Ask Your Question
0

Fedora18 NetManager fails to correctly import openvpn config file

asked 2015-05-06 12:42:12 -0500

updated 2015-05-07 21:32:45 -0500

mether gravatar image

Hi, from my vpn provider I downloaded my account's .ovpn configuration file for openvpn.
It contains some (apparently network) parameters, a ‹ca> certificate, a ‹key> (private) key, a ‹cert> certificate and a ‹tls-auth> OpenVPN Static key V1.
When setting up the vpn in NetworkManager in my fedora18, there is an option of importing a saved VPN configuration, which I used. However, after importing the configuration file, the connection edit window of NetworkManager appears, asking for all the Authentication data, which it was supposed to have imported.
Installed are NetworkManager-0.9.8.2-1.fc18 and NetworkManager-openvpn-0.9.3.997-3.fc18.
Apparently it doesn't work as intended. Is there something I overlooked?

It would be ok with me if the importing facility doesn't work, but then my question would be:
Can I just cut the separate keys out of the .ovpn file and put them in their own files and point NetworkManager (file combo-boxes) at them?
And which one goes where? The names don't seem to match. Under 'Certificates (TLS)', NetworkManager asks for User Certificate, I guess here goes my ‹cert>, for a CA Certificate which most probably means the ‹ca>. Then for a Private Key, probably my ‹key>.
But then, where should the ‹tls-auth> go?

For reference I included the (anonymised) .ovpn file below. It would be great if somebody could answer this.

remote X.X.X.X 4672 udp
remote X.X.X.X 123 udp
remote X.X.X.X 53 udp
key-direction 1
cipher BF-CBC
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
;http-proxy-retry
;http-proxy X.X.X.X 80
verb 4
reneg-sec 86400
echo account ovpn22
tun-mtu 1500
route-method exe
route-delay 2
redirect-gateway def1
comp-lzo no
explicit-exit-notify 2
fragment 1390
mssfix 1390
hand-window 30
‹ca>
-----BEGIN CERTIFICATE-----
MII....g==
-----END CERTIFICATE-----
‹/ca>
‹key>
-----BEGIN PRIVATE KEY-----
MII...g==
-----END PRIVATE KEY-----
‹/key>
‹cert>
-----BEGIN CERTIFICATE-----
MII...lA==
-----END CERTIFICATE-----
‹/cert>
‹tls-auth>
-----BEGIN OpenVPN Static key V1-----
93...cbf
-----END OpenVPN Static key V1-----
‹/tls-auth>

edit retag flag offensive close merge delete

Comments

Check out this Q/A here

florian gravatar imageflorian ( 2015-05-06 21:47:24 -0500 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2015-05-06 20:03:52 -0500

florian gravatar image

updated 2015-05-06 20:06:21 -0500

Correct, you can cut the keys from the .ovpn file and paste them into separate files, and then reference them in your connection settings.

Cut the OpenVPN Static key V1 that is framed with tls-auth and /tls-auth to a new file with the ending .key into ~/.cert/ (i.e. my-ta-key.key).

~/.cert is a hidden directory in your home-dir where vpn keys and ca's are stored.

Do the same with the key that is framed with ca and /ca. Put it into a file my-ca.crt in ~/.cert/

Do the same with the private key (call it what-you-want.key). This is a static key instead of a human-readable password. You just select the right authentication method in your settings and reference the newly created file.

The remaining file (with out the keys) is your .ovpn config file.

May I ask you why you are on F18? That release is not supported anymore, and I recommend you to upgrade to something more recent. F21 for example.

Good luck.

edit flag offensive delete link more

Comments

Looks like you hit a Fedora bug: Please see this question and an interesting answer

florian gravatar imageflorian ( 2015-05-06 21:45:54 -0500 )edit

Question Tools

2 followers

Stats

Asked: 2015-05-06 12:42:12 -0500

Seen: 534 times

Last updated: May 06 '15