Ubuntu
openvpn package

OpenVPN interactively asks for a password in an init script

Bug #1374782 reported by Franz on 2014-09-27

30

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	openvpn (Ubuntu)	Fix Released	High	Unassigned

Bug Description

Hi All,

today I have upgraded my Kubuntu client to Utopic,
and now OpenVPN doesen't ask me for my "pkcs12" password

I start it via init.d script as root

  root@client:~# /etc/init.d/openvpn start CLIENT1
  * Starting virtual private network daemon(s)...
  * Starting VPN 'CLIENT1'
  Timed out

and in the processlist I found, the "systemd-ask-password" ask for fhe password
but there is no popup or other password ask dialog

  8523 ? Sl 0:17 \_ /usr/bin/konsole
  8526 pts/0 Ss 0:00 | \_ /bin/bash
  9142 pts/0 S 0:00 | | \_ sudo -i
  9143 pts/0 S 0:00 | | \_ -bash
  18807 pts/0 S+ 0:00 | | \_ /bin/sh -e /etc/init.d/openvpn start CLIENT1
  18830 pts/0 S+ 0:00 | | \_ /usr/sbin/openvpn --writepid /run/openvpn/CLIENT1.pid --daemon ovpn-CLIENT1 --status /run/openvpn/CLIENT1.statu
  18831 pts/0 S+ 0:00 | | \_ /bin/systemd-ask-password Enter Private Key Password:

It worked unter Ubuntu Trusty and bevor!

What is wrong?

OS Infos:
  Distributor ID: Ubuntu
  Description: Ubuntu Utopic Unicorn (development branch)
  Release: 14.10
  Codename: utopic

ii openvpn 2.3.2-9ubuntu1 amd64 virtual private network daemon
ii systemd 208-8ubuntu4 amd64 system and service manager

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: systemd 208-8ubuntu4
ProcVersionSignature: Ubuntu 3.16.0-18.25-generic 3.16.3
Uname: Linux 3.16.0-18-generic x86_64
ApportVersion: 2.14.7-0ubuntu2
Architecture: amd64
Date: Sat Sep 27 17:12:04 2014
ExecutablePath: /bin/systemd-ask-password
ProcEnviron:

SourcePackage: systemd
UpgradeStatus: Upgraded to utopic on 2014-09-27 (0 days ago)

Tags:

Revision history for this message

Franz (franz.pammer) wrote on 2014-09-27:

#1

Dependencies.txt Edit (4.0 KiB, text/plain; charset="utf-8")
ProcMaps.txt Edit (3.5 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (787 bytes, text/plain; charset="utf-8")

Revision history for this message

Martin Pitt (pitti) wrote on 2014-09-29:

#2

Ubuntu does not yet install a systemd-ask-password agent. It seems openvpn went too much ahead and is relying on this without checking whether a password agent is running.

affects:	systemd (Ubuntu) → openvpn (Ubuntu)
summary:	- OpenVPN doesnt ask for pkcs12 password + OpenVPN interactively asks for a password in an init script

Revision history for this message

Martin Pitt (pitti) wrote on 2014-09-29:

#3

Aside from that, it is utterly wrong to interactively ask for stuff in an init script. That totally does not work on a server and is very inconvenient on a desktop too.

Robie Basak (racb) on 2014-09-29

Changed in openvpn (Ubuntu):
importance:	Undecided → High

Revision history for this message

Simon Déziel (sdeziel) wrote on 2014-09-29: Re: [Bug 1374782] Re: OpenVPN interactively asks for a password in an init script

#4

On 09/29/2014 02:18 AM, Martin Pitt wrote:
> Aside from that, it is utterly wrong to interactively ask for stuff in
> an init script. That totally does not work on a server and is very
> inconvenient on a desktop too.

I believe that most people wanting to enter a password when starting a
VPN do not have this VPN included in the $AUTOSTART list from
/etc/default/openvpn.

Regards,
Simon

Revision history for this message

Franz (franz.pammer) wrote on 2014-09-30:

#5

I use it as Client and have deactivated autostart
AUTOSTART="none"

I start it manually, when i need the VPN.
In prevuse version, the startscript asked for the password.

Regards
Franz

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-10-31:

#6

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openvpn (Ubuntu):
status:	New → Confirmed

Revision history for this message

Dan Mick (dmick-m) wrote on 2015-03-07:

#7

This also affects me, and I don't see any easy workaround. Trusty used upstream 2.3.2, but turned off "enable-systemd"; Utopic turns it on, and that makes openvpn execute systemd-ask-password, but with stdin set to /dev/null, whcih makes it pretty hard to interact with.

It seems to me that openvpn auth-user-pass mode is broken on Utopic with no easy workaround.

Revision history for this message

Dan Mick (dmick-m) wrote on 2015-03-07:

#8

I ended up rebuilding from source with --enable-systemd=no; that made it work again.

Revision history for this message

Ted (ted276) wrote on 2015-04-27:

#9

This was fixed in Debian quite a while ago (Jun 26 2014, openvpn 2.3.3-1):

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747265

* Apply patch from upstream's BTS to improve systemd detection.
(Closes: #747265)

umounting /sys/fs/cgroup/systemd is a workaround.

Revision history for this message

Daniel Hahler (blueyed) wrote on 2015-07-19:

#10

Should be fixed in wily then, which has 2.3.7-1ubuntu1.

Revision history for this message

Robie Basak (racb) wrote on 2015-07-20:

#11

Thanks Daniel, closing.

Changed in openvpn (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

debbugs #747265
[done important] Edit

Bug watches keep track of this bug in other bug trackers.