GNOME Bugzilla – Bug 633337
[enh] handle configs with integrated certificates and keys
Last modified: 2016-03-11 17:42:54 UTC
NM cannot import profile from *.ovpn with integrated keys. Keys can be integrated directly into *.ovpn file. Windows OpenVPN client import this file correctly. Also as console command: openvpn --config file.ovpn
Yeah, NM-openvpn should handle this.
Can confirm this bug: configuration files with inline certificates can't be imported. Most people probably notice this bug when they try to connect to an Access Server instance, or to Private Tunnel (OpenVPN Technologies' commercial products). Note that there was a regression a while back that prevented even plain OpenVPN from loading inline certificates: <http://community.openvpn.net/openvpn/ticket/193> This was fixed in OpenVPN 2.3-alpha1.
Please add this feature to NetworkManager: many firewalls around (both opensource and closedsource like WatchGuard's Firebox) use .ovpn file with certificates inside. I can import into windows client without effort, also in OSX clients like TunnelBlick. And in Android clients too. But in Linux distributions it's still a pain to configure corporate VPN access with OpenVpn. See also: Bug for ubuntu: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/606365
*** Bug 744439 has been marked as a duplicate of this bug. ***
Importing .ovpn files into network manager is still not working properly.
This bug has been open for over four years and is still an issue. Is Network Manager no longer being supported?
Is there a blog or docs somewhere that can at least explain how to break apart an ovpn file into the pieces NM can work with? I'd really like to get my router's VPN working from my Fedora laptop so I can access shares on my home NAS while away.
(In reply to Chris Hubick from comment #7) > Is there a blog or docs somewhere that can at least explain how to break > apart an ovpn file into the pieces NM can work with? > > I'd really like to get my router's VPN working from my Fedora laptop so I > can access shares on my home NAS while away. The NetworkManager-openvpn plugin does not support all possible Openvpn options. Things like keys are actually supported, but the code to import ovpn files in nm-connection-editor cannot handle inline keys in the ovpn file (yet). Workaround this, by manually extracting the key in separate files. Then, either click a new VPN configuration in nm-connection-editor that matches your configuration from the ovpn file (including referencing the external keys), or mangle the ovpn file, until you can import it with nm-connection-editor (ensure in the UI that all looks correct, including the paths to the external keys).
*** Bug 705792 has been marked as a duplicate of this bug. ***
(In reply to Chris Hubick from comment #7) > Is there a blog or docs somewhere that can at least explain how to break > apart an ovpn file into the pieces NM can work with? > > I'd really like to get my router's VPN working from my Fedora laptop so I > can access shares on my home NAS while away. Yes, there is: http://howto.praqma.net/ubuntu/vpn/openvpn-access-server-client-on-ubuntu And even a little python script who breaks it apart: https://gist.github.com/seebk/bb94a7fd70d4cc454aaa So, as you see, its would be so damn easy for the Network Manager to read these kind of files, which are very very common for OpenVPN, because you only have to provide ONE file. And its all on the silver plate. I cant understand why this little bugfix is open for five years.
(In reply to Markus Majer from comment #10) > (In reply to Chris Hubick from comment #7) > So, as you see, its would be so damn easy for the Network Manager to read > these kind of files, which are very very common for OpenVPN, because you > only have to provide ONE file. > > And its all on the silver plate. > > I cant understand why this little bugfix is open for five years. the simple (albeit unsatisfying) answer is that nobody who is competent enough to do the simple change considered it high enough priority to do so. But sure... let's do it!
I switched to KDE where, FYI, such .ovpn files work perfectly right out of the box (or at least the one from my Asus router did) :-)
*** Bug 757132 has been marked as a duplicate of this bug. ***
Apparently someone has a patch at http://bazaar.launchpad.net/~network-manager/network-manager-openvpn/trunk/revision/559 The bug report at Launchpad that references this issue is https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/606365 (has link to above patch).
Upon better inspection, this issue has been added on Oct 2015 at https://git.gnome.org/browse/network-manager-openvpn/commit/properties/import-export.c?id=4a9d93a0c8c5ae7d7367ab6f721028593d8f77e0 (author: Jiří Klimeš@Redhat). The relevant bug report for the patch is https://bugzilla.redhat.com/show_bug.cgi?id=1157817 (does not make a reference to this report). I think this report can be closed as RESOLVED/FIXED.