Bug 337091

Summary: Importing .ovpn file doesn't work
Product: [Plasma] plasma-nm Reporter: cocacooler
Component: editorAssignee: Lukáš Tinkl <lukas>
Status: RESOLVED DUPLICATE    
Severity: normal CC: jgrulich, lamarque
Priority: NOR    
Version: 0.9.3.3   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description cocacooler 2014-07-04 20:32:44 UTC 
I can use the file with just openvpn using the following command:
sudo openvpn --config config.ovpn

Then it will ask me login and password, and everything just works. Nothing works if I import in in connection editor.

Reproducible: Always

Steps to Reproduce:
1. Go to connection editor -> File -> Import VPN
2. Notice that it lists *.ovpn in filters
3. Select such .ovpn file
4. It justs gets added to list, doesn't open settings for me to type login and password
5. Try connecting to this server
6. Immediately see "VPN connection 'Connection Name' failed"
7. Go to this connection's details
8. See that Connection type is set to X.509 Certificates even though the .ovpn file says it should use login and password.
9. Set Connection type to "Password".
10. Type username and password, password set to Store.
11. Press Ok, try connecting - same error immediately again
12. Go to the connection's settings again
13. Choose the same .ovpn file as CA file
14. Try connecting again
15. It tries to connect for quite some time and then says: "The connection attempt to the VPN service timed out."
Actual Results:  
Connection doesn't ask you for login and password, doesn't set the correct connection type, doesn't work

Expected Results:  
It should work

This is the text of .ovpn file (with keys cut out for security reasons)
#SecureVPN.to

client
dev tun
proto udp
remote 31.204.128.129 53
remote 31.204.128.129 443
remote-random
resolv-retry 60
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 4

auth SHA512
explicit-exit-notify
key-direction 1
remote-cert-tls server

auth-user-pass

<ca>
-----BEGIN CERTIFICATE-----
TEXTWASCUTOUTFORSECURITYREASONS==
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
TEXTWASCUTOUTFORSECURITYREASONS=
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
TEXTWASCUTOUTFORSECURITYREASONS==
-----END PRIVATE KEY-----
</key>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
TEXTWASCUTOUTFORSECURITYREASONS
-----END OpenVPN Static key V1-----
</tls-auth>
Comment 1 cocacooler 2014-07-04 20:38:29 UTC 
Even if I select Connection type: X.509 With Password and select the .ovpn file as CA file, Certificate and key, and paste username and password and set Key Password to Not Required, it does not work - it immediately reports "VPN connection 'Connection Name' failed."
Comment 2 Jan Grulich 2014-07-04 22:05:27 UTC 
Can you please try to activate your imported connection using "nmcli"? It should give you more information about the problem. Also NetworkManager logs could give you more information. Do you have installed NetworkManager-openvpn plugin? Regarding the import, I'll try to look at it when I have time.
Comment 3 cocacooler 2014-07-04 22:32:19 UTC 
I have networkmanager-openvpn installed.

Here I list contents of networkmanager log.
Importing .ovpn file:

Jul  5 02:23:44 crmlp NetworkManager[6434]:    SCPlugin-Ifnet: Adding vpn connection
Jul  5 02:23:44 crmlp NetworkManager[6434]:    SCPlugin-Ifnet: Can't open /etc/wpa_supplicant/wpa_supplicant.conf for wireless security
Jul  5 02:23:44 crmlp NetworkManager[6434]:    SCPlugin-Ifnet: Loading connections

Trying to connect:

Jul  5 02:24:17 crmlp NetworkManager[6434]: <info> Starting VPN service 'openvpn'...
Jul  5 02:24:17 crmlp NetworkManager[6434]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 6173
Jul  5 02:24:17 crmlp NetworkManager[6434]: <info> VPN service 'openvpn' appeared; activating connections
Jul  5 02:24:17 crmlp NetworkManager[6434]: <info> VPN plugin state changed: starting (3)
Jul  5 02:24:17 crmlp NetworkManager[6434]: <info> VPN connection 'Netherlands' (Connect) reply received.
Jul  5 02:24:17 crmlp nm-openvpn[6175]: Options error: You must define CA file (--ca) or CA path (--capath)
Jul  5 02:24:17 crmlp nm-openvpn[6175]: Use --help for more information.
Jul  5 02:24:17 crmlp NetworkManager[6434]: <warn> VPN plugin failed: 1
Jul  5 02:24:17 crmlp NetworkManager[6434]: <info> VPN plugin state changed: stopped (6)
Jul  5 02:24:17 crmlp NetworkManager[6434]: <info> VPN plugin state change reason: 0
Jul  5 02:24:17 crmlp NetworkManager[6434]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Jul  5 02:24:22 crmlp NetworkManager[6434]: <info> VPN service 'openvpn' disappeared

Setting Connection Type to X.509 with password and setting Username and Password:

Jul  5 02:25:43 crmlp NetworkManager[6434]: copy_hash: assertion 'strlen (value)' failed
Jul  5 02:25:43 crmlp NetworkManager[6434]: copy_hash: assertion 'strlen (value)' failed
Jul  5 02:25:43 crmlp NetworkManager[6434]: copy_hash: assertion 'strlen (value)' failed

After all previous steps and setting CA file, Certificate and Key to that .ovpn file and Key Password to Not Required:

Jul  5 02:29:19 crmlp NetworkManager[6434]: <info> Starting VPN service 'openvpn'...
Jul  5 02:29:19 crmlp NetworkManager[6434]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 6999
Jul  5 02:29:19 crmlp NetworkManager[6434]: <info> VPN service 'openvpn' appeared; activating connections
Jul  5 02:29:19 crmlp NetworkManager[6434]: <info> VPN plugin state changed: starting (3)
Jul  5 02:29:19 crmlp NetworkManager[6434]: <info> VPN connection 'Netherlands' (Connect) reply received.
Jul  5 02:29:19 crmlp nm-openvpn[7006]: OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul  3 2014
Jul  5 02:29:19 crmlp nm-openvpn[7006]: library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.08
Jul  5 02:29:19 crmlp nm-openvpn[7006]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jul  5 02:29:19 crmlp nm-openvpn[7006]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul  5 02:29:19 crmlp nm-openvpn[7006]: Error reading PKCS#12 file /path/was/removed/because/privacy/filename.ovpn: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Jul  5 02:29:19 crmlp nm-openvpn[7006]: Exiting due to fatal error
Jul  5 02:29:19 crmlp NetworkManager[6434]: <warn> VPN plugin failed: 1
Jul  5 02:29:19 crmlp NetworkManager[6434]: <info> VPN plugin state changed: stopped (6)
Jul  5 02:29:19 crmlp NetworkManager[6434]: <info> VPN plugin state change reason: 0
Jul  5 02:29:19 crmlp NetworkManager[6434]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Jul  5 02:29:25 crmlp NetworkManager[6434]: <info> VPN service 'openvpn' disappeared
Comment 4 Lamarque V. Souza 2014-07-05 20:48:20 UTC 

*** This bug has been marked as a duplicate of bug 329837 ***