Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Thomas Haller wrote: On Thu, 2018-02-22 at 12:34 -0500, David H. Durgee wrote: Thomas Haller wrote: The proper solution is to add support for this option. Patches welcome. I doubt my programming skills are up to a patch for this. Is this one on the list somewhere of addition options to be supported? If not, can it be added? Hi, I did something, it's on review: https://bugzilla.gnome.org/show_bug.cgi?id=793746 In either case, any idea of when it might be available? Is there a release schedule for the plugin? Releases are done infrequently. Also, your distribution might not rebase the package to a new upstream release, and it might not be willing to backport new features in the current release of the distribution. But that depends... Given that I only need to use the service when taking my laptop out of the office I believe I can live with continuing to use openvpn directly until the plugin supports the option. I doubt that private tunnel is the only service using this option, so I suspect others are also encountering it and adding support to the plugin should be done at some point. Maybe it's a pain point for many user. But I never saw a feature request about it, and there is (AFAIK) no open RFE on bugzilla.gnome.org. Be that as it may, it's easy to add. best, Thomas Thank you for your effort on this issue. My release of mint is based upon ubuntu xenial and that is where the openvpn plugin is packaged. So if your work passes review and is released I would expect to see it when ubuntu adds it to their repository. As this is an LTS release I would expect updates to be made, but I have no idea how quickly it would be done. If for some reason ubuntu does not update their repository, do you also maintain a PPA for your releases? I have added a few PPAs to my configuration to address products that are not updated as part of mint or ubuntu and could add another one if needed and available. Thank you once again for your assistance in sorting this issue out. Dave ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
On Thu, 2018-02-22 at 12:34 -0500, David H. Durgee wrote: > Thomas Haller wrote: > > > > The proper solution is to add support for this option. Patches > > welcome. > > I doubt my programming skills are up to a patch for this. Is this > one > on the list somewhere of addition options to be supported? If not, > can > it be added? Hi, I did something, it's on review: https://bugzilla.gnome.org/show_bug.cgi?id=793746 > In either case, any idea of when it might be available? > Is there a release schedule for the plugin? Releases are done infrequently. Also, your distribution might not rebase the package to a new upstream release, and it might not be willing to backport new features in the current release of the distribution. But that depends... > Given that I only need to use the service when taking my laptop out > of > the office I believe I can live with continuing to use openvpn > directly > until the plugin supports the option. I doubt that > private > tunnel is the only service using this option, so I suspect others > are > also encountering it and adding support to the plugin should be done > at > some point. Maybe it's a pain point for many user. But I never saw a feature request about it, and there is (AFAIK) no open RFE on bugzilla.gnome.org. Be that as it may, it's easy to add. best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Thomas Haller wrote: On Thu, 2018-02-22 at 11:43 -0500, David H. Durgee wrote: Thomas Haller wrote: On Wed, 2018-02-21 at 12:03 -0500, David H. Durgee wrote: Thomas Haller wrote: I will consider debug logging after you have a chance to inspect the connection show and let me know if it looks sane or is missing a crucial element. Hi, the settings don't look wrong, but whether the settings are correct depends very much on your server configuratoin. Enable debug logging and see why the connection failed. Since NM does not support the argument, you should investigate whether that argument is required in your setup. For example, (as you said, plain openvpn works) by running openvpn with the ovpn without the option. best, Thomas Per your suggestion I tried using openvpn with the edited file and as expected it fails to connect. So the appears to be required to initialize the connection. Now the question is how do I add them to the configuration? I manually added the contents of that element to a file ~/.certs/nm-openvpn/Ashburn-edited-extra-certs.pem along with the other elements, but that appears to be insufficient. I assume that I need to add the proper entry to /etc/NetworkManager/system-connections/Private Tunnel - Ashburn, but my question is what form does that entry take? In the [vpn] section I see various entries referencing the certificates, specifically: cert=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-cert.pem key=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-key.pem ca=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-ca.pem ta=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-tls-auth.pem So I assume I need a similar line for this one, but should it be "extra-certs=" or "ec=" there? I guess I could try both, but I would prefer to get it right the first time. Or is it