12

I do and get when I have the password file nordvpn.txt of permissions 700 in /etc/openvpn/nordvpn and declaring auth-user-pass nordvpn.txt in .ovpn files

root@masi:/etc/openvpn# openvpn --auth-nocache lv2.nordvpn.com.udp1194.ovpn 
Options error: You must define TUN/TAP device (--dev)
Use --help for more information.

I can do openvpn lv2..., but then, you will get the warnings which I do not want to have

  • Fri Sep 2 20:05:01 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

  • Fri Sep 2 20:24:14 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #11288 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

Standard .ovpn file of udp in NordVPN where I have just appended the line auth-user-pass

masi@masi:/etc/openvpn$ cat ee1.nordvpn.com.udp1194.ovpn 


#           _   _               ___     ______  _   _
#          | \ | | ___  _ __ __| \ \   / /  _ \| \ | |
#          |  \| |/ _ \| '__/ _` |\ \ / /| |_) |  \| |
#          | |\  | (_) | | | (_| | \ V / |  __/| |\  |
#          |_| \_|\___/|_|  \__,_|  \_/  |_|   |_| \_|
#


client
dev tun
proto udp
remote 95.153.32.38 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0

remote-cert-tls server

#mute 10000
auth-user-pass nordvpn.txt

comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC

<ca>
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIJAOLB2FG1xMovMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
...
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
6c146c94cb099f5ebb0fffc47396a036
...
-----END OpenVPN Static key V1-----
</tls-auth>

Hardware: Asus Zenbook UX303UA
OS: Debian 8.5
Linux kernel: 4.6

Related:

Pang
  • 241
Léo Léopold Hertz 준영
  • 6,928

1 Answers1

19

You're storing your authentication data in a file. The fact that OpenVPN is additional storing it in RAM is then something you shouldn't care about. It's there for environments where you type the password (or obtain it from some hardware security module). So just ignore the warning.

If you really want --auth-nocache, you can either:

  1. put it in your .ovpn file (as auth-nocache); or
  2. openvpn --auth-nocache --config lv2.nordvpn.com.udp1194.ovpn should work. The key thing is you need that --config argument to specify the config name.

The bad packet ID warning is telling you about something that happened on the network. Has nothing to do with caching (or not) authentication. If you want to get rid of this warning (after reading the sections about replay), use --mute-replay-warnings like it says (either on the command line or in the .ovpn file).

derobert
  • 109,670