openvpn can't import configurations on new 14.04 installation
Edit: Fixed it back then when the patch rolled out with add VPN config. No longer use Linux/Ubuntu now.
I installed the OpenVPN Network-Manager by doing: sudo apt-get install network-manager-openvpn, which also installs the gnome package.
This made it possible to import configurations under 13.10, but on my fresh installation, I can point to the .conf files, but after clicking import, the manager just dissapears and no connection is added.
I tried manually setting it up, which kind of worked, but my connection keeps dropping after a while, I guess because I didn't manually set every last detail of the very detailed configuration.
Connecting through the terminal by doing: sudo openvpn --config /path/to/openvpn.conf asked me for a username, then password, but then doesn't connect.
What can I do to fix this? I really need my VPN, any help is deeply appreciated.
Edit: It's a bug/1294899
For the re-open queue: Someone has an extremely good work-around for this and he used an edit to put this in, but this is worthy of its own answer: voting to re-open...
Solution 1:
You're right, it is a network manager bug. But I (and you too) can get around it by running openvpn from the command line. You've probably done at least a few of these steps, but just in case (and for the benefit of others) I'll do a full step-by-step.
First install the required packages
sudo apt-get install network-manager network-manager-openvpn network-manager-openvpn-gnome
Create Files These files must be kept safe and private at all times
- Make a directory called openvpn in your home directory Copy your VPN client file (renamed client.ovpn) into directory openvpn
- Optional: Keep an original copy of the file – call it client.ovpn.orig
- Next we will create 4 files under the openvpn directory.
- See the bottom of this file for how to automate the following steps
- Open the client.ovpn file in a text editor.
- Create a file called ca.crt – copy the text between
<ca>and</ca>from client.ovpn into this file - Create a file called client.crt – copy the text between
<cert>and</cert>from client.ovpn into this file - Create a file called client.key – copy the text between
<key>and</key>from client.ovpn into this file - Create a file called ta.key – copy the text between
<tls-auth>and</tls-auth>from client.ovpn into this file At this point I have a total of 6 files under my openvpn directory (including the backup file)
5-9 I've just worked out how to do bash script. Whoop Copy the following into a text file:
#!/bin/bash
sed '1,/<ca>/d;/<\/ca>/,$d' client.ovpn > ca.crt
sed '1,/<cert>/d;/<\/cert>/,$d' client.ovpn > client.crt
sed '1,/<key>/d;/<\/key>/,$d' client.ovpn > client.key
sed '1,/<tls-auth>/d;/<\/tls-auth>/,$d' client.ovpn > ta.key
I saved the file as openvpnconvert in the openvpn folder along with the client.ovpn file. Made it executable with the command chmod a+x:
chmod a+x openvpnconvert
And then ran it:
./openvpnconvert
Modify the client.ovpn file
Just before the ## —–BEGIN RSA SIGNATURE—– line add the below lines and save
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key
Finally, you need to run openvpn from the Command Line Interface (CLI)
cd into the openvpn folder
cd openvpn
Run openvpn, if you're using the filenames I specified, see below, otherwise use your filenames.
sudo openvpn --client --config ~/openvpn/client.ovpn --ca ~/openvpn/ca.crt
I'm currently running OpenVPN, which I set up using exactly these steps. Hope it works equally well for others.
Sources:
Creating Files - http://naveensnayak.wordpress.com/2013/03/04/ubuntu-openvpn-with-ovpn-file/
Running from the Command Line - http://ubuntuforums.org/showthread.php?t=2206811
Solution 2:
I thought the option was missing to, but it just moved. Choose add connection first, then instead of choosing OpenVPN (like i was doing), scroll down farther and choose last option "import a saved vpn..."
found the answer here - http://torguard.net/knowledgebase.php?action=displayarticle&id=53
Solution 3:
I never tried to import these connection data, but I've used the following on different occasions:
place the
whatever.conftogether with the.crtfile and the credentials in/etc/openvpnand start/stop the VPN connection withsudo service openvpn whatever start|stopcreate the VPN connection through the NetworkManager by entering the connection data manually. The config file for the connection will be placed at
/etc/NetworkManager/system-connectionsand can be edited later.
Solution 4:
Extraction Script:
In response to Tamsyn Michael's helpful answer I made a small program to automate the extraction task. It outputs the appropriate files needed for openvpn then appends these filenames to the original settings file.