perhaps something else entirely? Hi, Editing the connection of NetworkManager with a new option that is not supported by nm-openvpn plugin does not make it work. nm-openvpn plugin does not support this option (yet). See https://git.gnome.org/browse/network-manager-openvpn/commit/?id=master especially https://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service.c?id=dd8868f8a020988a47b7d4d4b502a98531fdeee0 which constructs the command line arguments for openvpn binary. The proper solution is to add support for this option. Patches welcome. I doubt my programming skills are up to a patch for this. Is this one on the list somewhere of addition options to be supported? If not, can it be added? In either case, any idea of when it might be available? Is there a release schedule for the plugin? Possible work arounds are: - try to find a client configuration that does not require this option. Maybe reconfigure the server is feasable. Not in this case, this is not my server but a service provider. - use openvpn directly, without NetworkManager That is my current approach, I guess I can continue doing so while the option is added to the plugin. - replace the openvpn binary with a wrapper shell script, that hacks this option. Something like (totally untested!) #!/bin/bash EXTRA_ARGS= if [[ echo "$@" | grep -q '--remote MY.REMOTE.THAT.I.RECOGNIZE' ]]; then EXTRA_ARGS="--extra-certs /path/to/extra/certs" fi exec /path/to/real/openvpn "$@" $EXTRA_ARGS I guess that might work, but it is a bit messy. Given that I only need to use the service when taking my laptop out of the office I believe I can live with continuing to use openvpn directly until the plugin supports the option. I doubt that private tunnel is the only service using this option, so I suspect others are also encountering it and adding support to the plugin should be done at some point. Thanks again for your assistance in this matter. Dave ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
On Thu, 2018-02-22 at 11:43 -0500, David H. Durgee wrote: > Thomas Haller wrote: > > On Wed, 2018-02-21 at 12:03 -0500, David H. Durgee wrote: > > > Thomas Haller wrote: > > > > > > I will consider debug logging after you have a chance to inspect > > > the > > > connection show and let me know if it looks sane or is missing a > > > crucial > > > element. > > > > Hi, > > > > the settings don't look wrong, but whether the settings are > > correct > > depends very much on your server configuratoin. Enable debug > > logging > > and see why the connection failed. > > > > Since NM does not support the argument, you should > > investigate whether that argument is required in your setup. For > > example, (as you said, plain openvpn works) by running openvpn with > > the > > ovpn without the option. > > > > > > best, > > Thomas > > Per your suggestion I tried using openvpn with the edited file and > as > expected it fails to connect. So the appears to be > required to initialize the connection. Now the question is how do I > add > them to the configuration? I manually added the contents of that > element to a file ~/.certs/nm-openvpn/Ashburn-edited-extra-certs.pem > along with the other elements, but that appears to be insufficient. > > I assume that I need to add the proper entry to > /etc/NetworkManager/system-connections/Private Tunnel - Ashburn, but > my > question is what form does that entry take? In the [vpn] section I > see > various entries referencing the certificates, specifically: > > cert=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-cert.pem > key=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-key.pem > ca=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-ca.pem > ta=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-tls-auth.pem > > So I assume I need a similar line for this one, but should it be > "extra-certs=" or "ec=" there? I guess I could try both, but I > would > prefer to get it right the first time. Or is it perhaps something > else > entirely? Hi, Editing the connection of NetworkManager with a new option that is not supported by nm-openvpn plugin does not make it work. nm-openvpn plugin does not support this option (yet). See https://git.gnome.org/browse/network-manager-openvpn/commit/?id=master especially https://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service.c?id=dd8868f8a020988a47b7d4d4b502a98531fdeee0 which constructs the command line arguments for openvpn binary. The proper solution is to add support for this option. Patches welcome. Possible work arounds are: - try to find a client configuration that does not require this option. Maybe reconfigure the server is feasable. - use openvpn directly, without NetworkManager - replace the openvpn binary with a wrapper shell script, that hacks this option. Something like (totally untested!) #!