FS#69216 - [openvpn] Running openvpn as non-root user breaks password authentication

Attached to Project: Arch Linux
Opened by carbolymer (carbolymer) - Tuesday, 05 January 2021, 10:31 GMT
Last edited by Toolybird (Toolybird) - Wednesday, 27 September 2023, 07:44 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Christian Hesse (eworm)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 5
Private No


openvpn-2.5.0-3-x86_64 introduces change, which starts process with unprivileged user `openvpn`. When openvpn service is being run as openvpn:network, PAM authentication via openvpn-plugin-auth-pam.so doesn't work. Any authentication request is rejected with error: "Auth Username/Password verification failed for peer"

Affected version:
* openvpn-2.5.0-3-x86_64

Steps to reproduce:
Config files and logs are available here: https://bbs.archlinux.org/viewtopic.php?pid=1947767#p1947767
This task depends upon

Closed by  Toolybird (Toolybird)
Wednesday, 27 September 2023, 07:44 GMT
Reason for closing:  Fixed
Additional comments about closing:  This looks old and stale. We're now on 2.6.x so and the issue is no longer apparent.
Comment by Pippin (Pippin1st) - Thursday, 21 January 2021, 17:14 GMT
I can confirm that there are permission problems as I have with the --up, --down or any script...

2021-01-21 18:10:07 us=915954 /etc/openvpn/up.sh tun0 1500 1585 init
+ run /etc/openvpn/update-resolv-conf
+ /etc/openvpn/update-resolv-conf
dhcp-option DNS
Cannot write to /run/resolvconf/lock
+ '[' 1 -ne 0 ']'
+ echo '/etc/openvpn/update-resolv-conf Failed with exit code 0'
/etc/openvpn/update-resolv-conf Failed with exit code 0
+ return 1
2021-01-21 18:10:07 us=927368 WARNING: Failed running command (--up/--down): external program exited with error status: 1
2021-01-21 18:10:07 us=927413 Exiting due to fatal error
Comment by Buggy McBugFace (bugbot) - Tuesday, 08 August 2023, 19:11 GMT
This is an automated comment as this bug is open for more then 2 years. Please reply if you still experience this bug otherwise this issue will be closed after 1 month.