PiVPN & VPN Manager for OpenVPN

  • Hi all,

    I have installed and setup PiVPN and PiHole on a RPI3, working fine, I can connect from Smartphone and Notebook via VPN.

    On another RPI3 running Libreelec I have installed VPN Manager for OpenVPN.

    But I don`t get a VPN connection to my own openVPN Server (PiVPN) at home.

    I always receive the message:

    "can`t ask for Enter Private Key Password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use -auth-nocache.

    I have uploaded the ovpn file with the wizard, set up PW and Username on VPN Manager for OpenVPN, but no success.

    Any idea why its not working?

    If you need further information, just let me know.

    Thanks and have a good day,

    Stefan

  • The wizard doesn’t support pass protected keys, there’s a github issue open to fix it but I’ve not done it. You can investigate how to supply a file with the password in and reference that and manually change the ovpn files. Or you can turn off the requirement for pass protected keys. Dunno if the second option is possible as I don’t run PiVPN

  • zomboided I've just hit this same issue, and even by adjusting the ovpn file it doesn't work properly.

    If I add the askpass tag it does ask for the password, and saves it in a file user.txt in the addon's data folder. But the ovpn file gets modified to point to key.txt for some reason. But even if I duplicate the user.txt file to key.txt, it still fails to import it properly as it seems to be just pointed at the folder rather than the specific file in it (see the openvpn.log below)?

    Below are the relevant log files plus the sanitised ovpn file. If you need more information please let me know and I'll grab it.

    ovpn - hastebin
    openvpn.log - hastebin
    import log - hastebin

  • Thanks for providing decent debug. I think you’re trusting the import to do the right thing, which it doesn’t. You already found and commented on that github issue. If you avoid using the tagging (ie #PATH), and you edit the ovpn after import to contain the absolute path to the pass file, this might solve the problem.

    I can’t remember how this code works as it’s been ages since I looked and I don’t anticipate having enough free time to look at this any time soon to remind myself/provide a fix

  • I think I tried that yesterday, but I'll give it another go tonight.

    But also I think PiVPN does have the ability to create ovpn files without a password anyway. So if setting the path specifically doesn't work then I'll try that and report back.

  • zomboided - replacing #PATH with the explicit path didn't help (basically same error in openVPN.log as before), so it looks to me like the issue is in the naming and inhaling of the password file from the askpass tag.

    But the good news is that PiVPN can generate an ovpn file without the password encryption (PiVPN -a nopass is the command line to do so, for anyone else who needs it) and that works fine out of the box without any modifications just by pointing the add-on at it under User Defined.

    I'm not sure we lose anything by going that way given the password is stored on the machine in plain text anyway in this case, just a slightly non-standard tweak needed to create it.

    Edited 2 times, last by DarrenHill (May 9, 2019 at 9:00 AM).