Could not parse --management option

[larsen0815]

I am trying to get PLAP to work using OpenVPN 2.6.7 on Windows 10.

It is enabled in the GUI settings, the services are running, I have rebooted, the connection is in the config-auto directory and it is shown in the GUI under "Persistent Profiles". However, I don't see any PLAP on the login screen, and I get this error when trying to start it via the GUI:

Could not parse --management option in <C:\Program Files\OpenVPN\config-auto\\IPFire_prebootIPFire_preboot.ovpn>.
Attaching to auto-started connections require --management option in the config file.

btw: The correct file should be "...\config-auto\IPFire_preboot\IPFire_preboot.ovpn". Seems like some variable is misplaced.

Config file has been copied from the one that I use interactively to connect to the company. Renamed so it is not a duplicate and appended this:

management 127.0.0.1 1200 stdin
management-query-passwords
management-hold

Connecting via telnet is not possible (Connection refused).

[selvanair]

The file name error (missing ) in the message needs to be fixed but looks like its only a logging error. Your config edits look good, I'm not sure why the GUI cannot parse the line.

Independent of the GUI error, it seems the service is not starting this connection. Do you see anything in C:\Program Files\OpenVPN\config-auto\IPFire_preboot\IPFire_preboot.log. Also check taskmgr to see whether the service has started OpenVPN.exe for this ovpn.

[cron2]

stdin does not look right to me - if I recall correctly, this needs to be a real file, with a real password in, that both programs can read a shared password from.

[larsen0815]

There is no such file. Probably should be "C:\Program Files\OpenVPN\log\IPFire_preboot.log"

2023-11-20 18:39:20 WARNING: cannot stat file 'mycert.p12': Das System kann die angegebene Datei nicht finden.   (errno=2)
Options error: --pkcs12 fails with 'mycert.p12': No such file or directory (errno=2)

Seems to me like this could fail because I have the config file in a sub-dir of of "config-auto". The p12 file exists in the same directory as the config file.

Will test this tomorrow and report back.

stdin was mentioned in one of the docs. Doesn't matter if I include it or not (regarding this problem).

[selvanair]

stdin does not look right to me - if I recall correctly, this needs to be a real file, with a real password in, that both programs can read a shared password from.

Right, I overlooked that -- it would explain the parse error from the GUI as it tries to read the password from that file.

[selvanair]

Seems to me like this could fail because I have the config file in a sub-dir of of "config-auto". The p12 file exists in the same directory as the config file.

Sub-directories are okay as it will look in the same directory as the config file. Unless you have --cd option in the ovpn. But the management parse error from the GUI is very likely due to the use of "stdin" as @cron2 pointed out.

[larsen0815]

See https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/#management-interface-options

pw-file, if specified, is a password file where the password must be on first line. Instead of a filename it can use the keyword stdin which will prompt the user for a password to use when OpenVPN is starting.

[selvanair]

See https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/#management-interface-options

pw-file, if specified, is a password file where the password must be on first line. Instead of a filename it can use the keyword stdin which will prompt the user for a password to use when OpenVPN is starting.

True, but will only work if interactive session (started from command line). Not when started by "OpenVPNService" as there is no stdin to prompt the password from. Also see instructions for prestarted connections and PLAP: https://github.com/OpenVPN/openvpn-gui#persistent-or-pre-started-connections

[larsen0815]

Solved: Stupid Windows VirtualStore would automatically kick in.

Editing files in "C:\Program Files\OpenVPN\config-auto" with UltraEdit would not complain on saving, but Windows would automatically save the file in "C:\Users\me\AppData\Local\VirtualStore\Program Files\OpenVPN\config-auto"...
and of course, that's not the directory where OpenVPN would see the changes.

[larsen0815]

And yes, when editing the correct file, "stdin" doesn't work (as you expected). However, the correct config file would at that time be missing the port, iirc.

The error message should be improved to clarify what's wrong (e.g. "no port recognized", "stdin not supported when using PLAP", "management password file not found")

[cron2]

@selvanair shall we reopen this for improvement on the error messages? If even you didn't see the stdin thing here, we definitely need better reporting :-)

[larsen0815]

I could also create a new issue to keep things separated.
@selvanair Whatever you prefer.

[selvanair]

@selvanair shall we reopen this for improvement on the error messages? If even you didn't see the stdin thing here, we definitely need better reporting :-)

Yes!
Currently, all errors in parsing that management line is reported by a generic message. Its a pain adding internationalized error messaging in Windows (at least the way it is) and one tends to get lazy. Appending an additional line showing the "real error" could be easy though.