openvpn can't import configurations on new 14.04 installation

Edit: Fixed it back then when the patch rolled out with add VPN config. No longer use Linux/Ubuntu now.

I installed the OpenVPN Network-Manager by doing: sudo apt-get install network-manager-openvpn, which also installs the gnome package.

This made it possible to import configurations under 13.10, but on my fresh installation, I can point to the .conf files, but after clicking import, the manager just dissapears and no connection is added.

I tried manually setting it up, which kind of worked, but my connection keeps dropping after a while, I guess because I didn't manually set every last detail of the very detailed configuration.

Connecting through the terminal by doing: sudo openvpn --config /path/to/openvpn.conf asked me for a username, then password, but then doesn't connect.

What can I do to fix this? I really need my VPN, any help is deeply appreciated.

Edit: It's a bug/1294899

For the re-open queue: Someone has an extremely good work-around for this and he used an edit to put this in, but this is worthy of its own answer: voting to re-open...


Solution 1:

You're right, it is a network manager bug. But I (and you too) can get around it by running openvpn from the command line. You've probably done at least a few of these steps, but just in case (and for the benefit of others) I'll do a full step-by-step.

First install the required packages

sudo apt-get install network-manager network-manager-openvpn network-manager-openvpn-gnome

Create Files These files must be kept safe and private at all times

  1. Make a directory called openvpn in your home directory Copy your VPN client file (renamed client.ovpn) into directory openvpn
  2. Optional: Keep an original copy of the file – call it client.ovpn.orig
  3. Next we will create 4 files under the openvpn directory.
  4. See the bottom of this file for how to automate the following steps
  5. Open the client.ovpn file in a text editor.
  6. Create a file called ca.crt – copy the text between <ca> and </ca> from client.ovpn into this file
  7. Create a file called client.crt – copy the text between <cert> and </cert> from client.ovpn into this file
  8. Create a file called client.key – copy the text between <key> and </key> from client.ovpn into this file
  9. Create a file called ta.key – copy the text between <tls-auth> and </tls-auth> from client.ovpn into this file At this point I have a total of 6 files under my openvpn directory (including the backup file)

5-9 I've just worked out how to do bash script. Whoop Copy the following into a text file:

#!/bin/bash
sed '1,/<ca>/d;/<\/ca>/,$d' client.ovpn > ca.crt
sed '1,/<cert>/d;/<\/cert>/,$d' client.ovpn > client.crt
sed '1,/<key>/d;/<\/key>/,$d' client.ovpn > client.key
sed '1,/<tls-auth>/d;/<\/tls-auth>/,$d' client.ovpn > ta.key

I saved the file as openvpnconvert in the openvpn folder along with the client.ovpn file. Made it executable with the command chmod a+x:

chmod a+x openvpnconvert

And then ran it:

./openvpnconvert

Modify the client.ovpn file

Just before the ## —–BEGIN RSA SIGNATURE—– line add the below lines and save

ca ca.crt
cert client.crt
key client.key
tls-auth ta.key

Finally, you need to run openvpn from the Command Line Interface (CLI)

cd into the openvpn folder

cd openvpn

Run openvpn, if you're using the filenames I specified, see below, otherwise use your filenames.

sudo openvpn --client --config ~/openvpn/client.ovpn --ca ~/openvpn/ca.crt

I'm currently running OpenVPN, which I set up using exactly these steps. Hope it works equally well for others.

Sources:

Creating Files - http://naveensnayak.wordpress.com/2013/03/04/ubuntu-openvpn-with-ovpn-file/

Running from the Command Line - http://ubuntuforums.org/showthread.php?t=2206811

Solution 2:

I thought the option was missing to, but it just moved. Choose add connection first, then instead of choosing OpenVPN (like i was doing), scroll down farther and choose last option "import a saved vpn..."

enter image description here

found the answer here - http://torguard.net/knowledgebase.php?action=displayarticle&id=53

Solution 3:

I never tried to import these connection data, but I've used the following on different occasions:

  • place the whatever.conf together with the .crt file and the credentials in /etc/openvpn and start/stop the VPN connection with sudo service openvpn whatever start|stop

  • create the VPN connection through the NetworkManager by entering the connection data manually. The config file for the connection will be placed at /etc/NetworkManager/system-connections and can be edited later.

Solution 4:

Extraction Script:

In response to Tamsyn Michael's helpful answer I made a small program to automate the extraction task. It outputs the appropriate files needed for openvpn then appends these filenames to the original settings file.

