Dm2lTXitih2SK7XjcgshY8R
 gCzfWeCfibtho7KCNUrZQDbdBCxMKSO8ymWBgd4CA7iti4ccHofbPnpKgwXnv570
 lJaghv02JAHXaECpytnDae1dwk7rLLAdMI5U5V/yVXgwrG52OjcaP+wwoCJ5VNFN
 QFvn+2nzxx0y92g6h/+u+po3TXDhfu3SSxhZwKalSs1+qjwQlgRI3gYfLQ==
Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id ba2312ed
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Fri, 21 Feb 2020 17:27:23 +0000 (UTC)
Date: Fri, 21 Feb 2020 12:27:11 -0500
User-Agent: K-9 Mail for Android
In-Reply-To: <8636b33lyj.fsf@HIDDEN>
References: <86pnec9cs5.fsf@HIDDEN> <8636b33lyj.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: bug#39660: openvpn-client-service does not support auth-user-pass
To: Joshua Branson <jbranso@HIDDEN>,
 Joshua Branson via Bug reports for GNU Guix <bug-guix@HIDDEN>,
 39660 <at> debbugs.gnu.org
From: Julien Lepiller <julien@HIDDEN>
Message-ID: <9BF96819-AE31-4DA1-9D0D-44B749992914@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2a00:5884:8208::1
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Le 21 f=C3=A9vrier 2020 12:10:44 GMT-05:00, Joshua Branson via Bug reports =
for GNU Guix <bug-guix@gnu=2Eorg> a =C3=A9crit :
>
>Julien and I discussed on irc that guix currently does not have a
>method of generating my config file=2E  Here is just an updated list of
>the options that I (and possibly others) may need or want=2E
>
>#+BEGIN_SRC org
>These are all the options that my config file has=2E  If the box does
>not have an X, then we should add this in the service definition=2E
>
>- [ ] "persist-key"
>- [ ] "persist-tun"
We already have both of them=2E Are they not documented? They should be pe=
rsist-key? and persist-tun? respectively=2E

>- [ ] "remote-random"
>- [ ] "pull"
>- [X] "comp-lzo no"
>- [ ] "tls-client"  does tls-auth provide this option???
tls-auth and tls-client are different options=2E tls-client replaces the c=
lient directive we currently generate for all openvpn-client-configuration=
=2E

>- [ ] "verify-x509-name Server name-prefix"
>- [ ] "ns-cert-type server"  This is possibly deprecated?
>- [ ] "key-direction 1" This is another way of specifying tls-auth?
>- [X] "route-method exe" This is only useful on Windows=2E
>- [ ] "route-delay 2"
>- [X] "tun-mtu 1500" The documentation says most cases=2E=2E=2EI should
>  leave this to it's default parameter=2E  So unless needed, we probably
>  shouldn't need to add it to guix=2E
> =20
>- The next two options only make sense when we are using the protocol
>  udp=2E  We should probably specify them someway that you can only use
>  them if protocol is upd=2E  Something like:
>
>   #+BEGIN_SRC scheme
>   (proto udp
>     (upd-options
>       (fragment 1300)
>       (mssfix 1200))
>   #+END_SRC
>
>- [X] "fragment 1300"
>- [X] "mssfix 1200"
>
>
>- [ ] "cipher AES-256-CBC"
>- [X] keysize 256 deprecated=2E  Do not need=2E and my key size is the
>cipher size anyway=2E  The documentation does not reccommend manually
>changing your keysize=2E
>- [X] auth SHA512  I have no idea where this is in the documentation
>- [X] sndbuf 524288  The documentation says that the default should
>work=2E
>- [X] rcvbuf 524288  as above
>- [X] auth-user-pass login=2Econf
>#+END_SRC
>
>We should also probably allow a file option=2E  Some users may have a
>working file=2E  Perhaps we should support this:
>
>#+BEGIN_SRC scheme
>(openvpn-client-service
>  #:file  "/path/to/openvpn=2Econf")
>#+END_SRC
>
>Joshua

Information forwarded to bug-guix@HIDDEN:
bug#39660; Package guix. Full text available.

