[GL-MT3000] Is it possible to support openvpn configuration with private key passphase and username password?

I could only preset “username” and “password” but not “Private key passphrase” (See picture below)

No surprise the connection failed due to missing “private key password”

Tue Jul 11 20:17:31 2023 daemon.err ovpnclient[21098]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.

I tried to add “askpass” to the .ovpn config file but the config loader doesn’t seem to accept it.

Is it a bug ? Or actually it’s a feature request?

This is the error after adding “askpass” to the .ovpn file.

.ovpn config file (partial)
dev tun
proto tcp-client
remote xxxx.yyy.com
port 9000
resolv-retry infinite
remote-cert-tls server
cipher AES-256-CBC
verb 3
mute 10
auth SHA1
redirect-gateway def1

This isn’t an answer but I’m compelled to ask: are you forced to use a OpenVPN tunnel as your only VPN option?

Your Beryl AX is twice as fast using WireGuard instead of OpenVPN (300 vs 150 Mbps).

Most VPN providers offer both nowadays.

The vpn is provided by a 3rd party so we have no say how to configure it. 150Mbps is good enough for the designated purpose anyway.

Yes, there was a bug in the current version that made it impossible to use username-password with askpass.
We have fixed it, and version 4.5 of MT3000 (4.3 and 4.4 mainly update the cellular part, MT3000 will be upgraded to 4.5 directly) will work fine with it.


Where can I download the beta firmware and try it out?


(Its link is towards the bottom of the product page → Specification → Tools & Downloadables)

The latest beta firmware for this router is 4.2.3 build5. Is it the 4.5 firmware you are referring to?

I don’t think they’ve pushed it to public for downloads quite as of yet. There’s a v. 4.3.2 as a snapshot but I’d expect that to be even less stable than a beta.

Yes, but it hasn’t been published yet. Please wait.

1 Like

I discovered the 4.5 snapshot in the firmware download session. Would that firmware address this issue?

It has fixed the issue, but the snapshot version has not been tested in any way, so please use it with caution.
The version for public testing is expected to be released at the end of August.

I have tested v4.5 snapshot firmware on my MT-3000 for almost 2 days, so far so good and it’s stable enough for me. Anyone who want to try out can just upgrade it.

1 Like

Looks like the v4.5 firmware has been pulled out and turned into 4.4.5. Should I try this firmware instead or wait for 4.5?

Yes, I found out that v.4.5 firmware was removed yesterday and appears the new 4.4.5 one. I think you can still give it a try. I should try it out later.

No, they are two different ones.
4.4.5 is fixing some bugs, it doesn’t have many new features. most of the new features in 4.3 and 4.4 apply to the built-in Cellular modem, not many are useful on the MT3000.

Actually, I found a way to workaround it by decrypting the “Encrypted private key” and putting it back into the .ovpn file. Therefore, I can just ignore the “passphrase” and use “username + password” to proceed with the connection.

Ref: rsa - How to decrypt an OpenVPN EasyRSA Encrypted Private Key? - Information Security Stack Exchange

1 Like

The 4.5.0 firmware is shown up on the snapshot area again.

The WG client does not work on firmware 4.5