/bin/bash EXTRA_ARGS= if [[ echo "$@" | grep -q '--remote MY.REMOTE.THAT.I.RECOGNIZE' ]]; then EXTRA_ARGS="--extra-certs /path/to/extra/certs" fi exec /path/to/real/openvpn "$@" $EXTRA_ARGS best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Thomas Haller wrote: On Wed, 2018-02-21 at 12:03 -0500, David H. Durgee wrote: Thomas Haller wrote: I will consider debug logging after you have a chance to inspect the connection show and let me know if it looks sane or is missing a crucial element. Hi, the settings don't look wrong, but whether the settings are correct depends very much on your server configuratoin. Enable debug logging and see why the connection failed. Since NM does not support the argument, you should investigate whether that argument is required in your setup. For example, (as you said, plain openvpn works) by running openvpn with the ovpn without the option. best, Thomas Per your suggestion I tried using openvpn with the edited file and as expected it fails to connect. So the appears to be required to initialize the connection. Now the question is how do I add them to the configuration? I manually added the contents of that element to a file ~/.certs/nm-openvpn/Ashburn-edited-extra-certs.pem along with the other elements, but that appears to be insufficient. I assume that I need to add the proper entry to /etc/NetworkManager/system-connections/Private Tunnel - Ashburn, but my question is what form does that entry take? In the [vpn] section I see various entries referencing the certificates, specifically: cert=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-cert.pem key=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-key.pem ca=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-ca.pem ta=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-tls-auth.pem So I assume I need a similar line for this one, but should it be "extra-certs=" or "ec=" there? I guess I could try both, but I would prefer to get it right the first time. Or is it perhaps something else entirely? Dave ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
On Wed, 2018-02-21 at 12:03 -0500, David H. Durgee wrote: > Thomas Haller wrote: > > I will consider debug logging after you have a chance to inspect the > connection show and let me know if it looks sane or is missing a > crucial > element. Hi, the settings don't look wrong, but whether the settings are correct depends very much on your server configuratoin. Enable debug logging and see why the connection failed. Since NM does not support the argument, you should investigate whether that argument is required in your setup. For example, (as you said, plain openvpn works) by running openvpn with the ovpn without the option. best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Thomas Haller wrote: On Tue, 2018-02-20 at 16:46 -0500, David H. Durgee wrote: As I indicated in my last posting, I was going to try editing out the element that was being complained about in the error and see what happens. I was able to successfully import the edited ovpn file using network connections. Sidenote: import of a ovpn file is only a step to create the connection profile in NetworkManager. When you activate a VPN connection, what matters is how the connection profile locks in NetworkManager, see for example $ nmcli connection show "$VPN_PROFILE" The settings in the profile matter, but it does not matter how the profile was created originally (import ovpn file, or clicked in nm- connection-editor, or nmcli). I have attached the output of the connection show to this response. Now that it is in my available connections, I attempted to activate it. Unfortunately, this failed. Looking in /var/log/syslog I found the following: ... Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake failed Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error] received, process restarting Unclear, what is wrong. What did you do about the unsupported extra-certs option? nm-openvpn does not support that, so there is no immediate way how to specify them. Is this option required for you to successfully establish the connection? I simply edited it out of the profile. I don't know if it is required or optional. You could enable debug logging, for example via sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN afterward, re-activate the VPN connection and look at journal. Note that verbose logging of openvpn might reveal private sensitive information. Take care before sending a logfile. See comment about rate limiting of journal at https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf Also, in the logfile you will see how NetworkManager's VPN plugin invokes the openvpn binary and which parameters are passed to it. Are those parameters making sense? best, Thomas I will consider debug logging after you have a chance to inspect the connection show and let me know if it looks sane or is missing a crucial element. Thank you for your assistance in this matter. Dave connection.id: Private Tunnel - Ashburn connection.uuid:03cba5d7-57df-4bd8-b5d3-24c3f24013d7 connection.interface-name: -- connection.type:vpn connection.autoconnect: yes connection.autoconnect-priority:0 connection.timestamp: 0 connection.read-only: no connection.permissions: connection.zone:-- connection.master: -- connection.slave-type: -- connection.autoconnect-slaves: -1 (default) connection.secondaries: connection.gateway-ping-timeout:0 connection.metered: unknown connection.lldp:-1 (default) ipv4.method:auto ipv4.dns: ipv4.dns-search: ipv4.dns-options: (default) ipv4.dns-priority: 0 ipv4.addresses: ipv4.gateway: -- ipv4.routes: ipv4.route-metric: -1 ipv4.ignore-auto-routes:no ipv4.ignore-auto-dns: no ipv4.dhcp-client-id:-- ipv4.dhcp-timeout: 0 ipv4.dhcp-send-hostname:yes ipv4.dhcp-hostname: -- ipv4.dhcp-fqdn: -- ipv4.never-default: no ipv4.may-fail: yes ipv4.dad-timeout: -1 (default) ipv6.method:auto ipv6.dns: ipv6.dns-search: ipv6.dns-options: (default) ipv6.dns-priority: 0 ipv6.addresses: ipv6.gateway: -- ipv6.routes: ipv6.route-metric: -1 ipv6.ignore-auto-routes:no ipv6.ignore-auto-dns: no ipv6.never-default: no ipv6.may-fail: yes ipv6.ip6-privacy: 0 (disabled) ipv6.addr-gen-mode: stable-privacy ipv6.dhcp-send-hostname:yes ipv6.dhcp-hostname: -- vpn.service-type: org.freedesktop.NetworkManager.openvpn vpn.user-name: -- vpn.data: ta =
