Bug 757132 – [enh] Round-tripping .ovpn files does not work.

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 757132 - [enh] Round-tripping .ovpn files does not work.


Summary:	[enh] Round-tripping .ovpn files does not work.


Status:	RESOLVED DUPLICATE of bug 633337

Product:	NetworkManager
Classification:	Platform
Component:	VPN: openvpn
Version:	0.9.8
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	NetworkManager maintainer(s)
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-10-26 09:40 UTC by Anand Kumria
Modified:	2015-10-26 09:51 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Anand Kumria 2015-10-26 09:40:47 UTC

I created a VPN connection on one machine, exported it as a .ovpn files and then attempted to import it on another machines (say version of Network Manager).

The VPN connection fails because the import process fails.

An cut-down verison of the file is:

client
dev tun0
proto tcp
remote 1.2.3.4 80 tcp
nobind
persist-key
persist-tun
auth-user-pass
reneg-sec 86400

ca   [inline]
cert [inline]
key  [inline]

ns-cert-type server
comp-lzo
verb 3

<ca>
[elided]
</ca>

<cert>
[elided]
</cert>

<key>
[elided]
</key>

On the original machine, each of 'ca', 'cert' and 'key' point to files on the filesystem. In the .ovpn, they are marked as inline.

On the machine where I've imported then .ovpn files, when Network Manager attempts to initialise the connection it fails with:

Oct 26 09:29:29 surya NetworkManager[876]: <info> Starting VPN service 'openvpn'...
Oct 26 09:29:29 surya NetworkManager[876]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 29290
Oct 26 09:29:29 surya NetworkManager[876]: <info> VPN service 'openvpn' appeared; activating connections
Oct 26 09:29:29 surya NetworkManager[876]: <info> VPN plugin state changed: starting (3)
Oct 26 09:29:29 surya NetworkManager[876]: <info> VPN connection 'one-two' (Connect) reply received.
Oct 26 09:29:29 surya nm-openvpn[29295]: Options error: --pkcs12 fails with '/home/anand/Downloads/firefox/[inline]': No such file or directory
Oct 26 09:29:29 surya nm-openvpn[29295]: Options error: Please correct these errors.
Oct 26 09:29:29 surya nm-openvpn[29295]: Use --help for more information.
Oct 26 09:29:29 surya NetworkManager[876]: <warn> VPN plugin failed: 1
Oct 26 09:29:29 surya NetworkManager[876]: <info> VPN plugin state changed: stopped (6)
Oct 26 09:29:29 surya NetworkManager[876]: <info> VPN plugin state change reason: 0
Oct 26 09:29:29 surya NetworkManager[876]: <info> Policy set 'Wired connection 1' (eth0) as default for IPv4 routing and DNS.
Oct 26 09:29:29 surya NetworkManager[876]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.

I think on import, NetworkManager should check to see if the keys are marked as '[inline]' and then extract them into files it can then specify to the underlying openvpn command.

Comment 1 Thomas Haller 2015-10-26 09:51:40 UTC

Inline certificates are currently not supported (but definitely should)

There is a bug for that already, thus closing as duplicate.

*** This bug has been marked as a duplicate of bug 633337 ***