neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can’t ask for ‘Enter Auth Username:’. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
From the log, the config needs a private key passphrase.
So in the ovpn there should be --askpass as one line. If there is no such line, you should add this before upload to the router so that the router will ask for this info.
But I do have one question, why only some server ask this for Expressvpn?
Hello, I have the same --askpass error on my AX3000 but as soon as I add askpass to the OpenVPN config file I’m no longer able to upload it. Getting this in the GUI:
I’m using ProtonVPN.
Here’s my example config, same error happens on every config file location:
# ==============================================================================
# Copyright (c) 2016-2020 Proton Technologies AG (Switzerland)
# Email: contact@protonvpn.com
#
# The MIT License (MIT)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR # OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# ==============================================================================
# The server you are connecting to is using a circuit in order to separate entry IP from exit IP
# The same entry IP allows to connect to multiple exit IPs in the same data center.
# If you want to explicitly select the exit IP corresponding to server SK#6 you need to
# append a special suffix to your OpenVPN username.
# Please use "X0W7KI6VPg3gnSbE+b:2" in order to enforce exiting through SK#6.
# If you are a paying user you can also enable the ProtonVPN ad blocker (NetShield) or Moderate NAT:
# Use: "X0W7KI6VPg3gnSbE+b:2+f1" to enable anti-malware filtering
# Use: "X0W7KI6VPg3gnSbE+b:2+f2" to additionally enable ad-blocking filtering
# Use: "X0W7KI6VPg3gnSbE+b:2+nr" to enable Moderate NAT
# Note that you can combine the "+nr" suffix with other suffixes.
client
dev tun
proto udp
remote 196.245.151.210 51820
remote 196.245.151.210 1194
remote 196.245.151.210 4569
remote 196.245.151.210 5060
remote 196.245.151.210 80
remote-random
resolv-retry infinite
nobind
# The following setting is only needed for old OpenVPN clients compatibility. New clients
# automatically negotiate the optimal cipher.
cipher AES-256-CBC
auth SHA512
verb 3
setenv CLIENT_CERT 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
reneg-sec 0
remote-cert-tls server
auth-user-pass
pull
fast-io
<ca>
-----BEGIN CERTIFICATE-----
---some key---
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
# 2048 bit OpenVPN static key
---some key---
</tls-auth>
On perhaps the 30th attempt, the opnv file now appears to have been imported correctly. Previously I had deleted the group and created a new one. The openvpn connection now works with this configuration.
However, if I create another group with the exact same opnv file, I get again the same error messages as described by the users above, when I start the Openvpn connection.
Somehow the router does not seem to import the opvn file and/or username/password correctly. In any case, it can not be due to the config.
The opnv file contains the following:
dev tun
tls-client
remote XXX 1194
pull
script-security 2
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
I found out the following by checking the Openvpn config files on the router via WinSCP:
In the working Openvpn config, the router stored the username and password in a text file and added the path to the file in the ovpn file after auth-user-pass: