expect: spawn id exp6 not open

[zaqrat]

transmissionvpn start is failing during the expect script. I'm receiving the error "expect: spawn id exp6 not open". After doing quite a bit of research I believe this is occurring because openvpn is closing stdin. If I remove the --daemon arg from the spawn command, the error goes away, and the script works when manually run from the shell. However, it fails to run correctly as a service.

Any assistance you can provide to help get past this issue?

Thanks!

[Asara]

I am not sure how amussey got this script working. I am using FreeBSD 10 instead of FreeNAS, so my issues might be resolved if I was using FreeNAS, but I thought I'd still comment.

I've circumvented the exp6 error by doing pkg remove openvpn, compiling from source with the password_save option enabled and providing the password in a file via auth-user-pass filename + auth_nocache in openvpn.conf and removing the 'expect' bits with the username/password in the run.sh file.

This however still does not enable openvpn under FreeBSD

The core issue I am having is the inability to access the tun0 device to make the connection. If anyone is able to point me in the right direction, it would be very appreciated. I have attempted to set up devfs to expose tun to the jail, but have been thus far unsuccessful.

Thanks.

[SpareHook]

I have the exact same problem spawn id exp6 not open. Have something changed in the newer freenas that makes it incomaptible?

[MadMungo]

I also have the exact same problem spawn id exp6 not open.

Trying to install on FreeNAS 9.3 latest stable. removing the --daemon arg from the script makes no difference for me.

[SpareHook]

Nothing new on this one?

[mrjackyliang]

I'm having the same issue here. Is the author reading these posts?

[amussey]

Hey guys, my sincere apologies for being unresponsive (had my github notifications poorly configured). I'm happy to try and help as much as possible. That being said, I'll preface this with: my knowledge of OpenVPN is extremely limited. I've only attempted to configure this using the stock Transmission jail on FreeNAS 9.3 and Private Internet Access (PIA) as the VPN provider.

@zaqrat, @SpareHook, @MadMungo, @coolboiime: Which VPN provider are you guys using?

@Asara: you're probably going in a better path; using the expect binary as this script does is kinda hacky. However, I was running into a similar issue when compiling OpenVPN from source.

[SpareHook]

I tried PIA and didnt get it to work.

[MadMungo]

I tried PureVPN and ProXPN with same results.

[amussey]

Hey everyone, I promise I'm still looking into this - I have not had an opportunity to sit down with my FreeNAS machine to try and troubleshoot. I'll try to post back this weekend with an update.

[Imburr]

Script still does not work, and no uninstall target is provided.

[amussey]

Hey everyone, thanks for your patience. This seems to be a problem with expect in run.sh. Specifically, it appears that there is an error occurring as OpenVPN is trying to launch (causing the password prompts to never appear). Error logs for OpenVPN are available in /FreeNAS-Transmission-OpenVPN/openvpn-running.log. If you want to cat that file and post it, I'd be happy to troubleshoot a little deeper.

@Imburr: When I originally wrote this script, I designed it to be run specifically inside freshly spawned FreeNAS jails, which I consider to be fairly ephemeral. That may not be the right mindset, so if the ability to uninstall is a feature you could truly use, please submit it as a separate issue.

[InternetofAwesome]

I found that adding --auth-user-pass to the end of the command line fixed this for me:

spawn /usr/local/sbin/openvpn \  
    --cd /FreeNAS-Transmission-OpenVPN/openvpn \  
    --config /FreeNAS-Transmission-OpenVPN/openvpn/openvpn.conf \  
    --up /FreeNAS-Transmission-OpenVPN/scripts/start_transmission.sh \  
    --script-security 2 \  
    --down /FreeNAS-Transmission-OpenVPN/scripts/stop_transmission.sh \  
    --daemon openvpn \  
    --log-append /FreeNAS-Transmission-OpenVPN/openvpn-running.log \  
    --writepid /FreeNAS-Transmission-OpenVPN/openvpn.pid \  
    --auth-user-pass  

It looks like openvpn did not know how I wanted to authenticate, so it just gave up.

[bigmascot]

Hi all, has the fix proposed by InternetofAwesome worked for anyone? I've edited the run.sh.template files using vi to add --auth-user-pass but now I get the message: invalid command name "--auth-user-pass".

I'm using a clean install of FreeNAS 9.3.1.

Any advice greatly appreciated.

[amussey]

@bigmascot: Unfortunately, according to the man pages, to use the --auth-user-pass option, OpenVPN has to be compiled with the --enable-password-save parameter. If my memory serves me correctly, the pre-compiled build of OpenVPN that FreeNAS 9.3 uses has not been compiled with that flag.

[bigmascot]

Thanks for your reply @amussey, such a shame - I've just needed to completely rebuild my FreeNAS box due to a failure at the weekend and did so using the latest version. Prior to that your scripts worked splendidly!

If anyone else has any updates or suggestions on this in the meantime please do post for us here.

Many thanks.

[bigmascot]

@amussey, one more question if I may; is there a way I can connect by typing in my username and password manually each time as needed? I'd be happy to use this as a workaround in the meantime.

[bigmascot]

Just to close this off, I have it working without the addition of --auth-user-pass. I copied my key and cert over again and that fixed it. Can confirm that this is working with 9.3.1.

[InternetofAwesome]

@bigmascot, can you provide more details of how you got it working without --auth-user-pass? At least for my use case, my VPN requires interactive login, which appears to require this flag. Not including the flag seems to try a few other PSK type methods, and then fails.

@amussey, the --auth-user-pass command takes an optional argument of a login/password file. In my case, it seems to force openvpn into interactive login when the optional argument is omitted. To your point, I did try to include a login/pass file to bypass the interactive login hack via expect, but got an error related to that feature not being compiled in, but this error only happens when you try to pass a login/pass file.