openVPN on Ubuntu, fixing import errors

You can run into trouble importing an .ovpn config file in Ubuntu, while the same file is imported without any problem in Android.

Somehow when there are unknown or not-supported sections in the config file, importing in Ubuntu will fail with this rather obscure error:

The file 'vpn.ovpn' could not be read or does not contain recognized VPN connection information

Error: the plugin does not support import capability.

The solution is to manually edit the openvpn.ovpn file in a text editor and fix it.

In my case the openvpn.ovpn config file suffered from 2 problems:

• connections were double defined
• a <dh> tag was includes, which shouldn’t be in a client file

Fixing the openvpn.ovpn file import

Following these steps will fix the import of openvpn.ovpn config files in Ubuntu 16.04 LTS. Open the openvp.ovpn in a text-editor.

1. Delete the complete <dh> tag.
2. When you have multiple <connection> tags, it won’t import. Remove the TCP connection tag completely:
   <connection>
remote <ip> 443 tcp-client
</connection
3. The edit the remaining connection tag by removing the surrounding tags, simply unXML it.
   <connection>
remote <ip> 1194 udp
</connection>
   to
   remote <ip> 1194 udp

Save your file and import it.

1. Edit connections
2. Add
3. Scroll down
4. Import a saved vpn connection
5. create
6. Select the edited openvpn.ovpn file
7. Done!

Explanation

The Diffie Hellman Parameters are only needed for the server, so this is a bug in  the openvpn server that creates the client config file. Still the import script should skip this setting instead of choking on it.

Then the multiple connection issue: Most openvpn servers will accept connections over UPD (preferred setting), but will offer a fallback over TCP when the client is behind a firewall that doesn’t allow UDP. This will happen now and then. The TCP port is the same as the https port, so that port is always open. It seems the network manager doesn’t allow multiple connection setup, although it can use a TCP connection. If you need TCP as a fallback just setup two connections:

1. OpenVPN UDP
2. OpenVPN TCP

And choose what you need in your network settings, this is probably the best solution. And actually easier then changing method inside the the profile settings, like you should do in Android.

You probably need to replace tcp-client with tcp, and remove the connection tag:

remote <ip> 443 tcp

Happy and safe networking!

This entry was posted on Sunday, October 22nd, 2017 at 5:58 pm and is filed under privacy, Webtechnology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.