Skip to main content

[How-To] Reset Default OpenVPN User Password via CLI

Purpose

The purpose of this is to reset the default OpenVPN user password via the CLI when locked out and don't have other admin accounts to get in with.

Prerequisites

List of prerequisites:

  • Root user or sudo user
  • OpenVPN AS

CLI Commands to Reset Password

Step 1

Run these commands to reset the password for OpenVPN user:

sudo su -l
cd /usr/local/openvpn_as/scripts
./sacli --user "openvpn" --key "prop_superuser" --value "true" UserPropPut
./sacli --user "openvpn" --key "user_auth_type" --value "local" UserPropPut
./sacli --user "openvpn" --new_pass=<PASSWORD> SetLocalPassword
./sacli start

With these commands, and changing out <PASSWORD> for your desired password, you should be able to get back in.

Step 2: Reset/Remove 2FA From Account

Run these commands to remove 2FA from the default OpenVPN account.

sudo su -l
cd /usr/local/openvpn_as/scripts
./sacli --user "openvpn" --key "prop_deny" --value "false" UserPropPut
./sacli --user "openvpn" --key "prop_google_auth" UserPropDel
./sacli --user "openvpn" --lock 0 GoogleAuthRegen
./sacli start

Step 3: Reset the Password Lockout Policy

Run these commands to reset the password policy for the default OpenVPN account.

./sacli --key "vpn.server.lockout_policy.reset_time" --value "1" ConfigPut
./sacli start
sleep 2
./sacli --key "vpn.server.lockout_policy.reset_time" ConfigDel
./sacli start

https://openvpn.net/as-docs/reset-admin-access.html#notes-on-older-access-server-versions

No Comments
Back to top