Message received at 39660 <at> debbugs.gnu.org:

Received: (at 39660) by debbugs.gnu.org; 21 Feb 2020 17:10:57 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 21 12:10:57 2020
Received: from localhost ([127.0.0.1]:48005 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j5BpJ-0001qz-Ef
	for submit <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:10:57 -0500
Received: from mx2.dismail.de ([159.69.191.136]:12410)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jbranso@HIDDEN>) id 1j5BpH-0001ql-5p
 for 39660 <at> debbugs.gnu.org; Fri, 21 Feb 2020 12:10:56 -0500
Received: from mx2.dismail.de (localhost [127.0.0.1])
 by mx2.dismail.de (OpenSMTPD) with ESMTP id eb787a6e
 for <39660 <at> debbugs.gnu.org>; Fri, 21 Feb 2020 18:10:48 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date
 :message-id:from:to:subject; s=20190914; bh=P0vIAZ88XOsd9TC8AuaE
 oqHG8TIYCJs/9aDI6RiORh0=; b=WIdp1UYO4Yzge6AD38HXH/9xkQWNzuY2iIS4
 yjDIGjf3iXOMPxcRlWlu4RB022uSCSHDag34ImpgflWp0fVJ6R+3TKcd/aUOEjFA
 7T5nTSurZC+aL3d5He/dH8eSba6fiXgk9uXFZq9OasiBKU8V2A0ZjRoj1n4Zf7kQ
 VxiHrLKQu+9Lqvx9tUanzlN1PPVkaPnR4Zv80e7UyFRj9GrYjJVeHlkqhlbieeh8
 WuLZZ0Uyp448NgDpzXo//d+aRM6ZwCw/fqmVHLXeBQIBpmoymUYB3e23IRwMd261
 EaMYBd5CcNgPnTYLSpW7L3JngLwDhjdqsJkWbod3LoPPF9yFgA==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
 by mx2.dismail.de (OpenSMTPD) with ESMTP id 513365ce
 for <39660 <at> debbugs.gnu.org>; Fri, 21 Feb 2020 18:10:48 +0100 (CET)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
 by smtp2.dismail.de (OpenSMTPD) with ESMTP id b9037d49
 for <39660 <at> debbugs.gnu.org>; Fri, 21 Feb 2020 18:10:48 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id f15a53e7
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO)
 for <39660 <at> debbugs.gnu.org>; Fri, 21 Feb 2020 18:10:47 +0100 (CET)
Date: Fri, 21 Feb 2020 12:10:44 -0500
Message-Id: <8636b33lyj.fsf@HIDDEN>
From: Joshua Branson <jbranso@HIDDEN>
To: 39660 <at> debbugs.gnu.org
Subject: openvpn-client-service does not support auth-user-pass
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 39660
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)


Julien and I discussed on irc that guix currently does not have a
method of generating my config file.  Here is just an updated list of
the options that I (and possibly others) may need or want.

#+BEGIN_SRC org
These are all the options that my config file has.  If the box does
not have an X, then we should add this in the service definition.

- [ ] "persist-key"
- [ ] "persist-tun"
- [ ] "remote-random"
- [ ] "pull"
- [X] "comp-lzo no"
- [ ] "tls-client"  does tls-auth provide this option???
- [ ] "verify-x509-name Server name-prefix"
- [ ] "ns-cert-type server"  This is possibly deprecated?
- [ ] "key-direction 1" This is another way of specifying tls-auth?
- [X] "route-method exe" This is only useful on Windows.
- [ ] "route-delay 2"
- [X] "tun-mtu 1500" The documentation says most cases...I should
  leave this to it's default parameter.  So unless needed, we probably
  shouldn't need to add it to guix.
  
- The next two options only make sense when we are using the protocol
  udp.  We should probably specify them someway that you can only use
  them if protocol is upd.  Something like:

   #+BEGIN_SRC scheme
   (proto udp
     (upd-options
       (fragment 1300)
       (mssfix 1200))
   #+END_SRC

- [X] "fragment 1300"
- [X] "mssfix 1200"


- [ ] "cipher AES-256-CBC"
- [X] keysize 256 deprecated.  Do not need. and my key size is the
  cipher size anyway.  The documentation does not reccommend manually changing your keysize.
- [X] auth SHA512  I have no idea where this is in the documentation
- [X] sndbuf 524288  The documentation says that the default should work.
- [X] rcvbuf 524288  as above
- [X] auth-user-pass login.conf
#+END_SRC

We should also probably allow a file option.  Some users may have a
working file.  Perhaps we should support this:

#+BEGIN_SRC scheme
(openvpn-client-service
  #:file  "/path/to/openvpn.conf")
#+END_SRC

