trouble using auth.conf

[nickabbey]

I seem to be having trouble using the auth.conf file.

root@hub:~# docker run --cap-add=NET_ADMIN --device=/dev/net/tun --name=pia -d --dns 209.222.18.222 --dns 209.222.18.218 -e 'REGION=US East' -v 'auth.conf:/root/auth.conf' colinhebert/pia-openvpn --auth-user-pass auth.conf
bb7ba25b3041ba5b19ebbe675313254192f671a1411e11231bbeb899e8064f38
root@hub:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@hub:~# docker logs pia
/usr/local/bin/openvpn.sh: line 13: USERNAME: parameter not set
root@hub:~#
It seems to be due to the way openvpn.sh script is checking if the USERNAME env var is set.
I'm new to docker so I'm not sure how to edit that script for testing, or I'd submit a PR.

Seems like perhaps testing for --auth-user-pass in $@ and making the existing [ if -n $USERSNAME...] the else clause for that test might do it. I can mess with the scripts independent of docker to test it out, but like I said, not sure how to do it inside the docker image itself

[nickabbey]

I did end up rewriting the script. It turned out to be a decent exercise in learning BusyBox shell scripting.

There are two issues.

1. the way the script tests for the USERNAME env variable causes the script to exit.
2. the way the single file volume is declared in the Readme is wrong
   -v 'auth.conf:auth.conf'

For issue 1:
docker logs pia
shows
/usr/local/bin/openvpn.sh: line 13: USERNAME: parameter not set
I completely rewrote opnvpn.sh to handle launching the container without USERNAME or PASSWORD to be set via the -e option. If they are not set on the command line when creating the image, then the script assumes that you mounted an auth.conf file at /pia/auth.conf. If they are not set on the command line and you did not mount and auth.conf file, "NOT PROVIDED" will be echoed to /pia/auth.conf. In this case. Auth will fail and the container will stop immediately after it is started. docker logs pia will show an auth failure from openvpn. I don't remember if it shows the username or not, I think it just says something along the lines of 'auth failure'
I didn't test the case where you give it both the -e options at the command line and a config file volume. Expected behavior in that case is for the env to be set but ignored; the mounted auth.conf will be what is used to make the connection.

For issue 2:
First, the quotes are not required.
Second, the command as written in the readme will return an error. Docker won't do relative paths for the mount point inside the container. Additionally, if you don't provide a full path for the source, docker will always mount the volume as a directory inside the container. So, to get a singe file mounted as a volume, you need both sides of the : to be a full path.
something like
-v $(pwd)/auth.conf:/root/auth.conf
or
-v /root/auth.conf:/pia/auth.conf
does work and gives us what we want.

Since the openvpn.sh script is executed from the /pia directory, I rewrote the script to expect the auth.conf file to be in the same place. Therefore, when mounting your credential file, the mount point should be /pia/auth.conf. The source can be whatever you want. I leave it in /root/pia.creds with a 600 umask and my -v line looks like -v /root/pia.creds:/pia/auth.conf

Lastly, I've updated the readme.md to reflect my changes

I've never tried to push a PR to a public repo before, but I worked in a branch, merged to master and tried to push. that failed. so I forked and updated. I'll try to send a PR to merge my fork. Otherwise, if anyone else is having issues trying to use this without setting the env vars, see my fork:
https://github.com/nickabbey/pia-openvpn

[monisriz]

can we add Region to the auth.conf as well instead of specifying it at the time of container creation?