After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 633337 - [enh] handle configs with integrated certificates and keys
[enh] handle configs with integrated certificates and keys
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: VPN: openvpn
0.8.x
Other Linux
: Normal normal
: ---
Assigned To: Dan Williams
NetworkManager maintainer(s)
: 705792 744439 757132 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2010-10-28 10:02 UTC by sbagnak
Modified: 2016-03-11 17:42 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description sbagnak 2010-10-28 10:02:10 UTC
NM cannot import profile from *.ovpn with integrated keys.
Keys can be integrated directly into *.ovpn file.
Windows OpenVPN client import this file correctly. Also as console command: openvpn --config file.ovpn
Comment 1 Dan Williams 2010-10-28 20:49:46 UTC
Yeah, NM-openvpn should handle this.
Comment 2 sjsepp 2012-06-29 07:25:36 UTC
Can confirm this bug: configuration files with inline certificates can't be imported. Most people probably notice this bug when they try to connect to an Access Server instance, or to Private Tunnel (OpenVPN Technologies' commercial products).

Note that there was a regression a while back that prevented even plain OpenVPN from loading inline certificates:

<http://community.openvpn.net/openvpn/ticket/193>

This was fixed in OpenVPN 2.3-alpha1.
Comment 3 Giovanni 2013-12-27 12:43:17 UTC
Please add this feature to NetworkManager: many firewalls around (both opensource and closedsource like WatchGuard's Firebox) use .ovpn file with certificates inside.
I can import into windows client without effort, also in OSX clients like TunnelBlick. And in Android clients too.
But in Linux distributions it's still a pain to configure corporate VPN access with OpenVpn.

See also:

Bug for ubuntu:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/606365
Comment 4 Thomas Haller 2015-02-16 18:27:52 UTC
*** Bug 744439 has been marked as a duplicate of this bug. ***
Comment 5 Ryan Hendry 2015-02-25 16:25:50 UTC
Importing .ovpn files into network manager is still not working properly.
Comment 6 5993d42b 2015-03-24 09:27:57 UTC
This bug has been open for over four years and is still an issue. Is Network Manager no longer being supported?
Comment 7 Chris Hubick 2015-03-24 18:00:14 UTC
Is there a blog or docs somewhere that can at least explain how to break apart an ovpn file into the pieces NM can work with?

I'd really like to get my router's VPN working from my Fedora laptop so I can access shares on my home NAS while away.
Comment 8 Thomas Haller 2015-03-25 13:44:46 UTC
(In reply to Chris Hubick from comment #7)
> Is there a blog or docs somewhere that can at least explain how to break
> apart an ovpn file into the pieces NM can work with?
> 
> I'd really like to get my router's VPN working from my Fedora laptop so I
> can access shares on my home NAS while away.

The NetworkManager-openvpn plugin does not support all possible Openvpn options.
Things like keys are actually supported, but the code to import ovpn files in nm-connection-editor cannot handle inline keys in the ovpn file (yet).

Workaround this, by manually extracting the key in separate files.

Then, either click a new VPN configuration in nm-connection-editor that matches your configuration from the ovpn file (including referencing the external keys),

or mangle the ovpn file, until you can import it with nm-connection-editor (ensure in the UI that all looks correct, including the paths to the external keys).
Comment 9 Thomas Haller 2015-05-29 05:49:15 UTC
*** Bug 705792 has been marked as a duplicate of this bug. ***
Comment 10 Markus Majer 2015-09-14 14:10:03 UTC
(In reply to Chris Hubick from comment #7)
> Is there a blog or docs somewhere that can at least explain how to break
> apart an ovpn file into the pieces NM can work with?
> 
> I'd really like to get my router's VPN working from my Fedora laptop so I
> can access shares on my home NAS while away.

Yes, there is:
http://howto.praqma.net/ubuntu/vpn/openvpn-access-server-client-on-ubuntu

And even a little python script who breaks it apart:
https://gist.github.com/seebk/bb94a7fd70d4cc454aaa

So, as you see, its would be so damn easy for the Network Manager to read these kind of files, which are very very common for OpenVPN, because you only have to provide ONE file.

And its all on the silver plate.

I cant understand why this little bugfix is open for five years.
Comment 11 Thomas Haller 2015-09-14 15:35:32 UTC
(In reply to Markus Majer from comment #10)
> (In reply to Chris Hubick from comment #7)
> So, as you see, its would be so damn easy for the Network Manager to read
> these kind of files, which are very very common for OpenVPN, because you
> only have to provide ONE file.
> 
> And its all on the silver plate.
> 
> I cant understand why this little bugfix is open for five years.

the simple (albeit unsatisfying) answer is that nobody who is competent enough to do the simple change considered it high enough priority to do so.

But sure... let's do it!
Comment 12 Chris Hubick 2015-09-14 19:46:13 UTC
I switched to KDE where, FYI, such .ovpn files work perfectly right out of the box (or at least the one from my Asus router did) :-)
Comment 13 Thomas Haller 2015-10-26 09:51:40 UTC
*** Bug 757132 has been marked as a duplicate of this bug. ***
Comment 14 Simos Xenitellis 2016-01-08 10:36:20 UTC
Apparently someone has a patch at 
http://bazaar.launchpad.net/~network-manager/network-manager-openvpn/trunk/revision/559

The bug report at Launchpad that references this issue is
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/606365
(has link to above patch).
Comment 15 Simos Xenitellis 2016-01-08 11:30:21 UTC
Upon better inspection, this issue has been added on Oct 2015 at
https://git.gnome.org/browse/network-manager-openvpn/commit/properties/import-export.c?id=4a9d93a0c8c5ae7d7367ab6f721028593d8f77e0 (author: Jiří Klimeš@Redhat).

The relevant bug report for the patch is https://bugzilla.redhat.com/show_bug.cgi?id=1157817
(does not make a reference to this report).

I think this report can be closed as RESOLVED/FIXED.