• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Client Export files does not work

Scheduled Pinned Locked Moved OpenVPN
11 Posts 3 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    miki_teleco
    last edited by Jan 10, 2018, 3:55 PM

    Hi everyone,

    I am working with 2.4.2-RELEASE-p1 (amd64)  PfSense  and I am getting some troubles when I try to use *.ovpn, *.p12 files to stablish a VPN connection. I am using OpenVPN 2.4.4 client in Ubuntu 16.04.3 LTS. This is the error I am getting trying ovpn file (translated by me because I use spanish languaje as default): "Key file has the line «dev tun» which is not a key-value, group or comment. ".

    I am trying a VPN connection in edit connections -> add new connection -> import  a vpn saved connection.

    Why I can not use this file? Where is the error? I tried to reinstall openvpn package but nothing happened.

    Thanks beforehand, regards
    Mike

    1 Reply Last reply Reply Quote 0
    • J Offline
      jimp Rebel Alliance Developer Netgate
      last edited by Jan 10, 2018, 6:18 PM

      Sounds like the exporter is fine but whatever you are importing to doesn't like something in the file. Without more detail about the contents of the config file it's hard to offer and suggestions.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • J Offline
        johnpoz LAYER 8 Global Moderator
        last edited by Jan 10, 2018, 8:41 PM

        What exactly are you downloading in the exporter… Why would you not just download the inline setup?  Or the archive option.. Where are you getting p12 files from?  your grabbing the bundle archive (zip) and not unzipping it?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

        1 Reply Last reply Reply Quote 0
        • M Offline
          miki_teleco
          last edited by Jan 11, 2018, 9:31 AM

          Hi, thanks for both answers.

          Jimp, when you talk about config file do you refer to openvpn config file? In this case I did not configure / I don't know anything about that.

          johnpoz, I am downloading what you can see in the image. I tried every red marked option, from p12 file to ovpn file. I am sure it is my error not Pfsense error but I don't know how to proceed. Also I am unzipping .zip packages to get what is inside (p12, ovpn and key files).

          Thanks.

          capture.png
          capture.png_thumb

          1 Reply Last reply Reply Quote 0
          • J Offline
            johnpoz LAYER 8 Global Moderator
            last edited by Jan 11, 2018, 9:48 AM Jan 11, 2018, 9:42 AM

            The inline would have no p12 file, since all certs on include in the ovpn file..  This would be the one I would think you should use..

            With the archive there would be certs included in the zip you would need to put them in the same folder as the ovpn file when you import it.  The config file only is just that - just the config you would have to grabe the specific certs on your own and place them in the correct folder structure for the client to have access to them..

            Not sure exactly what your trying to do with ubuntu… But with the windows client I just use the inline top left there and place that ovpn file in the config folder.. It then shows up as a connection option.

            The ovpn file is just text - what does your look like?  Here is an inline of mine.. Snipped out all the extra key info so easier to read...  And removed part of my public IP of course.

            inlineovpn.png
            inlineovpn.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

            1 Reply Last reply Reply Quote 0
            • M Offline
              miki_teleco
              last edited by Jan 11, 2018, 10:18 AM

              My zip archive contains .key, .p12 and .ovpn file. However, this ovpn file is shorter than ovpn file downloaded by inline option. inline ovpn file is similar as yours with the difference you can see in attached image.

              ![Captura de pantalla de 2018-01-11 11-16-37.png](/public/imported_attachments/1/Captura de pantalla de 2018-01-11 11-16-37.png)
              ![Captura de pantalla de 2018-01-11 11-16-37.png_thumb](/public/imported_attachments/1/Captura de pantalla de 2018-01-11 11-16-37.png_thumb)

              1 Reply Last reply Reply Quote 0
              • J Offline
                johnpoz LAYER 8 Global Moderator
                last edited by Jan 11, 2018, 10:29 AM

                So you fully snipped out everything from your cert and key or are those not there? At all?

                If your missing the cert and key then yeah its not going to work.. Since your only doing tls auth then yes you will have a key-direction directive.. Im doing tls-crypt..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                1 Reply Last reply Reply Quote 0
                • M Offline
                  miki_teleco
                  last edited by Jan 11, 2018, 10:51 AM

                  I downloaded an ovpn file from another pfsense firewall and this file contains those fields but I am getting the same error. I also reinstalled openvpn but nothing new…

                  ![Captura de pantalla de 2018-01-11 11-49-23.png](/public/imported_attachments/1/Captura de pantalla de 2018-01-11 11-49-23.png)
                  ![Captura de pantalla de 2018-01-11 11-49-23.png_thumb](/public/imported_attachments/1/Captura de pantalla de 2018-01-11 11-49-23.png_thumb)

                  1 Reply Last reply Reply Quote 0
                  • J Offline
                    johnpoz LAYER 8 Global Moderator
                    last edited by Jan 11, 2018, 11:00 AM

                    Your getting this error

                    ""Key file has the line «dev tun» which is not a key-value, group or comment. "."

                    Seems like to me your trying to load your ovpn file as your key file.. Which is not what you do…

                    How exactly are you trying to load this into openvpn client on ubuntu?  With the openvpn client you just point to the ovpn file that is it there is no importing anything...

                    Something like this

                    openvpn --config ~/pfsense-config.ovpn

                    Are you trying to load it in network manager or something?  and your pointing the key to the opvn file?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      miki_teleco
                      last edited by Jan 11, 2018, 1:10 PM Jan 11, 2018, 11:23 AM

                      Yes, this is the error I'm getting. I am doing next: edit connections -> add new connection -> import  a vpn saved connection.  There is where I am selecting ovpn file. I also tried your command and the output is different deppending if I use root or not. Also, in not root mode, this error is returned when I write pw and user: " ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)  Exiting due to fatal error"

                      -Sorry for red lines in attached image but I need to hide all sensible data-

                      EDIT: If I use openvpn –config with root user and specifing all route up to ovpn file seems everything works nice... Now I am triying to add openvpn connection in GUI manager which results very usefull because I will have to manage many ovpn connections at the same time.

                      EDIT 2 : OpenVPN needs to create TUN/TAP virtual interfaces to send and/or receive packages over the VPN connection. This means that only root user can use openvpn with any problems. Possible solution: add commands with NOPASS in sudoers file.

                      ![Captura de pantalla de 2018-01-11 12-26-34.png](/public/imported_attachments/1/Captura de pantalla de 2018-01-11 12-26-34.png)
                      ![Captura de pantalla de 2018-01-11 12-26-34.png_thumb](/public/imported_attachments/1/Captura de pantalla de 2018-01-11 12-26-34.png_thumb)

                      1 Reply Last reply Reply Quote 0
                      • J Offline
                        johnpoz LAYER 8 Global Moderator
                        last edited by Jan 11, 2018, 1:17 PM

                        Not a real network manager user in linux…  But I do recall there is a plugin you have to add

                        I would suggest you do a simple google - but I could fire up a ubuntu vm and walk thru this if still having problems..

                        Did you add the openvpn network manager plugin?

                        user@ubuntu:~$ apt-cache search network-manager-openvpn
                        network-manager-openvpn - network management framework (OpenVPN plugin core)
                        network-manager-openvpn-gnome - network management framework (OpenVPN plugin GNOME GUI)

                        You might have to call out the specifics for the tls key - simple google finds multiple examples of this..

                        Worse case is I could fire up a network manager gui on ubuntu vm and walk through it.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                        1 Reply Last reply Reply Quote 0
                        11 out of 11
                        • First post
                          11/11
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received