Client Export files does not work
-
Hi everyone,
I am working with 2.4.2-RELEASE-p1 (amd64) PfSense and I am getting some troubles when I try to use *.ovpn, *.p12 files to stablish a VPN connection. I am using OpenVPN 2.4.4 client in Ubuntu 16.04.3 LTS. This is the error I am getting trying ovpn file (translated by me because I use spanish languaje as default): "Key file has the line «dev tun» which is not a key-value, group or comment. ".
I am trying a VPN connection in edit connections -> add new connection -> import a vpn saved connection.
Why I can not use this file? Where is the error? I tried to reinstall openvpn package but nothing happened.
Thanks beforehand, regards
Mike -
Sounds like the exporter is fine but whatever you are importing to doesn't like something in the file. Without more detail about the contents of the config file it's hard to offer and suggestions.
-
What exactly are you downloading in the exporter… Why would you not just download the inline setup? Or the archive option.. Where are you getting p12 files from? your grabbing the bundle archive (zip) and not unzipping it?
-
Hi, thanks for both answers.
Jimp, when you talk about config file do you refer to openvpn config file? In this case I did not configure / I don't know anything about that.
johnpoz, I am downloading what you can see in the image. I tried every red marked option, from p12 file to ovpn file. I am sure it is my error not Pfsense error but I don't know how to proceed. Also I am unzipping .zip packages to get what is inside (p12, ovpn and key files).
Thanks.
-
The inline would have no p12 file, since all certs on include in the ovpn file.. This would be the one I would think you should use..
With the archive there would be certs included in the zip you would need to put them in the same folder as the ovpn file when you import it. The config file only is just that - just the config you would have to grabe the specific certs on your own and place them in the correct folder structure for the client to have access to them..
Not sure exactly what your trying to do with ubuntu… But with the windows client I just use the inline top left there and place that ovpn file in the config folder.. It then shows up as a connection option.
The ovpn file is just text - what does your look like? Here is an inline of mine.. Snipped out all the extra key info so easier to read... And removed part of my public IP of course.
-
My zip archive contains .key, .p12 and .ovpn file. However, this ovpn file is shorter than ovpn file downloaded by inline option. inline ovpn file is similar as yours with the difference you can see in attached image.
 -
So you fully snipped out everything from your cert and key or are those not there? At all?
If your missing the cert and key then yeah its not going to work.. Since your only doing tls auth then yes you will have a key-direction directive.. Im doing tls-crypt..
-
I downloaded an ovpn file from another pfsense firewall and this file contains those fields but I am getting the same error. I also reinstalled openvpn but nothing new…
 -
Your getting this error
""Key file has the line «dev tun» which is not a key-value, group or comment. "."
Seems like to me your trying to load your ovpn file as your key file.. Which is not what you do…
How exactly are you trying to load this into openvpn client on ubuntu? With the openvpn client you just point to the ovpn file that is it there is no importing anything...
Something like this
openvpn --config ~/pfsense-config.ovpn
Are you trying to load it in network manager or something? and your pointing the key to the opvn file?
-
Yes, this is the error I'm getting. I am doing next: edit connections -> add new connection -> import a vpn saved connection. There is where I am selecting ovpn file. I also tried your command and the output is different deppending if I use root or not. Also, in not root mode, this error is returned when I write pw and user: " ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1) Exiting due to fatal error"
-Sorry for red lines in attached image but I need to hide all sensible data-
EDIT: If I use openvpn –config with root user and specifing all route up to ovpn file seems everything works nice... Now I am triying to add openvpn connection in GUI manager which results very usefull because I will have to manage many ovpn connections at the same time.
EDIT 2 : OpenVPN needs to create TUN/TAP virtual interfaces to send and/or receive packages over the VPN connection. This means that only root user can use openvpn with any problems. Possible solution: add commands with NOPASS in sudoers file.
 -
Not a real network manager user in linux… But I do recall there is a plugin you have to add
I would suggest you do a simple google - but I could fire up a ubuntu vm and walk thru this if still having problems..
Did you add the openvpn network manager plugin?
user@ubuntu:~$ apt-cache search network-manager-openvpn
network-manager-openvpn - network management framework (OpenVPN plugin core)
network-manager-openvpn-gnome - network management framework (OpenVPN plugin GNOME GUI)You might have to call out the specifics for the tls key - simple google finds multiple examples of this..
Worse case is I could fire up a network manager gui on ubuntu vm and walk through it.