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
On Tue, 2018-02-20 at 16:46 -0500, David H. Durgee wrote: > As I indicated in my last posting, I was going to try editing out > the > element that was being complained about in the error and see what > happens. I was able to successfully import the edited ovpn file > using > network connections. Sidenote: import of a ovpn file is only a step to create the connection profile in NetworkManager. When you activate a VPN connection, what matters is how the connection profile locks in NetworkManager, see for example $ nmcli connection show "$VPN_PROFILE" The settings in the profile matter, but it does not matter how the profile was created originally (import ovpn file, or clicked in nm- connection-editor, or nmcli). > Now that it is in my available connections, I attempted to activate > it. > Unfortunately, this failed. Looking in /var/log/syslog I found the > following: ... > Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key > negotiation > failed to occur within 60 seconds (check your network connectivity) > Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake > failed > Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error] > received, process restarting Unclear, what is wrong. What did you do about the unsupported extra-certs option? nm-openvpn does not support that, so there is no immediate way how to specify them. Is this option required for you to successfully establish the connection? You could enable debug logging, for example via sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN afterward, re-activate the VPN connection and look at journal. Note that verbose logging of openvpn might reveal private sensitive information. Take care before sending a logfile. See comment about rate limiting of journal at https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf Also, in the logfile you will see how NetworkManager's VPN plugin invokes the openvpn binary and which parameters are passed to it. Are those parameters making sense? best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
As I indicated in my last posting, I was going to try editing out the element that was being complained about in the error and see what happens. I was able to successfully import the edited ovpn file using network connections. Now that it is in my available connections, I attempted to activate it. Unfortunately, this failed. Looking in /var/log/syslog I found the following: Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0350] audit: op="connection-activate" uuid="03cba5d7-57df-4bd8-b5d3-24c3f24013d7" name="Private Tunnel - Ashburn" pid=2421 uid=1000 result="success" Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0521] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: Started the VPN service, PID 21285 Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0904] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: Saw the service appear; activating connection Feb 20 16:20:48 Z560 NetworkManager[1008]: nm-openvpn-Message: openvpn[21289] started Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.1261] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN plugin: state changed: starting (3) Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.1262] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN connection: (ConnectInteractive) reply received Feb 20 16:20:48 Z560 nm-openvpn[21289]: OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017 Feb 20 16:20:48 Z560 nm-openvpn[21289]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Feb 20 16:20:48 Z560 nm-openvpn[21289]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 20 16:20:48 Z560 nm-openvpn[21289]: TCP/UDP: Preserving recently used remote address: [AF_INET]198.24.187.53:1194 Feb 20 16:20:48 Z560 nm-openvpn[21289]: UDP link local: (not bound) Feb 20 16:20:48 Z560 nm-openvpn[21289]: UDP link remote: [AF_INET]198.24.187.53:1194 Feb 20 16:20:48 Z560 nm-openvpn[21289]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay Feb 20 16:20:48 Z560 nm-openvpn[21289]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Feb 20 16:21:48 Z560 nm-openvpn[21289]: TLS Error: TLS handshake failed Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGUSR1[soft,tls-error] received, process restarting Feb 20 16:21:48 Z560 NetworkManager[1008]: [1519161708.8643] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN connection: connect timeout exceeded. Feb 20 16:21:48 Z560 NetworkManager[1008]: libnm-Message: Connect timer expired, disconnecting. Feb 20 16:21:48 Z560 NetworkManager[1008]: nm-openvpn-Message: openvpn[21289]: send SIGTERM Feb 20 16:21:48 Z560 nm-openvpn[21289]: SIGTERM[hard,init_instance] received, process