The following my .ovpn
file with parts of identifying information obfuscated with "blah". I've been trying to connect using Ubuntu 16.04.
client
dev tun
proto udp
remote blah.blah.com
port 52424
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_blahblahblah name
cipher AES-256-CBC
auth SHA256
compress lz4
verb 3
<ca>
-----BEGIN CERTIFICATE-----
blahblahblah
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
blahblahblah
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
blahblahblah
-----END RSA PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
blahblahblah
-----END OpenVPN Static key V1-----
</tls-crypt>
When I try to import this with sudo nmcli connection import type openvpn file blah.ovpn
I get the following.
Error: failed to import 'blah.ovpn': configuration error: unsupported blob/xml element (line 92).
Line 92 is where you see <tls-crypt>
.
When I try sudo openvpn --config blah.ovpn
I get the following.
Options error: Unrecognized option or missing parameter(s) in blah.ovpn:15: compress (2.3.10)
Line 15 is compress lz4
. When I comment this out and try again, I get the following.
Options error: Unrecognized option or missing parameter(s) in blah.ovpn:20: tls-crypt (2.3.10)
Line 20 is just in two lines after -----BEGIN CERTIFICATE-----
in the <ca>
tag, which seems odd.
I've looked online and while I've seen similar errors I've not seen anyone having these exact problems that I have.
I created the .ovpn
file on my Raspberry PI using pivpn
. The generated files work smoothly on both my Windows machine, and my Android device, just not Ubuntu.
Any ideas?
The
--compress
error is because Ubuntu uses OpenVPN 2.3.10, and 2.3.10 doesn't know about that directive.--compress
was added in 2.4.x.In 2.3.x, LZO compression was the only compression method supported, via the
--comp-lzo
directive.See https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos for info on adding the official OpenVPN repo so you can upgrade to the latest stable version (2.4.6 at the time this was posted).
--tls-crypt
was also added in 2.4.x, so you would need to upgrade OpenVPN in order to use that as well.However, Network Manager's OpenVPN plugin hasn't added support for
--compress
yet.According to https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/issues/1,
--compress
is still an open issue. This does say that--tls-crypt
was added in NM 1.2.10, but Ubuntu uses NM 1.2.6.