Ask / Submit

PiVPN .ovpn file not configurable in the GUI

asked 2019-01-29 20:36:16 +0200

schippe gravatar image

updated 2019-01-29 23:18:21 +0200

Maus gravatar image


when importing an .ovpn file created by PiVPN, a VPN connection to my VPN server cannot be established on my phone. I am on Sailfish OS version on an Xperia X.

What did I do?

  • go to the UI
  • import the .ovpn file
  • choose: Request login if needed (I don't know how it is titled in
    English, my system is in German)
  • start the connection and type the name of the OpenVPN profile as
    username and the passphrase as
  • connect -> didn't work

If I recall correctly the PiVPN configuration files need only a passphrase for authentication and no username-password combination.

When I configure the vpn via console as root however, it works. Then I am also able to just type in the passphrase.

Is there any way in Sailfish to authenticate with just the passphrase? Alternatively, what do I need to change on my server so that I can use the config-files in Sailfish?

On my other non-Sailfish devices I can connect to my OpenVPN server.



the .ovpn file:

dev tun
proto udp
remote *** 1194
resolv-retry infinite
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server*** name
cipher AES-256-CBC
auth SHA256
compress lz4
verb 3
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,***

# 2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
edit retag flag offensive close delete


I use .ovpn config with openvpn and it works. Maybe you should post your config, of course without the security data but all lines. Maybe there i something special which is not correctly imported.

SaimenSays ( 2019-01-29 21:46:05 +0200 )edit

ok, I added it.

schippe ( 2019-01-29 21:55:15 +0200 )edit

1 Answer

Sort by » oldest newest most voted

answered 2019-01-29 23:12:02 +0200

Maus gravatar image

updated 2019-01-30 10:04:16 +0200

As you can see in your quoted configuration, your cryptographic key is protected by a passphrase. The SFOS GUI is unable to extract the key from your configuration. You can remove this passphrase with the help of the openssl CLI tool and replace the key section in your configuration with the unprotected key:

  • Put the key (data between <key> and </key>) into a file named protected.key
  • Remove the passphrase with OpenSSL, entering the passphrase when asked for it (command below, for the sake of markup limitations)
  • Replace the key data in your configuration by the contents of the file named plain.key.

The command to remove the passphrase is openssl rsa -in protected.key -out plain.key.

edit flag offensive delete publish link more



Btw, I'd love to see SFOS handle passphrase protected keys gracefully in a future update.

Maus ( 2019-01-29 23:14:47 +0200 )edit

Thank you very much, it finally works now! However, importing the .ovpn directly did not work. I had to skip the import step and configure it manually. I gave the VPN a name, provided the server address and certificate and under "Advanced" imported the .ovpn file.

But I agree, it would be better for SFOS to handle it better. This way I now have an "unlocked" VPN configuration file, which kinda defeats the purpose of having a passphrase in the first place...

schippe ( 2019-01-31 20:42:34 +0200 )edit
Login/Signup to Answer

Question tools



Asked: 2019-01-29 20:36:16 +0200

Seen: 123 times

Last updated: Jan 30