Joshua

Information forwarded to bug-guix@HIDDEN:
bug#39660; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 19 Feb 2020 03:15:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 18 22:15:08 2020
Received: from localhost ([127.0.0.1]:41528 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j4FpI-0005CL-6i
	for submit <at> debbugs.gnu.org; Tue, 18 Feb 2020 22:15:08 -0500
Received: from lists.gnu.org ([209.51.188.17]:35687)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@HIDDEN>) id 1j4FpG-0005C2-V6
 for submit <at> debbugs.gnu.org; Tue, 18 Feb 2020 22:15:03 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:34139)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <julien@HIDDEN>) id 1j4FpF-0007zZ-GE
 for bug-guix@HIDDEN; Tue, 18 Feb 2020 22:15:02 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED
 autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <julien@HIDDEN>) id 1j4FpD-0007ok-Tr
 for bug-guix@HIDDEN; Tue, 18 Feb 2020 22:15:01 -0500
Received: from lepiller.eu ([89.234.186.109]:52104)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <julien@HIDDEN>) id 1j4FpD-0007n8-AU
 for bug-guix@HIDDEN; Tue, 18 Feb 2020 22:14:59 -0500
Received: from lepiller.eu (localhost [127.0.0.1])
 by lepiller.eu (OpenSMTPD) with ESMTP id 60eaffb5;
 Wed, 19 Feb 2020 03:14:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=lepiller.eu; h=date
 :in-reply-to:references:mime-version:content-type
 :content-transfer-encoding:subject:to:from:message-id; s=dkim;
 bh=7zdWCwMBnJoI3yM5oBuLq14TvMs=; b=FSeIsVJsGDanYlzVJZM0CY17esy4
 jcxo64D4la0gSrQT5f1obvB/Ps93dIe42tlhCY1BhnIKwnuRNRGBcFuM3BpPyTBL
 /51weHmS1z/Ob+Y4vrYxGhavRQmo1qgxClTiVsbavskpKF4MRXmRFOqL0+Xc49pw
 V4S62EIHoUBcRexUQgACSqevQLZfT4Cx/OgwZU4igLGaM751iU8li58WBtyLO6XG
 p5hdCI7d/PO7pRqTjqvbpEy9U2O0WXwdh3Gag3BcC4AFVGNSvmh4VAfR9bHw4Lna
 4vgNsndWwlgpZ5a8M0pnBZzvhFW6pZ22/mZM+mnXuBUChZWAl3UaBR33Xw==
Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 71f1137b
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Wed, 19 Feb 2020 03:14:53 +0000 (UTC)
Date: Tue, 18 Feb 2020 22:14:28 -0500
User-Agent: K-9 Mail for Android
In-Reply-To: <86pnec9cs5.fsf@HIDDEN>
References: <86pnec9cs5.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: bug#39660: openvpn-client-service does not support auth-user-pass
To: Joshua Branson <jbranso@HIDDEN>,
 Joshua Branson via Bug reports for GNU Guix <bug-guix@HIDDEN>,
 39660 <at> debbugs.gnu.org
From: Julien Lepiller <julien@HIDDEN>
Message-ID: <CA67AAE3-527C-4D1C-B5F0-09BDA1888B51@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-Received-From: 89.234.186.109
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Le 18 f=C3=A9vrier 2020 09:43:22 GMT-05:00, Joshua Branson via Bug reports =
for GNU Guix <bug-guix@gnu=2Eorg> a =C3=A9crit :
>
>Hello,
>
>I recently bought a vpn service from expressvpn=2E  They have a closed
>source app to connect, but of course we do not want to use that=2E
>Luckily, they allow a manual connection via openvpn=2E  I downloaded
>their script to manually connect=2E  It looks like they require all
>manual connections to authenticate via a username and password=2E
>
>Their support team told me that the manually connection must
>authenticate via a username and password=2E  They do not support any
>other manual connection=2E  Guix's openvpn-client-service does not
>support authenticating via a username and password=2E
>
>According to this forum thread
>(https://forums=2Eopenvpn=2Enet/viewtopic=2Ephp?t=3D11342), I was able to
>manually connect to expressvpn=2E  via "sudo expressvpn
>my_expressvpn_<countryname>=2Eovpn"=2E by changing
>
>"auth-user-pass" to "auth-user-pass login=2Econf"=2E
>
>login=2Econf looks like
>
>#+BEGIN_SRC text
>username
>password
>#+END_SRC
>
>The express vpn file that I downloaded looks like this:
>
>#+BEGIN_SRC text
>dev tun
>fast-io
>persist-key
>persist-tun
>nobind
>remote someaddress=2Eexpressnetw=2Ecom 1195
>
>remote-random
>pull
>comp-lzo no
>tls-client
>verify-x509-name Server name-prefix
>ns-cert-type server
>key-direction 1
>route-method exe
>route-delay 2
>tun-mtu 1500
>fragment 1300
>mssfix 1200
>verb 3
>cipher AES-256-CBC
>keysize 256
>auth SHA512
>sndbuf 524288
>rcvbuf 524288
>auth-user-pass login=2Econf
>
><cert>
>-----BEGIN CERTIFICATE-----
>secret info
>-----END CERTIFICATE-----
></cert>
><key>
>-----BEGIN RSA PRIVATE KEY-----
>secret info
>-----END RSA PRIVATE KEY-----
></key>
><tls-auth>
>#
># 2048 bit OpenVPN static key
>#
>-----BEGIN OpenVPN Static key V1-----
>secret info
>-----END OpenVPN Static key V1-----
></tls-auth>
><ca>
>-----BEGIN CERTIFICATE-----
>secret info
>-----END CERTIFICATE-----
></ca>
>#+END_SRC
>
>A solution would be to modify our current openvpn-client-service to
>allow authentication via a username and password, or to supply a
>configuration file=2E
>
>Also it looks like expressvpn may one day move to wireguard:
>
>https://www=2Eexpressvpn=2Ecom/blog/expressvpn-wireguard-update/
>
>
>I hope this helps!
>
>Thanks,
>
>Joshua

