Ask / Submit
0

PiVPN .ovpn file not configurable in the GUI [answered]

Tracked by Jolla

asked 2019-01-29 20:36:16 +0300

schippe gravatar image

updated 2019-01-29 23:18:21 +0300

Maus gravatar image

Hi,

when importing an .ovpn file created by PiVPN, a VPN connection to my VPN server cannot be established on my phone. I am on Sailfish OS version 3.0.1.11 on an Xperia X.

What did I do?

  • go to the UI
  • import the .ovpn file
  • choose: Request login if needed (I don't know how it is titled in
    English, my system is in German)
  • start the connection and type the name of the OpenVPN profile as
    username and the passphrase as
    password
  • connect -> didn't work

If I recall correctly the PiVPN configuration files need only a passphrase for authentication and no username-password combination.

When I configure the vpn via console as root however, it works. Then I am also able to just type in the passphrase.

Is there any way in Sailfish to authenticate with just the passphrase? Alternatively, what do I need to change on my server so that I can use the config-files in Sailfish?

On my other non-Sailfish devices I can connect to my OpenVPN server.

Thanks

EDIT

the .ovpn file:

client
dev tun
proto udp
remote *** 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server*** name
cipher AES-256-CBC
auth SHA256
compress lz4
verb 3
<ca>
-----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,***

***
-----END RSA PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
***
-----END OpenVPN Static key V1-----
</tls-crypt>
edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by Maus
close date 2019-03-22 18:44:56.763882

Comments

I use .ovpn config with openvpn and it works. Maybe you should post your config, of course without the security data but all lines. Maybe there i something special which is not correctly imported.

SaimenSays ( 2019-01-29 21:46:05 +0300 )edit

ok, I added it.

schippe ( 2019-01-29 21:55:15 +0300 )edit

1 Answer

Sort by » oldest newest most voted
1

answered 2019-01-29 23:12:02 +0300

Maus gravatar image

updated 2019-01-30 10:04:16 +0300

As you can see in your quoted configuration, your cryptographic key is protected by a passphrase. The SFOS GUI is unable to extract the key from your configuration. You can remove this passphrase with the help of the openssl CLI tool and replace the key section in your configuration with the unprotected key:

  • Put the key (data between <key> and </key>) into a file named protected.key
  • Remove the passphrase with OpenSSL, entering the passphrase when asked for it (command below, for the sake of markup limitations)
  • Replace the key data in your configuration by the contents of the file named plain.key.

The command to remove the passphrase is openssl rsa -in protected.key -out plain.key.

edit flag offensive delete publish link more

Comments

1

Btw, I'd love to see SFOS handle passphrase protected keys gracefully in a future update.

Maus ( 2019-01-29 23:14:47 +0300 )edit
1

Thank you very much, it finally works now! However, importing the .ovpn directly did not work. I had to skip the import step and configure it manually. I gave the VPN a name, provided the server address and certificate and under "Advanced" imported the .ovpn file.

But I agree, it would be better for SFOS to handle it better. This way I now have an "unlocked" VPN configuration file, which kinda defeats the purpose of having a passphrase in the first place...

schippe ( 2019-01-31 20:42:34 +0300 )edit

Question tools

Follow
2 followers

Stats

Asked: 2019-01-29 20:36:16 +0300

Seen: 206 times

Last updated: Jan 30