English Forums > Virtual private networks

OpnSense .ovpn export fails to import into Ubuntu 22.04 OpenVPN

(1/3) > >>

llamprec:
I have exported my archived file from the VPN portal, but when I try to Add a VPN by importing the .ovpn file into the config I get the following error
Cannot import VPN connection
The file "office.ovpn" could not be read or does not contain recognised VPN connection information

Error: the plugin does not support import capability

when I try to import the .ovpn file on the commandline, I get the following error.

nmcli connection import type openvpn file office.ovpn
Error: failed to import 'office.ovpn': The file to import wasn't a valid OpenVPN configuration (--ca cannot be PKCS#12 format).

Any help would be appreciated.
Lawrence

bartjsmit:
Make sure that you ovpn file has the <ca></ca> <cert></cert> <key></key> stanzas and that the blocks are PEM encoded. You can't use PKCS#12 or pfx files in OpenVPN configs.

Open office.ovpn in a text editor and confirm it looks like this:

<header lines like dev cipher remote etc>
<cert>
</cert>
<ca>
</ca>
<key>
</key>

Paste the contents of the relevant text files between the tags - e.g. for the cert and ca blocks something like:
-----BEGIN CERTIFICATE-----
MII................
................
.............
-----END CERTIFICATE-----

Bart...

llamprec:
Bart,

Thanks for the response but the issue that I am facing is as follows. Within the Opnsense portal I have added a user under the VPN config. If I look at the username, on the right hand side there is a link for me to download the ovpn file to use for this user.

If I click to download the archived file. The contents of the file has 3 files.
office.key
office.p12
office.ovpn

I do not have the option to view the ca file.

I have tried to extract a .pem file but cannot seem to find what the error I get means.

How can it be so complicated to use the .ovpn file that is downloaded from the portal.

Any dvice would be much appreciated.

Thanks
Lawrence

bartjsmit:
Hi Lawrence, not sure how you are left with just the p12 stuff but I can help you recover from it  ;)

Open a shell prompt in OPNsense or another unix box with OpenSSL installed, copy the office.p12 file to it and run:

openssl pkcs12 -in office.p12 -out cert.pem -clcerts -nokeys
openssl pkcs12 -in office.p12 -out key.pem -nocerts -nodes

This gives you everything but the CA certificate file. The CA file is static and you can download the PEM in the OPNsense web GUI with System, Trust, Authorities. Click the 'export CA cert' icon to the right of the CA certificate line.

Copy the contents of the PEM files with the directives from office.ovpn as I indicated earlier.

Good luck!

Bart...

llamprec:
Bart

Thanks for your input, it seems that the certificates were generated with/without a password. The guy that created the config cannot remember. so when I try what you suggested I get a VERIFY FAILED error. Seems that the file is password encoded and he cannot remember what it was. So I feel we will have to create new files.

Thanks in any how.

Lawrence

Navigation

[0] Message Index

[#] Next page