Hi, I just pushed a change to master: the openvpn-client-configuration now=
 accepts a auth-user-pass parameter ohich should be a string repnesenting t=
he file path of your login=2Econf=2E I also added fast-io (not set by defau=
lt, experimental and probably useless on GNU/Linux, according to the openvp=
n manual)=2E Some of your options might be missing, but I think you now hav=
e the requirel part of your config available in the service definition!

Information forwarded to bug-guix@HIDDEN:
bug#39660; Package guix. Full text available.

Message received at 39660 <at> debbugs.gnu.org:

Received: (at 39660) by debbugs.gnu.org; 19 Feb 2020 03:14:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 18 22:14:59 2020
Received: from localhost ([127.0.0.1]:41524 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j4FpC-0005B9-S4
	for submit <at> debbugs.gnu.org; Tue, 18 Feb 2020 22:14:59 -0500
Received: from lepiller.eu ([89.234.186.109]:46192)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@HIDDEN>) id 1j4FpA-0005B0-6a
 for 39660 <at> debbugs.gnu.org; Tue, 18 Feb 2020 22:14:57 -0500
Received: from lepiller.eu (localhost [127.0.0.1])
 by lepiller.eu (OpenSMTPD) with ESMTP id 60eaffb5;
 Wed, 19 Feb 2020 03:14:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=lepiller.eu; h=date
 :in-reply-to:references:mime-version:content-type
 :content-transfer-encoding:subject:to:from:message-id; s=dkim;
 bh=7zdWCwMBnJoI3yM5oBuLq14TvMs=; b=FSeIsVJsGDanYlzVJZM0CY17esy4
 jcxo64D4la0gSrQT5f1obvB/Ps93dIe42tlhCY1BhnIKwnuRNRGBcFuM3BpPyTBL
 /51weHmS1z/Ob+Y4vrYxGhavRQmo1qgxClTiVsbavskpKF4MRXmRFOqL0+Xc49pw
 V4S62EIHoUBcRexUQgACSqevQLZfT4Cx/OgwZU4igLGaM751iU8li58WBtyLO6XG
 p5hdCI7d/PO7pRqTjqvbpEy9U2O0WXwdh3Gag3BcC4AFVGNSvmh4VAfR9bHw4Lna
 4vgNsndWwlgpZ5a8M0pnBZzvhFW6pZ22/mZM+mnXuBUChZWAl3UaBR33Xw==
Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 71f1137b
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Wed, 19 Feb 2020 03:14:53 +0000 (UTC)
Date: Tue, 18 Feb 2020 22:14:28 -0500
User-Agent: K-9 Mail for Android
In-Reply-To: <86pnec9cs5.fsf@HIDDEN>
References: <86pnec9cs5.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: bug#39660: openvpn-client-service does not support auth-user-pass
To: Joshua Branson <jbranso@HIDDEN>,
 Joshua Branson via Bug reports for GNU Guix <bug-guix@HIDDEN>,
 39660 <at> debbugs.gnu.org
From: Julien Lepiller <julien@HIDDEN>
Message-ID: <CA67AAE3-527C-4D1C-B5F0-09BDA1888B51@HIDDEN>
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 39660
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Le 18 f=C3=A9vrier 2020 09:43:22 GMT-05:00, Joshua Branson via Bug reports =
for GNU Guix <bug-guix@gnu=2Eorg> a =C3=A9crit :
