[How-To] Reset Default OpenVPN User Password via CLI
Purpose
The purpose of this is to reset the default OpenVPN user password via the CLI when locked out and don't have other admin accounts to get in with.
Prerequisites
List of prerequisites:
- Root user or sudo user
- OpenVPN AS
CLI Commands to Reset Password
Step 1
Run these commands to reset the password for OpenVPN user:
sudo su -l
cd /usr/local/openvpn_as/scripts
./sacli --user "openvpn" --key "prop_superuser" --value "true" UserPropPut
./sacli --user "openvpn" --key "user_auth_type" --value "local" UserPropPut
./sacli --user "openvpn" --new_pass=<PASSWORD> SetLocalPassword
./sacli start
With these commands, and changing out <PASSWORD> for your desired password, you should be able to get back in.
Step 2: Reset/Remove 2FA From Account
Run these commands to remove 2FA from the default OpenVPN account.
sudo su -l
cd /usr/local/openvpn_as/scripts
./sacli --user "openvpn" --key "prop_deny" --value "false" UserPropPut
./sacli --user "openvpn" --key "prop_google_auth" UserPropDel
./sacli --user "openvpn" --lock 0 GoogleAuthRegen
./sacli start
Step 3: Reset the Password Lockout Policy
Run these commands to reset the password policy for the default OpenVPN account.
./sacli --key "vpn.server.lockout_policy.reset_time" --value "1" ConfigPut
./sacli start
sleep 2
./sacli --key "vpn.server.lockout_policy.reset_time" ConfigDel
./sacli start
https://openvpn.net/as-docs/reset-admin-access.html#notes-on-older-access-server-versions