Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[GNOME ] Importing .ovpn file with <tls-crypt> inside

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
matjaz132
Posts: 2
Joined: 2018-11-08 08:00

[GNOME ] Importing .ovpn file with <tls-crypt> inside

#1 Post by matjaz132 »

Hello!

I'm having a tough time importing .ovpn file created with PiVPN on my RaspberryPi. When I try to import it with GNOME's GUI tool "Network" -> "Add VPN" it error out with error: unsupported blob/xml element (line 52) which is that <tls-crypt> block.

Contents of .ovpn file are:

Code: Select all

client
dev tun
proto udp
remote x.x.x.x xxxx
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_xxxxxyyyyzzzzz name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1----
-----END OpenVPN Static key V1-----
</tls-crypt>
I'm running Debian Stable Stretch 9.6 all up to date. I've also installed "network-manager-openvpn-gnome" package. That GUI "Network" -> "Add VPN" -> OpenVPN doesn't work because splitting .opvn into ca.crt client.crt client.key because it still needs that <tls-crypt> key/block.

Running sudo openvpn --config /path/to/file works but I want to have a switch in GNOME network settings :)

Thank you for any help!


Matjaž

paxmark1
Posts: 54
Joined: 2008-10-23 05:19
Has thanked: 1 time

Re: [GNOME ] Importing .ovpn file with <tls-crypt> inside

#2 Post by paxmark1 »

EDIT: Disregard I did not see that you can get it up on command line.

Post Reply