>
>Hello,
>
>I recently bought a vpn service from expressvpn=2E  They have a closed
>source app to connect, but of course we do not want to use that=2E
>Luckily, they allow a manual connection via openvpn=2E  I downloaded
>their script to manually connect=2E  It looks like they require all
>manual connections to authenticate via a username and password=2E
>
>Their support team told me that the manually connection must
>authenticate via a username and password=2E  They do not support any
>other manual connection=2E  Guix's openvpn-client-service does not
>support authenticating via a username and password=2E
>
>According to this forum thread
>(https://forums=2Eopenvpn=2Enet/viewtopic=2Ephp?t=3D11342), I was able to
>manually connect to expressvpn=2E  via "sudo expressvpn
>my_expressvpn_<countryname>=2Eovpn"=2E by changing
>
>"auth-user-pass" to "auth-user-pass login=2Econf"=2E
>
>login=2Econf looks like
>
>#+BEGIN_SRC text
>username
>password
>#+END_SRC
>
>The express vpn file that I downloaded looks like this:
>
>#+BEGIN_SRC text
>dev tun
>fast-io
>persist-key
>persist-tun
>nobind
>remote someaddress=2Eexpressnetw=2Ecom 1195
>
>remote-random
>pull
>comp-lzo no
>tls-client
>verify-x509-name Server name-prefix
>ns-cert-type server
>key-direction 1
>route-method exe
>route-delay 2
>tun-mtu 1500
>fragment 1300
>mssfix 1200
>verb 3
>cipher AES-256-CBC
>keysize 256
>auth SHA512
>sndbuf 524288
>rcvbuf 524288
>auth-user-pass login=2Econf
>
><cert>
>-----BEGIN CERTIFICATE-----
>secret info
>-----END CERTIFICATE-----
></cert>
><key>
>-----BEGIN RSA PRIVATE KEY-----
>secret info
>-----END RSA PRIVATE KEY-----
></key>
><tls-auth>
>#
># 2048 bit OpenVPN static key
>#
>-----BEGIN OpenVPN Static key V1-----
>secret info
>-----END OpenVPN Static key V1-----
></tls-auth>
><ca>
>-----BEGIN CERTIFICATE-----
>secret info
>-----END CERTIFICATE-----
></ca>
>#+END_SRC
>
>A solution would be to modify our current openvpn-client-service to
>allow authentication via a username and password, or to supply a
>configuration file=2E
>
>Also it looks like expressvpn may one day move to wireguard:
>
>https://www=2Eexpressvpn=2Ecom/blog/expressvpn-wireguard-update/
>
>
>I hope this helps!
>
>Thanks,
>
>Joshua

Hi, I just pushed a change to master: the openvpn-client-configuration now=
 accepts a auth-user-pass parameter ohich should be a string repnesenting t=
he file path of your login=2Econf=2E I also added fast-io (not set by defau=
lt, experimental and probably useless on GNU/Linux, according to the openvp=
n manual)=2E Some of your options might be missing, but I think you now hav=
e the requirel part of your config available in the service definition!

