Hi, I have a problem with vpn. When I create a file and try to import it shows an error. There are no such problems when importing files from OPENVPN — only from ipfire. My osbuntu 22.04
Hi tgriksas,
needed to rewrite this 
… ‘–tls-client’ is a N2N directive so it seems that you´ve downloaded the wrong package. If you use a Ubuntu machine which is not setup as a OpenVPN tls-server/tls-client in a peer-to-peer topology you will need a Roadwarrior package (regular server and client topology) and not a N2N one. And even if, the NetworkManager does not know anything about N2N directives since it handles OpenVPN configs only, i think always, as OpenVPN clients with their respective directives (Roadwarriors)…
Hopefully this makes sense to you.
Best,
Erik
2 Likes
Hi, I’m done with the Roadwarrior package. It doesn’t work anyway. Or can I configure the Ubuntu vpn client manually? How?
Have you looked at this page … wiki.ipfire.org - OpenVPN on IPFire ? I created a new profile, tomas, added details, it generated a zip file. The zip file has tomas-TO-IPFire.ovpn and tomas.p12 files. Sent that zip to ubuntu client, imported it as VPN using the Network Manager and I can connect using the tomas profile.
#OpenVPN Client conf
tls-client
client
nobind
dev tun
proto udp
tun-mtu 1500
remote zotac.lan 1194
pkcs12 tomas.p12
cipher AES-256-CBC
auth SHA512
verb 3
remote-cert-tls server
verify-x509-name zotac.lan name
mssfix 0
1 Like
Yes-it worked with ubuntu 20.04 and with ubuntu 22.04 it doesn’t work that way
Good morning all,
since you use now another configuration the error should have been changed. It is difficult to say what the problem is since you did not deliver the logs.
Best,
Erik
Hi Tomas,
i looks like you want to import the file with the NetworkManager to create the connection.
I have a Fedora testing system and it does also not work. I have to manually create the connection.
Silvio
What result, on the command line, does the command
nmcli connection import type openvpn file filefromIPFire.ovpn
in Ubuntu or Fedora?
1 Like
Can you show the contents of the .ovpn file that you are importing.
Which version of IPFire are you running?
W tej sytuacji mozna spróbować:
openssl pkcs12 -in IPFIRE.p12 -clcerts -nokeys -nodes -out user.pem
openssl pkcs12 -in IPFIRE.p12 -nocerts -nodes -out keys.pem
openssl pkcs12 -in IPFIRE.p12 -cacerts -nodes -out ca.pem
then in the .ovpn file:
in place of line
pkcs12 IPFIRE.p12
put
cert '/PATH to/user.pem'
key '/PATH to/keys.pem'
ca '/PATH to/ca.pem'
then try import to NetworkManager.
If the pkcs12 file needs to be split up for Network Manager then it must be an older version. That used to apply but for some time I have been able to import pkcs12 files with the line pkcs12 IPFIRE.p12 and it has been imported into my Network Manager with no problems.
My Network Manager version is 1.36.4
Not sure what version is used in Ubuntu 22.04
Worth a try to split them up and see if that then works.
How to do this?
The error message that you get from trying to convert to pem with openssl, if it is correct, is because your algorithm (RC2-40-CBC) is a 64 bit algorithm which is very weak and easily broken these days. It is also no longer supported by any recent openssl.
What I don’t understand is if that algorithm is correct how you got that key with that algorithm. IPFire’s OpenVPN does not have any 64 bit keys listed on it.
Which encryption key did you select for IPFire’s OpenVPN server?
Is generated when adding an openvpn client to IPFire.
More information in the topic below:
The following link may be helpful:
On my Fedora36
[sfl@fedora ovpn]$ nmcli connection import type openvpn file Silvio-TO-IPFire.ovpn
Fehler: Importieren von »Silvio-TO-IPFire.ovpn« ist fehlgeschlagen: The file to import wasn’t a valid OpenVPN configuration (–ca can not be PKCS#12 format).
I run IPFire 167 and created this connection in Jan 2022:
Network-Manager versions are:
NetworkManager-openvpn-1.8.18-1.fc36.x86_64
NetworkManager-openvpn-gnome-1.8.18-1.fc36.x86_64
nmcli -v
nmcli-Werkzeug, Version 1.38.0-1.fc36
Silvio