search

berkus / tunnelblick

TunnelBlick configs for OpenVPN on OSX
code.google.com/p/tunnelblick
1 stars 1 forks source link

'Auth' password cannot be read from a file #219

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi Tunnelblick team,

I post a issue yesterday that happen on version <Tunnelblick 3.3beta21a 
Unsigned> which can automatically convert openvpn configuration to a .tblk. 
This issue is another one in version <Tunnelblick 3.3beta21a (build 3114.1)  -  
OpenVPN 2.2.1>. I post more detail information and various ways I tried to 
resolve it.

My computer is Mac Book Pro, Mountain Lion 10.8.2
My openvon configuration is:
-----------------------------
auth-user-pass usa.puff.pass.txt
client 
dev tun 
proto udp
remote 72.52.65.84 443
remote usa.vpuff.info 443
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
ca usa.puff.ca.crt
ns-cert-type server
tls-auth usa.puff.ta.key 1
comp-lzo
verb 4
mute 20
redirect-gateway def1
---------------------------

The error messages from GUI logs console is:
---------------------------
2012-11-08 09:49:27 *Tunnelblick: OS X 10.8.2; Tunnelblick 3.3beta21a (build 
3114.1)
2012-11-08 09:49:27 *Tunnelblick: Attempting connection with usa.puff; Set 
nameserver = 1; monitoring connection
2012-11-08 09:49:27 *Tunnelblick: 
/Applications/Tunnelblick.app/Contents/Resources/openvpnstart start 
usa.puff.ovpn 1338 1 0 0 0 49 -atADGNWradsgnw 2.2.1
2012-11-08 09:49:27 *Tunnelblick: openvpnstart message: Loading tun.kext

OpenVPN started successfully. Command used to start OpenVPN (one argument per 
displayed line):

     /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn
     --cd
     /Users/mingqi/Library/Application Support/Tunnelblick/Configurations
     --daemon
     --management
     127.0.0.1
     1338
     --config
     /Users/mingqi/Library/Application Support/Tunnelblick/Configurations/usa.puff.ovpn
     --log
     /Library/Application Support/Tunnelblick/Logs/-SUsers-Smingqi-SLibrary-SApplication Support-STunnelblick-SConfigurations-Susa.puff.ovpn.1_0_0_0_49.1338.openvpn.log
     --management-query-passwords
     --management-hold
     --script-security
     2
     --up
     /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atADGNWradsgnw
     --down
     /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atADGNWradsgnw
     --up-restart
2012-11-08 09:49:27 us=722084 Current Parameter Settings:
2012-11-08 09:49:27 us=722226   config = '/Users/mingqi/Library/Application 
Support/Tunnelblick/Configurations/usa.puff.ovpn'
2012-11-08 09:49:27 us=722237   mode = 0
2012-11-08 09:49:27 us=722244   show_ciphers = DISABLED
2012-11-08 09:49:27 us=722251   show_digests = DISABLED
2012-11-08 09:49:27 us=722257   show_engines = DISABLED
2012-11-08 09:49:27 us=722264   genkey = DISABLED
2012-11-08 09:49:27 us=722271   key_pass_file = '[UNDEF]'
2012-11-08 09:49:27 us=722277   show_tls_ciphers = DISABLED
2012-11-08 09:49:27 us=722284 Connection profiles [default]:
2012-11-08 09:49:27 us=722291   proto = udp
2012-11-08 09:49:27 us=722297   local = '[UNDEF]'
2012-11-08 09:49:27 us=722304   local_port = 1194
2012-11-08 09:49:27 us=722311   remote = '[UNDEF]'
2012-11-08 09:49:27 us=722317   remote_port = 1194
2012-11-08 09:49:27 us=722324   remote_float = DISABLED
2012-11-08 09:49:27 us=722330   bind_defined = DISABLED
2012-11-08 09:49:27 us=722337   bind_local = DISABLED
2012-11-08 09:49:27 us=722343   connect_retry_seconds = 5
2012-11-08 09:49:27 us=722350   connect_timeout = 10
2012-11-08 09:49:27 us=722356 NOTE: --mute triggered...
2012-11-08 09:49:27 us=722374 271 variation(s) on previous 20 message(s) 
suppressed by --mute
2012-11-08 09:49:27 us=722383 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] 
[LZO2] [PKCS11] [eurephia] built on Sep 12 2012
2012-11-08 09:49:27 us=722478 MANAGEMENT: TCP Socket listening on 127.0.0.1:1338
2012-11-08 09:49:27 us=722820 Need hold release from management interface, 
waiting...
2012-11-08 09:49:27 us=847394 MANAGEMENT: Client connected from 127.0.0.1:1338
2012-11-08 09:49:27 us=855294 MANAGEMENT: CMD 'pid'
2012-11-08 09:49:27 us=855418 MANAGEMENT: CMD 'state on'
2012-11-08 09:49:27 us=855500 MANAGEMENT: CMD 'state'
2012-11-08 09:49:27 us=855598 MANAGEMENT: CMD 'bytecount 1'
2012-11-08 09:49:27 us=855676 MANAGEMENT: CMD 'hold release'
2012-11-08 09:49:27 us=855926 MANAGEMENT: Client disconnected
2012-11-08 09:49:27 us=855979 Sorry, 'Auth' password cannot be read from a file
2012-11-08 09:49:27 us=856040 Exiting
2012-11-08 09:49:27 *Tunnelblick: Established communication with OpenVPN
2012-11-08 09:49:27 *Tunnelblick: openvpnstart starting OpenVPN:
                    *                    /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/mingqi/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1338 --config /Users/mingqi/Library/Application Support/Tunnelblick/Configurations/usa.puff.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Smingqi-SLibrary-SApplication Support-STunnelblick-SConfigurations-Susa.puff.ovpn.1_0_0_0_49.1338.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atADGNWradsgnw --up-restart
2012-11-08 09:49:28 *Tunnelblick: Flushed the DNS cache
----------------------------

I'm pretty sure that usa.puff.pass.txt is available.

Then I google the problem after I noticed the error message "Sorry, 'Auth' 
password cannot be read from a file". Goolge give me answer is:
http://code.google.com/p/tunnelblick/issues/detail?id=91#c1

So I follow suggestions and rebuild opven-2.2.1. 
1. I download source code from:
http://openvpn.net/index.php/open-source/downloads/471-old-releases.html
2. rebuild it use command: ./configure --prefix /Users/mingqi/openvpn-2.2.1 
--enable-password-save --disable-lzo 
3. fixed a socks issue by this patch: 
https://trac.macports.org/attachment/ticket/30253/openvpn2-lion.patch

The new openvpn is very smaller than original, the new one is 600K and original 
is 4M. But anyway, I replace the original and have more weird issues. 

BTW: the Console doesn't have useful information.

Original issue reported on code.google.com by mingqi.s...@gmail.com on 8 Nov 2012 at 2:08

GoogleCodeExporter commented 9 years ago 
Please read http://openvpn.net/archive/openvpn-users/2005-01/msg00349.html, 
linked to in Issue 91. It explains why reading a password from a file is 
considered bad, and why OpenVPN doesn't allow it by default. (The "OpenVPN GUI" 
is sort of a Windows equivalent of Tunnelblick.)

THe reason that your custom-built OpenVPN binary is smaller is probably that it 
is built only for your processor (PPC or Intel). Tunnelblick's copies of 
OpenVPN are built with both versions.

Original comment by jkbull...@gmail.com on 8 Nov 2012 at 3:14