I'm trying to use a .ovpn file on the built-in VPN settings in Ubuntu 23.10
I go to the setting menu --> Network --> '+' button next to VPN
I click "Import from file..." and navigate to my .ovpn file.
It seems to work but never connects. On a Windows VM on the same machine, I use the OpenVPN client and the SAME file and it works just fine, so it's not the file configuration.
Do I need to do anything in the Advanced settings to get it to work? The other ovpn posts on here seem old and don't relate to modern versions of Ubuntu. I have also tried using the CLI command nmcli connection import type openvpn file <.opvn file> which again imports it correctly but doesn't connect (same behaviour as the GUI).
In syslog, I get nm-openvpn[22624]: read UDPv4 [EHOSTUNREACH]: No route to host (fd=5,code=113) but as I said, It works from the same machine on my VM.
UFW is not enabled so the port is open.
Update:
I switched to port 1193 to try and using nc, I can see that 1193 is listening:
~$ nc -v -u -z -w 3 <myIP> 1193
Connection to <myIP> 1193 port [udp/*] succeeded!
Output of journal:
Jan 29 16:46:49 markswift3 nm-openvpn[6429]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 29 16:46:49 markswift3 nm-openvpn[6429]: TCP/UDP: Preserving recently used remote address: [AF_INET]<myIP>:1193
Jan 29 16:46:49 markswift3 nm-openvpn[6429]: UDPv4 link local: (not bound)
Jan 29 16:46:49 markswift3 nm-openvpn[6429]: UDPv4 link remote: [AF_INET]<myIP>:1193
Jan 29 16:46:55 markswift3 nm-openvpn[6429]: [server] Peer Connection Initiated with [AF_INET]<myIP>:1193
Jan 29 16:46:56 markswift3 nm-openvpn[6429]: AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)
Jan 29 16:46:56 markswift3 nm-openvpn[6429]: SIGUSR1[soft,auth-failure] received, process restarting
Jan 29 16:46:57 markswift3 nm-openvpn[6429]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 29 16:46:57 markswift3 nm-openvpn[6429]: TCP/UDP: Preserving recently used remote address: [AF_INET]<myIP>:1193
Jan 29 16:46:57 markswift3 nm-openvpn[6429]: UDPv4 link local: (not bound)
Jan 29 16:46:57 markswift3 nm-openvpn[6429]: UDPv4 link remote: [AF_INET]<myIP>:1193
Jan 29 16:47:08 markswift3 systemd[1]: systemd-hostnamed.service: Deactivated successfully.
My .ovpn file looks like this (with the keys appended):
client
dev tun
proto udp
remote <myIP> 1193
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
verb 3
@codlord solved this for me (see comments on OP).
I had to disable the cipher directive in both the server and client and allow OpenVPN to negotiate the ciphers amongst the allowed cipher list itself. It turns out that Windows and Linux use a different list, which is why my Win 11 VM was working.
To do this, I commented out the line
#cipher AES-256-CBCin both the server and client config. In Linux, the server config is at /etc/openvpn/server/server.conf The client config is in the .ovpn file generated when you setup an new client.Then, because I'm using Ubuntu's control panel (network manager) to manage the VPN, I had to change the screen:
and change the cipher dropdown from
AES-256-CBCtoDefault.Restarted both OpenVPN apps and it works!