I'm running a headless Ubuntu 14.04.1 server. I'd like to use a commercial VPN service to secure the server's internet connection, and my VPN provider uses passphrases for authentication. I've installed openvpn on the server, and it has the necessary .ca, .conf files to initiate a connection to my VPN.

However, to initiate said connection, I need to ssh in and issue the commands (sudo openvpn --config <conf-file> followed by my VPN credentials), then keep my terminal open for as long as I want the server to remain connected to the VPN.

This is impractical on a headless setting. I've been trying to issue the command remotely in such a way that it can run in the background while I disconnect from the server, but I'm facing the following issues:

• I could set the server to connect automatically on startup, but that would require storing my VPN credentials in plain-text, which I'm averse to.


• I can't run a single ssh command as root (without connecting to the server as root, but then I'm not sure setting a password for root is a good idea. Opinions?). That is, if I send ssh <user>@<server> "sudo <command>" I get
  
  
  

  
  

  sudo: no tty present and no askpass program specified



• Any combination of the fN flags I try to pass to ssh results in the command going to the background before I'm asked for my VPN credentials.

Please don't hesitate to offer a different avenue of initiating the connection even if you think these ideas are unfeasible. However, please note that the server doesn't have a GUI installed, so any idea relying on that is unsuitable (for example, I'd love to use nmcli to initiate my VPN, but I can't create a network-manager connection without GUI, or at least I don't know how to).

(PS I tried finding a solution online, but there are too many results dealing with setting an OpenVPN connection to one's server, and if anything relevant is hiding among them I wasn't able to find it.)