id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,port 51528,openvpn2: passwordsave variant,ewen-naos-nz,macports-tickets@…,"Some OpenVPN servers (particular Sophos UTM and Mikrotik) are configured to authenticate with a user/password combination either in addition to or instead of the TLS certificate. By default openvpn2 requires the user to enter this username/password on the console ''every time the VPN starts''. For [https://openvpn.net/archive/openvpn-users/2004-10/msg00418.html about 10 years] openvpn2 has had an option to load these details from a file instead of entering them on the console on each run (""auth-user-pass FILENAME""). However [https://openvpn.net/index.php/open-source/documentation/install.html?start=1 to use this feature openvpn2 must be built with ""--enable-password-save""]. Without that configure time option (eg, default MacPorts), trying to use this feature results in: {{{ Tue May 31 15:41:05 2016 Sorry, 'Auth' password cannot be read from a file }}} The attached trivial patch adds a variant ""+passwordsave"" which enables compiling with ""--enable-password-save"": {{{ ewen@ashram:/usr/local/ports$ port variants openvpn2 openvpn2 has the variants: passwordsave: Build with --enable-password-save universal: Build for multiple architectures ewen@ashram:/usr/local/ports$ }}} After [https://guide.macports.org/chunked/development.local-repositories.html configuring for local ports], the patched version of the Portfile was tested with: {{{ portindex -f sudo port install -k openvpn2 +passwordsave }}} and then ""auth-user-pass FILENAME"" works. (To reduce the security risk the referenced file with the username/password should be ""chmod +400"" or similar, and ideally the password should ''only'' be used for the VPN credentials (as it is stored in plain text); I'm not sure how strictly OpenVPN checks the file permissions.) Obviously this is not ideal for a shared system, and so it should not be the default. But on a single-user workstation, interacting frequently with VPN servers that rely on the client storing the VPN credentials, it might be an acceptable tradeoff. Please consider merging this patch to add the optional variant, so MacPort users have the option of enabling this feature if it is appropriate for their environment. Ewen ",enhancement,closed,Normal,,ports,,fixed,,,openvpn2