Reverse engineer openVPN connection
-
Trying to use a OVPN :
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote xxx.xxx.xxx 1198 tcp-client
verify-x509-name "Pfsene-Server1" name
pkcs12 pfSense-TCP-1198-Us-Client.p12
remote-cert-tls server
comp-lzo adaptiveHaving imported this VPN in Fedora network manager, I get a certificate pwd prompt. How to retrieve the pwd from pfsense server, which is acting as the OpenVPN server. Same OVPN imports in mac/Tunnelblick..without any issues.
Couple of screen shots..
-
"The password is not required" ?
-
Network Manager requieres a password when using a p12 file.
To apply a pw to the pks12, use the OVPN client export utility to export the config and certs, check "Password Protect Certificate" and enter a pw before exporting.
-
I'm afraid, there's nothing like what you just mentioned..Pfsense>OVPN allows exporting user certs in crt, key and p12 format...none of that prompts for pwd whilst exporting.
-
Install the package openvpn-client-export.
Then go to VPN > OpenVPN > Client Export Utility, configure all needed settings, also check "Password Protect Certificate" and enter a password below.
Go down and hit export bundled config as archive. -
Here's the logs from networkmanager :
Aug 01 15:51:18 works-mobi NetworkManager[876]: <info> [1533153078.8369] vpn-connection[0x55cb8b1fc220,4fc09d1a-0976-48e3-9177-9c603a4c29c8,"pfSense-TCP-1198-Us-Client",0]: Saw the service appear; activating > Aug 01 15:51:18 works-mobi NetworkManager[876]: <info> [1533153078.9788] vpn-connection[0x55cb8b1fc220,4fc09d1a-0976-48e3-9177-9c603a4c29c8,"pfSense-TCP-1198-Us-Client",0]: VPN plugin: state changed: starting> Aug 01 15:51:18 works-mobi NetworkManager[876]: <info> [1533153078.9789] vpn-connection[0x55cb8b1fc220,4fc09d1a-0976-48e3-9177-9c603a4c29c8,"pfSense-TCP-1198-Us-Client",0]: VPN connection: (ConnectInteractive> Aug 01 15:51:18 works-mobi nm-openvpn[3510]: WARNING: file '/home/works/Documents/vpn/pfSense-TCP-1198-Us-Client/pfSense-TCP-1198-Us-Client.p12' is group or others accessible Aug 01 15:51:18 works-mobi nm-openvpn[3510]: OpenVPN 2.4.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018 Aug 01 15:51:18 works-mobi nm-openvpn[3510]: library versions: OpenSSL 1.1.0h-fips 27 Mar 2018, LZO 2.08 Aug 01 15:51:18 works-mobi nm-openvpn[3510]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Aug 01 15:51:18 works-mobi nm-openvpn[3510]: Error opening file /home/works/Documents/vpn/pfSense-TCP-1198-Us-Client/pfSense-TCP-1198-Us-Client.p12 Aug 01 15:51:18 works-mobi nm-openvpn[3510]: Exiting due to fatal error Aug 01 15:51:18 works-mobi NetworkManager[876]: <warn> [1533153078.9890] vpn-connection[0x55cb8b1fc220,4fc09d1a-0976-48e3-9177-9c603a4c29c8,"pfSense-TCP-1198-Us-Client",0]: VPN plugin: failed: connect-failed > Aug 01 15:51:18 works-mobi NetworkManager[876]: <warn> [1533153078.9891] vpn-connection[0x55cb8b1fc220,4fc09d1a-0976-48e3-9177-9c603a4c29c8,"pfSense-TCP-1198-Us-Client",0]: VPN plugin: failed: connect-failed > Aug 01 15:51:18 works-mobi NetworkManager[876]: <info> [1533153078.9891] vpn-connection[0x55cb8b1fc220,4fc09d1a-0976-48e3-9177-9c603a4c29c8,"pfSense-TCP-1198-Us-Client",0]: VPN plugin: state changed: stopping> lines 1443-1493/1495 1
There doesn't seem to be any permission issues :
-rw-r--r--. 1 works works 3957 Aug 1 15:42 /home/gworks/Documents/vpn/pfSense-TCP-1198-Us-Client/pfSense-TCP-1198-Us-Client.p12We were able to find the 'Password..ate" checkbox and set the pwd :
-
It's actually..
@matvrix said in Reverse engineer openVPN connection:-rw-r--r--. 1 works works 3957 Aug 1 15:42 /home/works/Documents/vpn/pfSense-TCP-1198-Us-Client/pfSense-TCP-1198-Us-Client.p12
There was a typo..again, the p12 is at /home/works/Documents/vpn/pfSense-TCP-1198-Us-Client/pfSense-TCP-1198-Us-Client.p12
-
No idea, what causes that error.
For me the described method work with Network Manager 1.10.6, openvpn plugin 1.8.2 and OpenVPN 2.4.3. However, it also work with the former 2.3.18.pw correct?
-
Same ovpn installs properly in a mac/TunnelBlick with the same pwd as this.
Where do you have your p12 and OVPN file ?
-
The file are stored in a sub of my home, the .ovpn (but I think that isn't used anymore after import in NW, the .p12 and the TLS key.
The permissions are '-rw-------' -
Hence opened a bug - https://bugzilla.redhat.com/show_bug.cgi?id=1611812