//woahguy@askubuntu

#include <iostream>
#include <string.h>
#include <stdio.h>

using namespace std;

int i = 0;

string buffer, filename, ca, cert, key, auth;

struct _tags { const char* first; const char* last; };

const char* files[] = { "ca.crt", "client.crt", "client.key", "ta.key" };

_tags tags[] = {
    { "<ca>", "</ca>" },
    { "<cert>", "</cert>" },
    { "<key>", "</key>" },
    { "<tls-auth>", "</tls-auth>" }
};

string string_between( string str, const string& from, const string& to ) {
    size_t first = str.find(from);
    size_t last = str.find(to);
    return( str.substr ( first+from.size(),last-first-to.size()));
}

int read_file_to_buffer( string filename )
{
    char line[12];
    FILE* pFile = fopen( filename.c_str(), "r" );
    if( pFile != NULL ) {
        while( fgets( line, sizeof( line ), pFile ) ) {
            buffer.append( line );
        }
    } else {
        return 1;
    }
    return 0;
}

int write_buffer_to_file( string buffer, string filename )
{
    FILE* pFile = fopen( filename.c_str(), "w" );
    if( pFile != NULL ) {
        fwrite (buffer.c_str(), sizeof(char), buffer.size(), pFile);
        fclose(pFile);
    } else {
        return 1;
    }
    return 0;
}

int append_found_tags_to_main( int type )
{
    FILE* pFile = fopen( filename.c_str(), "a+" );
    if( pFile != NULL ) {
        if( type == 1 ) {
            fprintf( pFile, "\nca %s\r\ncert %s\r\nkey %s\r\n",
                files[0], files[1], files[2] );
        } else {
            fprintf( pFile, "\nca %s\r\ncert %s\r\nkey %s\r\ntls-auth %s\r\n",
                files[0], files[1], files[2], files[3] );
        }
        fclose(pFile);
    }
    return 0;
}

int extract_tags( )
{
    while (buffer.find(tags[i].first) != std::string::npos ) {
        if( i == 0 ) {
            ca = string_between( buffer, tags[i].first, tags[i].last);
        } else if( i == 1 ) {
            cert = string_between( buffer, tags[i].first, tags[i].last);
        } else if( i == 2 ) {
            key = string_between( buffer, tags[i].first, tags[i].last);
        } else if( i == 3 ) {
            auth = string_between( buffer, tags[i].first, tags[i].last);
        } else {
            return 1;
        }
        i++;
    }
    return 0;
}

int write_tags( )
{
    if( !ca.empty() && !cert.empty() && !key.empty() ) {
        write_buffer_to_file( ca, files[0] );
        write_buffer_to_file( cert, files[1] );
        write_buffer_to_file( key, files[2] );
        if( !auth.empty() ) {
            write_buffer_to_file( auth, files[3] );
            append_found_tags_to_main( 0 );
        } else {
            append_found_tags_to_main( 1 );
            return 1;
        }
    } else {
        return 2;
    }
}

int main(int argc, char* argv[])
{
    if( argv[1] == NULL ) {
        printf("certgrabber<: You need to specify a valid filename to extract from.\r\n");
        return 1;
    } else {
        if( argv[2] != NULL && argv[3] != NULL && argv[4] != NULL && argv[5] != NULL) {
            files[0] = argv[2];
            files[1] = argv[3];
            files[2] = argv[4];
            files[2] = argv[5];
        }
        filename = argv[1];
    }
    read_file_to_buffer( argv[1] );
    if( buffer.empty()){
        printf("certgrabber<: You need to specify a valid filename to extract from.\r\n");
        return 2;
    }
    if( extract_tags() == 0 ) {
        int result = write_tags();
        if( result == 0 ) {
            printf("certgrabber<: All certificates and keys successfully extracted.\r\n");
        } else if( result == 1 ) {
            printf("certgrabber<: Unable to find a TLS auth key, but this isn't exactly an error.\r\n");
        } else if( result == 2 ) {
            printf("certgrabber<: Something went totally wrong with the certificate files.\r\n");
        }
    } else {
        printf("certgrabber<: Something went wrong while extracting the tags.\r\n");
        return 3;
    }
    return 0;
}

Compilation & Building:

You will need to install g++ to build this

sudo apt-get install g++

Then from the terminal

g++ -c main.cpp -o main.o \ g++ -o certgrabber main.o 

You will now have the 'certgrabber' program in the folder.

Program Usage:

Extract to default filenames (ca.crt, client.crt, client.key, tls-auth.key)

./certgrabber settings.ovpn

Extract to custom filenames

./certgrabber settings.ovpn ca-1.crt client-1.crt client-1.key tls-1.key

Solution 5:

The issue with ADDING a VPN from a saved .ovpn file still fails.

It is possible to ADD one manually.

  1. Select NM App Indicator, --> VPN --> Configure VPN --> Add --> OpenVPN
  2. Manually Name your Connection and enter the IP Address for your server
  3. Select the type of authrntication: For me it is Password + Certificates
  4. Enter your User Name and Password
  5. Select your certificates and keys for the next three boxes.
  6. Select Advanced from bottom
  7. Enter the PORT (in the .ovpn file, usually at the bottom after the IP address in the "XX" position:

    remote ###.###.##.## XX

  8. If your VPN is TCP, then check box for "Use a TCP Connection"

  9. Select OK and then Save.

At this point, the VPN connection should be listed in the NM AppIndicator as an option. Select and test your connection. I was able to add a TCP and a UDP type of connection, but it took a lot more to do than it would have if the import .ovpn saved file worked.

Lets hope they fix this soon so I can easily add other connection... but at least this is a work around that should help people frustrated like I was.