exiting Feb 20 16:21:48 Z560 NetworkManager[1008]: nm-openvpn-Message: openvpn[21289] exited with success Feb 20 16:21:48 Z560 NetworkManager[1008]: [1519161708.8712] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN plugin: failed: connect-failed (1) Feb 20 16:21:48 Z560 NetworkManager[1008]: [1519161708.8721] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN plugin: state changed: stopping (5) Feb 20 16:21:48 Z560 NetworkManager[1008]: [1519161708.8722] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN plugin: state changed: stopped (6) I attached a copy of this log in case the above is unreadable. How do I correct this problem and get the tunnel working? Dave Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0350] audit: op="connection-activate" uuid="03cba5d7-57df-4bd8-b5d3-24c3f24013d7" name="Private Tunnel - Ashburn" pid=2421 uid=1000 result="success" Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0521] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: Started the VPN service, PID 21285 Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.0904] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: Saw the service appear; activating connection Feb 20 16:20:48 Z560 NetworkManager[1008]: nm-openvpn-Message: openvpn[21289] started Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.1261] vpn-connection[0x132d270,03cba5d7-57df-4bd8-b5d3-24c3f24013d7,"Private Tunnel - Ashburn",0]: VPN plugin: state changed: starting (3) Feb 20 16:20:48 Z560 NetworkManager[1008]: [1519161648.1262]
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
Thomas Haller wrote: On Thu, 2018-02-15 at 14:24 -0500, David H. Durgee wrote: Hi, I am running Linux Mint 18.3 x64 cinnamon and have the OpenVPN plugin installed with network manager. I have an OpenVPN profile from Private Tunnel that I use with no problems on my phone with the OpenVPN Connect app. I can also use the profile at the terminal window in LM 18.3 successfully. Attempting to import the OpenVPN profile fails with an error: Cannot import VPN connection The file 'Ashburn.ovpn' could not be read or does not contain recognized VPN connection information Error: the plugin does not support import capability. The error message is not helpful because of bug https://bugzilla.gnome.org/show_bug.cgi?id=790770#c1 You might get a better message with nmcli connection import type openvpn file "$FILENAME" and maybe that already tells you what's wrong. In my terminal window I get: [snip] all this information is not relevant, because import is solely done by the user application that reads the .ovpn file and creates a corresponding connection profile in NetworkManager compatible format Commonly it's one of nmcli, nm-connection-editor, gnome-control-center, or plasma-nm. Can you be more precise about which application you are using to import the ovpn file? The information that matters most is the ovpn file itself and the version of the nm-openvpn plugin that performs the import. Please send the ovpn file, but make sure to sanitize private information (without changing the meaning of the file too much). best, Thomas I tired the command line tool as suggested: dhdurgee@Z560 ~/Downloads $ nmcli connection import type openvpn file Ashburn.ovpn Error: failed to import 'Ashburn.ovpn': configuration error: unsupported blob/xml element (line 77). Looking at the file, the line indicated and following are: -BEGIN CERTIFICATE- *** certificate omitted *** -END CERTIFICATE- Beyond that extra certificate are the RSA KEY and TLS information. I guess I can try editing the file to remove the extra certificate and see if that passes muster. Dave ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon
On Thu, 2018-02-15 at 14:24 -0500, David H. Durgee wrote: Hi, > I am running Linux Mint 18.3 x64 cinnamon and have the OpenVPN > plugin > installed with network manager. I have an OpenVPN profile from > Private > Tunnel that I use with no problems on my phone with the OpenVPN > Connect > app. I can also use the profile at the terminal window in LM 18.3 > successfully. Attempting to import the OpenVPN profile fails with an > error: > > Cannot import VPN connection > > The file 'Ashburn.ovpn' could not be read or does not contain > recognized > VPN connection information > > Error: the plugin does not support import capability. The error message is not helpful because of bug https://bugzilla.gnome.org/show_bug.cgi?id=790770#c1 You might get a better message with nmcli connection import type openvpn file "$FILENAME" and maybe that already tells you what's wrong. > In my terminal window I get: [snip] all this information is not relevant, because import is solely done by the user application that reads the .ovpn file and creates a corresponding connection profile in NetworkManager compatible format Commonly it's one of nmcli, nm-connection-editor, gnome-control-center, or plasma-nm. Can you be more precise about which application you are using to import the ovpn file? The information that matters most is the ovpn file itself and the version of the nm-openvpn plugin that performs the import. Please send the ovpn file, but make sure to sanitize private information (without changing the meaning of the file too much). best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