//woahguy@askubuntu
#include <iostream>
#include <string.h>
#include <stdio.h>
using namespace std;
int i = 0;
string buffer, filename, ca, cert, key, auth;
struct _tags { const char* first; const char* last; };
const char* files[] = { "ca.crt", "client.crt", "client.key", "ta.key" };
_tags tags[] = {
{ "<ca>", "</ca>" },
{ "<cert>", "</cert>" },
{ "<key>", "</key>" },
{ "<tls-auth>", "</tls-auth>" }
};
string string_between( string str, const string& from, const string& to ) {
size_t first = str.find(from);
size_t last = str.find(to);
return( str.substr ( first+from.size(),last-first-to.size()));
}
int read_file_to_buffer( string filename )
{
char line[12];
FILE* pFile = fopen( filename.c_str(), "r" );
if( pFile != NULL ) {
while( fgets( line, sizeof( line ), pFile ) ) {
buffer.append( line );
}
} else {
return 1;
}
return 0;
}
int write_buffer_to_file( string buffer, string filename )
{
FILE* pFile = fopen( filename.c_str(), "w" );
if( pFile != NULL ) {
fwrite (buffer.c_str(), sizeof(char), buffer.size(), pFile);
fclose(pFile);
} else {
return 1;
}
return 0;
}
int append_found_tags_to_main( int type )
{
FILE* pFile = fopen( filename.c_str(), "a+" );
if( pFile != NULL ) {
if( type == 1 ) {
fprintf( pFile, "\nca %s\r\ncert %s\r\nkey %s\r\n",
files[0], files[1], files[2] );
} else {
fprintf( pFile, "\nca %s\r\ncert %s\r\nkey %s\r\ntls-auth %s\r\n",
files[0], files[1], files[2], files[3] );
}
fclose(pFile);
}
return 0;
}
int extract_tags( )
{
while (buffer.find(tags[i].first) != std::string::npos ) {
if( i == 0 ) {
ca = string_between( buffer, tags[i].first, tags[i].last);
} else if( i == 1 ) {
cert = string_between( buffer, tags[i].first, tags[i].last);
} else if( i == 2 ) {
key = string_between( buffer, tags[i].first, tags[i].last);
} else if( i == 3 ) {
auth = string_between( buffer, tags[i].first, tags[i].last);
} else {
return 1;
}
i++;
}
return 0;
}
int write_tags( )
{
if( !ca.empty() && !cert.empty() && !key.empty() ) {
write_buffer_to_file( ca, files[0] );
write_buffer_to_file( cert, files[1] );
write_buffer_to_file( key, files[2] );
if( !auth.empty() ) {
write_buffer_to_file( auth, files[3] );
append_found_tags_to_main( 0 );
} else {
append_found_tags_to_main( 1 );
return 1;
}
} else {
return 2;
}
}
int main(int argc, char* argv[])
{
if( argv[1] == NULL ) {
printf("certgrabber<: You need to specify a valid filename to extract from.\r\n");
return 1;
} else {
if( argv[2] != NULL && argv[3] != NULL && argv[4] != NULL && argv[5] != NULL) {
files[0] = argv[2];
files[1] = argv[3];
files[2] = argv[4];
files[2] = argv[5];
}
filename = argv[1];
}
read_file_to_buffer( argv[1] );
if( buffer.empty()){
printf("certgrabber<: You need to specify a valid filename to extract from.\r\n");
return 2;
}
if( extract_tags() == 0 ) {
int result = write_tags();
if( result == 0 ) {
printf("certgrabber<: All certificates and keys successfully extracted.\r\n");
} else if( result == 1 ) {
printf("certgrabber<: Unable to find a TLS auth key, but this isn't exactly an error.\r\n");
} else if( result == 2 ) {
printf("certgrabber<: Something went totally wrong with the certificate files.\r\n");
}
} else {
printf("certgrabber<: Something went wrong while extracting the tags.\r\n");
return 3;
}
return 0;
}
Compilation & Building:
You will need to install g++ to build this
sudo apt-get install g++
Then from the terminal
g++ -c main.cpp -o main.o \ g++ -o certgrabber main.o
You will now have the 'certgrabber' program in the folder.
Program Usage:
Extract to default filenames (ca.crt, client.crt, client.key, tls-auth.key)
./certgrabber settings.ovpn
Extract to custom filenames
./certgrabber settings.ovpn ca-1.crt client-1.crt client-1.key tls-1.key
Solution 5:
The issue with ADDING a VPN from a saved .ovpn file still fails.
It is possible to ADD one manually.
- Select NM App Indicator, --> VPN --> Configure VPN --> Add --> OpenVPN
- Manually Name your Connection and enter the IP Address for your server
- Select the type of authrntication: For me it is Password + Certificates
- Enter your User Name and Password
- Select your certificates and keys for the next three boxes.
- Select Advanced from bottom
-
Enter the PORT (in the .ovpn file, usually at the bottom after the IP address in the "XX" position:
remote ###.###.##.## XX
If your VPN is TCP, then check box for "Use a TCP Connection"
- Select OK and then Save.
At this point, the VPN connection should be listed in the NM AppIndicator as an option. Select and test your connection. I was able to add a TCP and a UDP type of connection, but it took a lot more to do than it would have if the import .ovpn saved file worked.
Lets hope they fix this soon so I can easily add other connection... but at least this is a work around that should help people frustrated like I was.