How to Save VPN Username/Password for OpenVPN CLI

Prerequisites

• OpenVPN installed on your Linux system
• TorGuard VPN subscription with valid credentials
• OpenVPN configuration files (.ovpn or .conf)
• Basic command-line knowledge

Step 1: Create Credentials File

First, navigate to the directory containing your OpenVPN configuration files and create a new text file to store your credentials:

cd /path/to/your/openvpn/configs
nano pass.txt

Step 2: Add Your Credentials

In the text file, add your TorGuard username on the first line and password on the second line:

username
password

For example:

john.doe@torguard
MySecurePassword123!

Save the file and exit your text editor (Ctrl+X, then Y in nano).

Step 3: Secure File Permissions

Since this file contains sensitive information, it's crucial to set restrictive permissions:

# Make the file readable only by the owner
chmod 600 pass.txt

# Verify permissions
ls -la pass.txt

The output should show: -rw-------

Step 4: Update OpenVPN Configuration

Open your OpenVPN configuration file (.ovpn or .conf) in a text editor:

nano your-config-file.ovpn

Add the following line to reference your credentials file:

auth-user-pass pass.txt

Using Absolute Paths

If you run OpenVPN from different directories, use an absolute path:

auth-user-pass /home/username/openvpn/pass.txt

Example Configuration

Your configuration file should look similar to this:

client
dev tun
proto udp
remote ams.vpn.torguard.org 1912
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-auth ta.key 1
auth SHA256
cipher AES-256-GCM
remote-cert-tls server
auth-user-pass pass.txt  # Added line
verb 3

Step 5: Test Your Connection

Test your configuration to ensure automatic authentication works:

sudo openvpn --config your-config-file.ovpn

You should connect without being prompted for credentials.

Platform-Specific Instructions

Systemd Service (Modern Linux Distributions)

For systemd-based systems, you can create a service file:

# Create service file
sudo nano /etc/systemd/system/openvpn-torguard.service

Add the following content:

[Unit]
Description=TorGuard OpenVPN Connection
After=network.target

[Service]
Type=simple
ExecStart=/usr/sbin/openvpn --config /path/to/your-config.ovpn
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl enable openvpn-torguard
sudo systemctl start openvpn-torguard

Network Manager Integration

For desktop users, consider using Network Manager with OpenVPN plugin:

# Install Network Manager OpenVPN plugin
sudo apt install network-manager-openvpn-gnome  # Debian/Ubuntu
sudo dnf install NetworkManager-openvpn-gnome   # Fedora
sudo pacman -S networkmanager-openvpn           # Arch

Security Best Practices

1. Use Encrypted Storage

Store credentials on an encrypted partition or home directory:

# Check if home directory is encrypted
mount | grep ecryptfs

2. Alternative: Environment Variables

For better security, use environment variables:

# Set environment variables
export OPENVPN_USER="your-username"
export OPENVPN_PASS="your-password"

# Create a script that writes credentials
cat > /tmp/openvpn-auth << EOF
#!/bin/bash
echo "$OPENVPN_USER"
echo "$OPENVPN_PASS"
EOF
chmod +x /tmp/openvpn-auth

# Use in OpenVPN config
auth-user-pass /tmp/openvpn-auth

3. Keychain Integration

For desktop systems, integrate with the system keychain:

# Store credentials in keychain (GNOME)
secret-tool store --label="TorGuard VPN" service torguard username yourusername

# Retrieve in script
#!/bin/bash
echo "yourusername"
secret-tool lookup service torguard username yourusername

Troubleshooting Common Issues

Permission Denied Error

If OpenVPN can't read the credentials file:

• Check file permissions: ls -la pass.txt
• Ensure OpenVPN runs with sufficient privileges
• Use absolute paths in the configuration

Authentication Failed

If authentication fails despite correct credentials:

• Verify no extra spaces or characters in pass.txt
• Check line endings (use Unix format, not Windows)
• Ensure username includes @torguard if required
• Test credentials manually first

File Not Found

If OpenVPN reports the credentials file is missing:

• Use absolute path: /home/user/openvpn/pass.txt
• Check current working directory: pwd
• Verify file exists: test -f pass.txt && echo "exists"

Advanced Configuration

Multiple Profiles

For multiple VPN profiles, create separate credential files:

# Structure
/home/user/openvpn/
├── configs/
│   ├── usa-server.ovpn
│   ├── eu-server.ovpn
│   └── asia-server.ovpn
└── credentials/
    ├── usa-pass.txt
    ├── eu-pass.txt
    └── asia-pass.txt

Automated Switching Script

Create a script to switch between servers:

#!/bin/bash
# vpn-switch.sh

SERVER=$1
CONFIG_DIR="/home/user/openvpn/configs"
CRED_DIR="/home/user/openvpn/credentials"

if [ -z "$SERVER" ]; then
    echo "Usage: $0 [usa|eu|asia]"
    exit 1
fi

# Stop existing connection
sudo killall openvpn 2>/dev/null

# Start new connection
sudo openvpn --config "$CONFIG_DIR/$SERVER-server.ovpn" \
             --auth-user-pass "$CRED_DIR/$SERVER-pass.txt" \
             --daemon

Next Steps

Now that you have automatic authentication configured:

• Set up automatic VPN connection on boot
• Configure DNS leak protection
• Implement a kill switch for enhanced security
• Explore OpenVPN scripting options