Ubuntu

client.ovpn file is not completely imported

Reported by Till Klampaeckel on 2010-07-16
296
This bug affects 62 people
Affects Status Importance Assigned to Milestone
NetworkManager-OpenVPN
New
Undecided
Unassigned
network-manager-openvpn (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: network-manager-openvpn-gnome

So a client of mine runs an OpenVPN setup. It exported a client.ovpn file but it fails to completely import this file using the network-manager (gnome) on Ubuntu 10.04.

When I import the file, it gives me the name ("client") and gateway ("vpn.example.org") on the initial screen. No other fields are populated even though the client.ovpn file also includes a user certificate, server certifikate and a private key.

When I go to advanced, some (most) of the settings obviously seem to import correct, others not at all. E.g. none of the TLS settings (key and key direction) are imported.

From what I understand I should be able to use this without any additional settings.

The following software is installed through aptitude:

 * openvpn (2.1.0)
 * openvpn-blacklist
 * network-manager-openvpn
 * network-manager-openvpn-gnome

Till Klampaeckel (till-php) wrote :

I wanted to share the configuration (dummy):

remote vpn.example.org
client
proto tcp
port 443
dev tun
ns-cert-type server
auth-user-pass
auth-retry interact
comp-lzo
verb 3

<ca>
-----BEGIN CERTIFICATE-----
FOO
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
FOO
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
FOO
-----END RSA PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
FOO
-----END OpenVPN Static key V1-----
</tls-auth>

So the quickfix here is that you can dissect the file and import it all once you figured out the corresponding dropdown/whatever in the network manager. So for example in the example above I needed to select "Passwords with certificates (TLS)" and enter another user/pass along with it, no password for the key and also the TLS key and direction in advanced.

One more note - the following settings seemed to get imported:
proto, port, comp-lzo, remote

The rest was ignored.

I hope this helps.

emilio (emiliomaggio) wrote :

I have the same problem in importing the ovpn file provided by my company system administrators

emilio (emiliomaggio) on 2010-09-03
Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
AlexConrad (aconrad-tlv) wrote :

Same problem for me under Ubuntu 10.04.

Running "sudo openvpn --config client.ovpn" works though.

Mitch Goldenberg (kgolden) wrote :

Same problem in Ubuntu 10.10.

Again, "sudo openvpn --config client.ovpn" works properly.

Till Klampaeckel (till-php) wrote :

Thanks for posting the workaround, it's definitively a small bug in network-manager-openvpn.

kapetr (kapetr) wrote :

I can confirm that in Ubuntu 10.10:

Specially: statements auth-user-pass and route are ignored.

So most config are not possible to import.
To set auth-user-pass manually in applet is trivial, but add e.g. 20 route statements via this interface is quite impossible.

See for example attached config for popular USA IP service with man routes.

BTW - in this example - OpenVPN do not addd route to host (--remote) via the old GW. I'm not sure, if it is not also a bug, but the config fails. It is necessary to add also this route statement:

route remote_host net_gateway

--kapetr

kapetr (kapetr) wrote :
Till Klampaeckel (till-php) wrote :

To add to this - the export feature is broken too.

I tried to rescue a couple profiles which I had done on another workstation for backup purposes, but it didn't work at all in 10.04.1.

lordbinky (lordbink) wrote :

I have the same issue in Ubuntu 11.04 where importing a .ovpn file isn't completely imported.

Justin (justin-wzy) wrote :

same issue in Oneiric

Stephan Fabel (sfabel) wrote :

This problem still exists in Precise.

Todd Howe (tehowe) wrote :

Can't hook up to my ISP's VPN. IT'S 2012

Todd Howe (tehowe) wrote :

Found a way to do this that works under GUI network-manager

http://howto.praqma.net/ubuntu/vpn/openvpn-access-server-client-on-ubuntu

lenzai (lenzai) wrote :

paqma.net website is down but the work around i still published at
http://askubuntu.com/questions/134918/setting-vpn-client

almost 2 years .... maybe we should write a bash to break down the ovpn into certificate files if this bug can't be fixed ?

exactt (giesbert) wrote :

2013... Ubuntu 12.10... still not working...

Claus Lensbøl (cmol) wrote :

Used the workaround from #14 and got it working, but without the fix I'm having the same issues.

kingtiger01 (mnovick1988) wrote :

Come on, were Weeks away from Raring(13.04) Quit Dropping the ball on things like this Ubuntu Team!

Parasit (parasit-go2) wrote :

2013... Ubuntu 13.04... still not working...
Eg. certs configuration are imported (#14 method) but still not connecting from GUI.

bagl0312 (bagl0312) wrote :

I confirm the same problem.
ovpn conf files produced by the openvpn/privatetunnel site:

https://www.privatetunnel.com/

are not imported correctly by the network-manager on ubuntu 13.04.
They instead work giving the command

openvpn --config xxx.ovpn

Carla Sella (carla-sella) wrote :

I am having the same problem importing a file for Watchguard on Saucy with all updates using network manager (today is July 20th 2013).
The "sudo openvpn --config client.ovpn" works properly.

Jakob (jmollerhoj) wrote :

same problem, ubuntu 13.10 here

bagl0312 (bagl0312) wrote :

Confirmed, same problem in 13.10
This bug is around since more than two years now :(

Bachi (m-bachmann) wrote :

Proud to be the first posting 2014. Wow. C'mon folks...

giox069 (giodev) wrote :

This is the more related upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=633337

Please add your comments there explaining all problems importing .ovpn files (certs not imported, invalid TLS selection and other badly imported parameters).
Maybe someone will notice it one day... :(

Monty Cantsin (open-pop-star) wrote :

same in Trusy Tahr 14.04

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.