Ask Your Question

Fedora can't properly load a .ovpn file (openVPN configuration file)

asked 2014-10-30 09:13:49 -0500

Scootaloo gravatar image

When trying to use a .ovpn file in Fedora it doesn't load the certificates correctly. It opens the file, but all the certificate spaces are empty and I can't load anything into them. I can manually tear apart the file to create the individual cert files, but that is time consuming and only a cheap workaround. The same file works on my Android devices, so I know the .ovpn file is good. I've seen the same problem in Slackware so it isn't a Fedora-specific problem, but being that I use Fedora now I thought I should ask here. Anyone know what can be done to fix this?

I can't upload the file but I pasted the text of it here. The IP address and keys are heavily edited so you won't be able to actually use the file for anything, but it can still be loaded as an openvpn configuration if you want to see what it does. Just save the contents as filename.ovpn.

The .ovpn file is generated by the OpenVPN function on my home router.

edit retag flag offensive close merge delete


Have you tried making sure the .ovpn file is inside /etc/openvpn?

mh4openfield gravatar imagemh4openfield ( 2015-04-30 21:18:13 -0500 )edit

2 Answers

Sort by » oldest newest most voted

answered 2015-04-29 18:12:15 -0500

Steve HHH gravatar image

updated 2015-04-30 16:48:31 -0500

This is a known bug with NetworkManager, and it's been open since October 2010:

It does not seem likely that NetworkManager will be able to import .ovpn files any time soon. Given this, you have two alternatives:

  1. Use the following command instead: sudo openvpn --config client.ovpn. This works for me in Fedora 21.

  2. Break apart the .ovpn file and separate out the keys yourself, then put them in the right fields. I found instructions to do that at . This works under Fedora 21 as long as you first disable SELinux with the command sudo setenforce 1 or reset the SELinux permissions on the certificates as with mkdir ~/.cert ; mv *.crt ~/.cert ; restorecon -R -v ~/.cert (see this answer) .

  • Create a file called ca.crt – copy the text between <ca> and </ca> from client.ovpn into this file
  • Create a file called client.crt – copy the text between <cert> and </cert> from client.ovpn into this file
  • Create a file called client.key – copy the text between <key> and </key> from client.ovpn into this file
  • Create a file called ta.key – copy the text between <tls-auth> and </tls-auth> from client.ovpn into this file

In client.ovpn, on the line just before ## —–BEGIN RSA SIGNATURE—–, add the following lines:

ca ca.crt
cert client.crt
key client.key
tls-auth ta.key

After importing the .ovpn file, you'll need to add your username and password, and also need to click on Advanced and go to the TLS Authentication tab. Ensure that Key file is set to ta.key. Key Direction must be set based on the key direction in your client.ovpn file: open client.ovpn and search for key-direction and note the number after that (mine is 1).

edit flag offensive delete link more

answered 2014-11-02 09:12:24 -0500

till gravatar image

The best way to get this fixed is to open a bug report unless this issue is alread reported. A list of open issues can be found here:

edit flag offensive delete link more

Question Tools



Asked: 2014-10-30 09:13:49 -0500

Seen: 7,743 times

Last updated: Apr 30 '15