[Solved] OpenVPN - Linux (Ubuntu) client export
-
Hi guys,
I don't know if this has already been asked. But I'm having some issues when trying to get some of our Linux clients to use OpenVPN export. I'm doing an export of Viscosity Bundle then I'm importing the clients config.conf and checking all fields are filled out correctly in Ubuntu's NetworkManager. But every time the clients try to connect the only logging I get is a bunch of these:
openvpn[20284]: TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:39337
openvpn[20284]: Authenticate/Decrypt packet error: packet HMAC authentication failedIf I download their clients and try them on a Windows machine it works without any problems. I've triple checked that the right user/pass is setup in Ubuntu's NetworkManager, can someone point me in the right direction?
On pfsense 1.2.3 there was no issues what so ever, but there you had to manually copy over the config/crt/key files and that worked like a charm and still does.
pfsense: 2.1.5-RELEASE, AMD64
Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
[
/U -
that means you're missing one of the certificates. Don't use the Viscosity bundle for Linux, get the zip that has the individual files.
-
Hi cmb,
The zip files gives you;
*-udp-1194.ovpn
*-udp-1194.p12
*-udp-1194-tls.keyI guess I'll have to do some kind of export from the *.p12 file then or am I wrong? Since I can't figure out how to import that into the NetworkManager in Ubuntu.
pfsense: 2.1.5-RELEASE, AMD64
Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
[/U -
You can use that as is from the command line OpenVPN. I don't know how that works in Ubuntu, it should support p12 files, but you may have to expand that into the individual files.
-
Okay I've checked up on it a bit - The graphical network-manager-openvpn for Ubuntu (Gnome in general I guess) does not direct support *.p12 files.
It's heavily discussed in this thread: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/91615
And a guy from the link above has made a patch in this article:
http://mail.gnome.org/archives/networkmanager-list/2010-January/msg00248.htmlJust if anyone else want's to offer their Linux/Ubuntu clients the ability to installed the certificates themselves.
Thanks cmb!!
pfsense: 2.1.5-RELEASE, AMD64
Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
[/U -
Just to do a little update on this thread for others.
This now work for Ubuntu 10.10.
pfsense: 2.1.5-RELEASE, AMD64
Running on: MB/CPU: ASUS P8H77-I / Core i3-2120T | MEM: 8GB DDR3 | HDD: WD Blue 120GB 2.5" SATA | WAN/LAN: Fujitsu D2735-2 – Intel® chip 82576NS | WLAN: Realtek® 8111F PCIe | Connection: 1000/1000Mbit (Bredband2.com)
[/U