Bug 744439 – Gnome VPN settings dialog fails to pick up certificates when importing *.ovpn

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 744439 - Gnome VPN settings dialog fails to pick up certificates when importing *.ovpn


Summary:	Gnome VPN settings dialog fails to pick up certificates when importing *.ovpn


Status:	RESOLVED DUPLICATE of bug 633337

Product:	NetworkManager
Classification:	Platform
Component:	VPN: openvpn
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	NetworkManager maintainer(s)
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-02-12 21:16 UTC by el
Modified:	2015-02-16 18:27 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description el 2015-02-12 21:16:04 UTC

The Gnome VPN settings dialog fails to pick up certificates when importing *.ovpn, which makes it super-annoying to import Astrill files because I essentially need to extract all 4 certificates manually from the file, and just copy&paste them again into *.crt just so I can pick them as manual extra certificate files for Gnome.

The original .ovpn file already has them in <ca> / <cert> / <key> / <tls-auth> tags respectively, and the Gnome VPN settings should *really* pick those up when importing.

Comment 1 el 2015-02-12 21:24:07 UTC

It fails to pick up "key-direction 1" and the whole resulting "Using additional TLS authentication" with of-course also the including key too. I need to extract all of that manually. This should really be fixed, because you shouldn't expect the average user to be able to do this correctly - so right now, the import is essentially useless to them (and for me it's at least half useless).

Comment 2 el 2015-02-12 21:31:40 UTC

This is the file in question with remote and all the certificate/key details removed. None of the certificates or keys listed imports at all, and TLS authentication with the additional key provided isn't activated either:

setenv FORWARD_COMPATIBLE 1
setenv UV_SERVERID 377
client
dev tun
proto udp
remote REMOVED
nobind
persist-key
persist-tun
ns-cert-type server
key-direction 1
push-peer-info
comp-lzo
explicit-exit-notify
verb 3
mute 20
reneg-sec 86400
mute-replay-warnings
max-routes 1000
<ca>
-----BEGIN CERTIFICATE-----
   REMOVED
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
   REMOVED
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
   REMOVED
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
   REMOVED
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
   REMOVED
-----END OpenVPN Static key V1-----
</tls-auth>

Comment 3 Thomas Haller 2015-02-16 18:27:52 UTC

Thanks for taking the time to report this.
This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find.

*** This bug has been marked as a duplicate of bug 633337 ***