Information forwarded to bug-guix@HIDDEN:
bug#39660; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 18 Feb 2020 14:43:37 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 18 09:43:37 2020
Received: from localhost ([127.0.0.1]:39768 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j4465-00019S-4Q
	for submit <at> debbugs.gnu.org; Tue, 18 Feb 2020 09:43:37 -0500
Received: from lists.gnu.org ([209.51.188.17]:46085)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jbranso@HIDDEN>) id 1j4462-00019K-Ri
 for submit <at> debbugs.gnu.org; Tue, 18 Feb 2020 09:43:35 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:58980)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <jbranso@HIDDEN>) id 1j4461-0003GS-7m
 for bug-guix@HIDDEN; Tue, 18 Feb 2020 09:43:34 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_MED,
 URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <jbranso@HIDDEN>) id 1j4460-000196-0p
 for bug-guix@HIDDEN; Tue, 18 Feb 2020 09:43:33 -0500
Received: from mx1.dismail.de ([78.46.223.134]:16053)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <jbranso@HIDDEN>) id 1j445z-00016E-F8
 for bug-guix@HIDDEN; Tue, 18 Feb 2020 09:43:31 -0500
Received: from mx1.dismail.de (localhost [127.0.0.1])
 by mx1.dismail.de (OpenSMTPD) with ESMTP id 14f9fdf7
 for <bug-guix@HIDDEN>; Tue, 18 Feb 2020 15:43:26 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date
 :message-id:from:to:subject; s=20190914; bh=2s/eNIiWCA0H7rpOAreY
 qg6W1tULAMTXAnaNaV7qU+U=; b=pt8lnfxK4zMLz5z4r8qkRUYu/bLrszZ4ZSOn
 cRtraOizKVPYlOMcDe/rRFOzjYvuwq2x/6qkZV7mpUVOWtor3NS9rEtruBVw+H+D
 2xU0pik/22JlVSWyv/+QM77NVBlUgfLfxNBsTuZpX6+Uijo32oNbpNrBB8ahE3Aq
 WDcyfbL0x5K1h8E9O5X6k1eewbzo9d+oFCsOfEk13otbq/Lf0VWIhK3OpJEh5pXR
 RZGMWG70TGggIKicU+c5kM20O8ekaVucISTP5P5qor6dLPOa7YDgtPXxo6TFAJEd
 QKCCDXyHKEqeiO8Qdy+fEX82l4H4z6pOj18WYfu2LKhOVv5BPg==
Received: from smtp1.dismail.de (<unknown> [10.240.26.11])
 by mx1.dismail.de (OpenSMTPD) with ESMTP id fb37472c
 for <bug-guix@HIDDEN>; Tue, 18 Feb 2020 15:43:26 +0100 (CET)
Received: from smtp1.dismail.de (localhost [127.0.0.1])
 by smtp1.dismail.de (OpenSMTPD) with ESMTP id 90645ab1
 for <bug-guix@HIDDEN>; Tue, 18 Feb 2020 15:43:26 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 1e4d07e4
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <bug-guix@HIDDEN>;
 Tue, 18 Feb 2020 15:43:25 +0100 (CET)
Date: Tue, 18 Feb 2020 09:43:22 -0500
Message-Id: <86pnec9cs5.fsf@HIDDEN>
From: Joshua Branson <jbranso@HIDDEN>
To: bug-guix@HIDDEN
Subject: openvpn-client-service does not support auth-user-pass
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 78.46.223.134
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)


Hello,

I recently bought a vpn service from expressvpn.  They have a closed
source app to connect, but of course we do not want to use that.
Luckily, they allow a manual connection via openvpn.  I downloaded
their script to manually connect.  It looks like they require all
manual connections to authenticate via a username and password.

Their support team told me that the manually connection must
authenticate via a username and password.  They do not support any
other manual connection.  Guix's openvpn-client-service does not
support authenticating via a username and password.

According to this forum thread
(https://forums.openvpn.net/viewtopic.php?t=11342), I was able to
manually connect to expressvpn.  via "sudo expressvpn
my_expressvpn_<countryname>.ovpn". by changing

"auth-user-pass" to "auth-user-pass login.conf".

login.conf looks like

#+BEGIN_SRC text
username
password
#+END_SRC

The express vpn file that I downloaded looks like this:

#+BEGIN_SRC text
dev tun
fast-io
persist-key
persist-tun
nobind
remote someaddress.expressnetw.com 1195

remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass login.conf

<cert>
-----BEGIN CERTIFICATE-----
secret info
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
secret info
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
secret info
-----END OpenVPN Static key V1-----
</tls-auth>
<ca>
-----BEGIN CERTIFICATE-----
secret info
-----END CERTIFICATE-----
</ca>
#+END_SRC

A solution would be to modify our current openvpn-client-service to
allow authentication via a username and password, or to supply a
configuration file.

Also it looks like expressvpn may one day move to wireguard:

https://www.expressvpn.com/blog/expressvpn-wireguard-update/


I hope this helps!

Thanks,

Joshua

Acknowledgement sent to Joshua Branson <jbranso@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.

Report forwarded to bug-guix@HIDDEN:
bug#39660; Package guix. Full text available.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Last modified: Sun, 23 Feb 2020 19:45:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.