unable to import config with inlined ca, cert, key or tls-auth

Bug #606365 reported by Till Klampaeckel on 2010-07-16
This bug affects 95 people
Affects Status Importance Assigned to Milestone
network-manager-openvpn (Ubuntu)

Bug Description

Binary package hint: network-manager-openvpn-gnome

So a client of mine runs an OpenVPN setup. It exported a client.ovpn file but it fails to completely import this file using the network-manager (gnome) on Ubuntu 10.04.

When I import the file, it gives me the name ("client") and gateway ("vpn.example.org") on the initial screen. No other fields are populated even though the client.ovpn file also includes a user certificate, server certifikate and a private key.

When I go to advanced, some (most) of the settings obviously seem to import correct, others not at all. E.g. none of the TLS settings (key and key direction) are imported.

From what I understand I should be able to use this without any additional settings.

The following software is installed through aptitude:

 * openvpn (2.1.0)
 * openvpn-blacklist
 * network-manager-openvpn
 * network-manager-openvpn-gnome

Till Klampaeckel (till-php) wrote :

I wanted to share the configuration (dummy):

remote vpn.example.org
proto tcp
port 443
dev tun
ns-cert-type server
auth-retry interact
verb 3




key-direction 1
# 2048 bit OpenVPN static key (Server Agent)
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----

So the quickfix here is that you can dissect the file and import it all once you figured out the corresponding dropdown/whatever in the network manager. So for example in the example above I needed to select "Passwords with certificates (TLS)" and enter another user/pass along with it, no password for the key and also the TLS key and direction in advanced.

One more note - the following settings seemed to get imported:
proto, port, comp-lzo, remote

The rest was ignored.

I hope this helps.

emilio (emiliomaggio) wrote :

I have the same problem in importing the ovpn file provided by my company system administrators

emilio (emiliomaggio) on 2010-09-03
Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
AlexConrad (aconrad-tlv) wrote :

Same problem for me under Ubuntu 10.04.

Running "sudo openvpn --config client.ovpn" works though.

Mitch Goldenberg (kgolden) wrote :

Same problem in Ubuntu 10.10.

Again, "sudo openvpn --config client.ovpn" works properly.

Till Klampaeckel (till-php) wrote :

Thanks for posting the workaround, it's definitively a small bug in network-manager-openvpn.

kapetr (kapetr) wrote :

I can confirm that in Ubuntu 10.10:

Specially: statements auth-user-pass and route are ignored.

So most config are not possible to import.
To set auth-user-pass manually in applet is trivial, but add e.g. 20 route statements via this interface is quite impossible.

See for example attached config for popular USA IP service with man routes.

BTW - in this example - OpenVPN do not addd route to host (--remote) via the old GW. I'm not sure, if it is not also a bug, but the config fails. It is necessary to add also this route statement:

route remote_host net_gateway


kapetr (kapetr) wrote :
Till Klampaeckel (till-php) wrote :

To add to this - the export feature is broken too.

I tried to rescue a couple profiles which I had done on another workstation for backup purposes, but it didn't work at all in 10.04.1.

lordbinky (lordbink) wrote :

I have the same issue in Ubuntu 11.04 where importing a .ovpn file isn't completely imported.

Justin (justin-wzy) wrote :

same issue in Oneiric

Stephan Fabel (sfabel) wrote :

This problem still exists in Precise.

Todd Howe (tehowe) wrote :

Can't hook up to my ISP's VPN. IT'S 2012

Todd Howe (tehowe) wrote :

Found a way to do this that works under GUI network-manager


lenzai (lenzai) wrote :

paqma.net website is down but the work around i still published at

almost 2 years .... maybe we should write a bash to break down the ovpn into certificate files if this bug can't be fixed ?

exactt (giesbert) wrote :

2013... Ubuntu 12.10... still not working...

Claus Lensbøl (cmol) wrote :

Used the workaround from #14 and got it working, but without the fix I'm having the same issues.

kingtiger01 (mnovick1988) wrote :

Come on, were Weeks away from Raring(13.04) Quit Dropping the ball on things like this Ubuntu Team!

Parasit (parasit-go2) wrote :

2013... Ubuntu 13.04... still not working...
Eg. certs configuration are imported (#14 method) but still not connecting from GUI.

bagl0312 (bagl0312) wrote :

I confirm the same problem.
ovpn conf files produced by the openvpn/privatetunnel site:


are not imported correctly by the network-manager on ubuntu 13.04.
They instead work giving the command

openvpn --config xxx.ovpn

Carla Sella (carla-sella) wrote :

I am having the same problem importing a file for Watchguard on Saucy with all updates using network manager (today is July 20th 2013).
The "sudo openvpn --config client.ovpn" works properly.

Jakob (jmollerhoj) wrote :

same problem, ubuntu 13.10 here

bagl0312 (bagl0312) wrote :

Confirmed, same problem in 13.10
This bug is around since more than two years now :(

Bachi (m-bachmann) wrote :

Proud to be the first posting 2014. Wow. C'mon folks...

Giovanni Panozzo (giox069) wrote :

This is the more related upstream bug:


Please add your comments there explaining all problems importing .ovpn files (certs not imported, invalid TLS selection and other badly imported parameters).
Maybe someone will notice it one day... :(

Monty Cantsin (open-pop-star) wrote :

same in Trusy Tahr 14.04

Martin (getmartin) wrote :

Confirmed, same bug in 14.04.
Well, the workaround "sudo openvpn --config client.ovpn" is still working.

I am having issues with 14.04 lts openvpn client for gnome as well. I get the same freezing and not loading the config file issues. I had to revert back to 12.04 lts as this feature is needed in my line of work. Any fix available?

Simon Déziel (sdeziel) on 2014-05-23
summary: - client.ovpn file is not completely imported
+ unable to import config with inlined ca, cert, key or tls-auth
Changed in network-manager-openvpn:
importance: Undecided → Unknown
status: New → Unknown
Changed in network-manager-openvpn:
importance: Unknown → Medium
status: Unknown → Confirmed
Tomislav (hefest) wrote :

Same as #25 and #26.

Tomislav (hefest) wrote :

Actually, I'm not having luck with the workaround: it seems that DNS settings have not been updated to find recources in the VPN.

Solitaire (bill-s0l) wrote :

This bug affects me as well.

Anyone got a script working to automate the creation of the separate certificates and keys from inside the .ovpm file?
Would be a great workaround till this gets fixed

Frol (frolvlad) wrote :

2015... Nothing was done yet. Let's make some movements.

Here is the import function:

and here are the lines of ca/cert/key tags parsing:

My suggestion is to save inline ca/cert/key inside of a Network Manager configurations file encoded into base64 (again) with "inline:" prefix, e.g.:

ca=inline:<base64 coded>
cert=inline:<base64 coded>
key=inline:<base64 coded>

Another approach would be to parse as much information from *.ovpn file as we can, remove parsed parts, encode rest of the file into a base64 string, and save it into a Network Manager connection config file. This may help to deal with extra options like inline certificates, but may also cause unexpected configuration conflicts.

Ryan Hendry (ryanhendry123) wrote :

I am experiencing the same problem.

Mehdi Fattahi (mehdifattahi) wrote :

Can somebody please fix this?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.