I want to run openvpn every time I log on, but currently I run
sudo openvpn --config <myconfig> --auth-user-pass <user/pass>
every time. Is there a way to make it run that automatically and not need my password?
I could make it launch a terminal and run a script but is there a way that would not require me to type my password every time? Can I maybe give myself permissions to whatever openvpn needs so it doesn’t need sudo? How do I find out what those permissions are? Is this the right place to ask?
I’m running KDE/Plasma 6 on Manjaro should that matter
edit: Thanks all! I’m going to try the systemd option, if I can’t get that working I’ll fall back to the cronjob option, and failing that changing openvpn to not need a password for sudo and launching a script at kde statup.
Definitely the correct way to do this. And openvpn even ships some tools to make it simple to do.
I already linked to them in my other comment.
That looks pretty straightforward. I’ll look into doing that. And if I can;t make it work I’ll go with the cron job option suggested by @Andromeda above
Actually OP, for the easiest, safest option to your system I would say @Supermariofan67 hit the nail on the head. Use your network manager settings: https://forum.manjaro.org/t/automatically-connect-to-vpn-on-startup/46298
If it’s not already installed there’s an openvpn plugin: https://software.manjaro.org/package/networkmanager-openvpn
This is the way I would handle this.
Yeah OP, look into this. It’s easy once you get the hang of it, and you don’t have to make your system vulnerable by making sudo password less.
You can make sudo password-less for a single command (including using specific arguments) though, so even if using sudo were the only solution, it wouldn’t be that bad. For example, I have a sudoers entry that allows my user to decrypt my ZFS pool by executing a root-owned script (with permissions 700), but everything else requires a password.
For this in particular, look into setting up NetworkManager to do the openvpn configuration, it has that functionality built in. Otherwise, systemd unit file
I don’t use open VPN so I don’t know for sure, but I think you’re right as the best way to go. Pretty sure I recall Network Manager having an option to set a vpn to be always on when a network connection is made and an option to save credentials.
AFAIK you can allow it in the sudoers file to not need a password, if you keep the sudo.
idk how KDE autostarts, tho.
Look into editing the sudoers file. Add a line that allows you to run openvpn with the NOPASSWD option.
I strongly recommend not using that for everything, just the specific commands you need to run non-interactively.
I didn’t know that was an option! Sounds generally insecure but if the other options here don’t work out this should solve it. Thanks!
It’s only as insecure as you make it. It’s an option, it needs to be used responsibly.
@ReCursing you can set your user to be able to run openvpn as root (sudo) without password
https://www.youtube.com/watch?v=rNxitwVtRvoRead the documentation on the sudoers file. You can specify particular commands to not require a password.
This is what systemd is for.
If you’re using NetworkManager, I’d recommend you to use it to create a VPN profile instead and connect to that on startup through the unprivileged
nmcli
.