Bug 1266779 - Can't start openvpn - neither stdin nor stderr are a tty device, can't ask for Private Key password
Can't start openvpn - neither stdin nor stderr are a tty device, can't ask fo...
Product: Fedora EPEL
Classification: Fedora
Component: openvpn (Show other bugs)
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: David Sommerseth
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-09-27 15:04 EDT by Gabriel Machado
Modified: 2017-04-24 13:36 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-04-24 13:36:24 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Gabriel Machado 2015-09-27 15:04:01 EDT
Description of problem:
I try to launch a vpn connection to privateinternetaccess.
openvpn fails to start with the following message :
neither stdin nor stderr are a tty device, can't ask for Private Key password. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.

Openvpn version : 2.3.8 x86_64

How reproducible:

Steps to Reproduce:
yum install openvpn openssh-askpass
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip [^]
mv openvpn.zip /etc/openvpn/
cd /etc/openvpn/
mv Japan.ovpn Japan.conf
systemctl start openvpn@Japan.service

tail /var/log/messages

Actual results:
openvpn doesn't ask login/password and fails to start

Expected results:
openvpn should ask login/password and then start

Additional info:
OS : CentOs 7.1-1503 x86_64 (fully up to date)
OpenSSH 6.6.1p1
openssh-askpass 6.6.1p1
kernel 3.10.0-229.14.1.el7.x86_64
Comment 1 Karol Babioch 2015-10-01 05:50:26 EDT
This seems to be an upstream issue as it has also been reported by other people [1]. Apparently OpenVPN changed the way it forks [2]. This was also documented by the upstream project [3], so I'm not sure what the correct solution is.

Obviously it badly breaks OpenVPN setups, since I'm no longer able to provide the passphrase for my encrypted keys in a convenient manner. Personally I would consider this a regression, maybe someone in the appropriate position can evaluate this for himself.

[1]: https://bbs.archlinux.org/viewtopic.php?id=202793
[2]: https://github.com/OpenVPN/openvpn/commit/b131c7b974d9d4d3f0a6ab3a81719af6f7ab2ad6
[3]: https://github.com/OpenVPN/openvpn/commit/b6ec7fbe96f4e200b8962ef6bb572bbb2228133e
Comment 2 Tomas Hoger 2015-11-13 10:09:49 EST
There is now a Fedora bug 1279210 for the same issue, which refers to upstream ticket, which has a patch that fixes username/password authentication.
Comment 3 David Sommerseth 2017-04-24 13:36:24 EDT
Closing this, as I believe this is be resolved in OpenVPN v2.4.x

Note You need to log in before you can comment on or make changes to this bug.