-1

Can someone tell me how to run this without a password prompt:

systemctl restart openvpn@myvpn.service`

in my sudoers file I have:

<myadminuser> ALL=NOPASSWD: /usr/bin/systemctl openvpn@myvpn.service restart,/etc/init.d/openvpn

and in ~/.bashrc I have:

alias or="systemctl restart openvpn@myvpn.service"

Solutions that I have tried:

If I add "sudo" in the alias, a password is requested inside the terminal. If I don't add sudo in the alias, box pops up, requesting a password. Hence, I posted the question here.

Time-Bandit
  • 202
  • 1
    You aren't actually using sudo. – muru Jan 04 '21 at 05:40
  • when I add sudo to the alias requests a password inside terminal... when I remove sudo from the alias.... it pops up a windows and asks for a password... hence, reason I asked the question.. loosing two points for asking a question sucks. – Time-Bandit Jan 04 '21 at 09:38
  • 2
    @yupthatguy missing that information out of your question is most likely to be the reason the question got down-voted. You can [edit] your question to show what you tried, and state why it didn't work (what it did that you didn't want it to). I would edit it for you, but I don't quite understand what you say you tried. – Philip Couling Jan 04 '21 at 09:53
  • In that case, run sudo -l to see if some other rule is overriding it (e.g., https://unix.stackexchange.com/a/230318/70524) – muru Jan 04 '21 at 09:59
  • 1
    Huh, your sudoers rule is systemctl openvpn@myvpn.service restart, and you're running systemctl restart openvpn@myvpn.service. – muru Jan 04 '21 at 10:05
  • @muru, I am obviously new to this.. I am simply trying to find a way to reset my openvpn after a dropped connection without a password... not trying to win any computing awards. If you know a better way please share it. thx – Time-Bandit Jan 04 '21 at 10:07
  • Irrespective of all that, you could see that those two have restart in different places. – muru Jan 04 '21 at 10:09
  • ok.. after googling for a while I found a similar command to restart apache2, hoped that I could convert it for openvpn.. didn't work... guess I need a BA in comp science before I post a simple question – Time-Bandit Jan 04 '21 at 10:12
  • I ran sudo -l there is no other command overruling the openvpn command – Time-Bandit Jan 04 '21 at 10:15

1 Answers1

1

In your sudoers file you have an incorrect entry, so it's never matched. It should be this (notice the position of the restart action compared to your original),

<myadminuser> ALL=NOPASSWD: /usr/bin/systemctl restart openvpn@myvpn.service,/etc/init.d/openvpn

Then in your alias you need to use sudo,

alias or="sudo systemctl restart openvpn@myvpn.service"

As a related thought, you may be able to avoid the need to do any of this by using the OpenVPN keep-alive option, which you add to your client configuration

keepalive 10 60

This tells the OpenVPN client to send a "hello" message every 10 seconds (it's not an ICMP ping despite the usual description of these values), and if no reply has been received within 60 seconds restart the connection. If necessary you could experiment with reducing this to, say, a 40 second timeout but I wouldn't go lower than that.

Chris Davies
  • 116,213
  • 16
  • 160
  • 287
  • Thanks for just answering the question, rather than questioning my basic intelligence. – Time-Bandit Jan 04 '21 at 10:59
  • You may also want to look at the keep-alive options, which will do this sort of thing for you automatically. I'll see if I can dig out a suitable set of options – Chris Davies Jan 04 '21 at 11:58
  • 1
    Thx for the tip... I actually have that in my config, but I guess my vpn service is crappy because ever so often, it just won't reconnect. So I'd rather restart openvpn, rather than reboot. thx again. – Time-Bandit Jan 04 '21 at 13:29