Le 18 février 2020 09:43:22 GMT-05:00, Joshua Branson via Bug reports for GNU Guix <bug-guix@gnu.org> a écrit : > >Hello, > >I recently bought a vpn service from expressvpn. They have a closed >source app to connect, but of course we do not want to use that. >Luckily, they allow a manual connection via openvpn. I downloaded >their script to manually connect. It looks like they require all >manual connections to authenticate via a username and password. > >Their support team told me that the manually connection must >authenticate via a username and password. They do not support any >other manual connection. Guix's openvpn-client-service does not >support authenticating via a username and password. > >According to this forum thread >(https://forums.openvpn.net/viewtopic.php?t=11342), I was able to >manually connect to expressvpn. via "sudo expressvpn >my_expressvpn_<countryname>.ovpn". by changing > >"auth-user-pass" to "auth-user-pass login.conf". > >login.conf looks like > >#+BEGIN_SRC text >username >password >#+END_SRC > >The express vpn file that I downloaded looks like this: > >#+BEGIN_SRC text >dev tun >fast-io >persist-key >persist-tun >nobind >remote someaddress.expressnetw.com 1195 > >remote-random >pull >comp-lzo no >tls-client >verify-x509-name Server name-prefix >ns-cert-type server >key-direction 1 >route-method exe >route-delay 2 >tun-mtu 1500 >fragment 1300 >mssfix 1200 >verb 3 >cipher AES-256-CBC >keysize 256 >auth SHA512 >sndbuf 524288 >rcvbuf 524288 >auth-user-pass login.conf > ><cert> >-----BEGIN CERTIFICATE----- >secret info >-----END CERTIFICATE----- ></cert> ><key> >-----BEGIN RSA PRIVATE KEY----- >secret info >-----END RSA PRIVATE KEY----- ></key> ><tls-auth> ># ># 2048 bit OpenVPN static key ># >-----BEGIN OpenVPN Static key V1----- >secret info >-----END OpenVPN Static key V1----- ></tls-auth> ><ca> >-----BEGIN CERTIFICATE----- >secret info >-----END CERTIFICATE----- ></ca> >#+END_SRC > >A solution would be to modify our current openvpn-client-service to >allow authentication via a username and password, or to supply a >configuration file. > >Also it looks like expressvpn may one day move to wireguard: > >https://www.expressvpn.com/blog/expressvpn-wireguard-update/ > > >I hope this helps! > >Thanks, > >Joshua
Hi, I just pushed a change to master: the openvpn-client-configuration now accepts a auth-user-pass parameter ohich should be a string repnesenting the file path of your login.conf. I also added fast-io (not set by default, experimental and probably useless on GNU/Linux, according to the openvpn manual). Some of your options might be missing, but I think you now have the requirel part of your config available in the service definition!
