ovpn file doesn't work in network-manager

[mirlipili]

Hello,

I'm using the script to create a VPN tunnel between a VPS and my laptop. The script works fine, but network-manager can't establish a connection. It does work when using openvpn --config client.ovpn The error I get in the logs is VPN connection: connect timeout exceeded

The strange thing is that I setup a VPN a year ago using this script with another location, and it worked fine. I still have the script from a year ago, and if I use the old version, network-manager can connect to the vps.

Is there something that should be put back in the new version? One difference I see in network-manager, is in advanced -> TLS settings. With the old version, I have Mode: TLS-auth and a key file, but with the new version, mode is set to none.

Thanks

[Nyr]

Thanks to your detailed description the issue is very easy to identify :)

Your version of NetworkManager doesn't support tls-crypt, which was a recent upgrade from tls-auth.

If you want, you can safely revert to tls-auth, just don't forget to specify key direction.

I'm on my mobile now and can't give you details but take a look at the documentation, is easy to do. If unable, let me know and I'll give you details when I can.

[ratijas]

Stumbled upon it as well.

It is possible to add tls-crypt manually after importing the *.ovpn config. But it is too much of a hustle for a regular™ user, and just not convenient even for advanced ones.

I opened an issue at NetworkManager-openvpn plugin repository: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/54

[Nyr]

I am sorry but tls-crypt has been part of OpenVPN stable releases for nearly 4 years already, so this is a bug which should be reported elsewhere.

The script is pretty conservative, but we can't extend legacy client support forever.

[ratijas]

Oh, hey! Sorry, I completely forgot I have commented here.

Well, figured out, this is issue is specific to plasma-nm which is a KDE/Plasma applet and system settings module (in general: KDE frontend) for network manager. It uses custom implementation for parsing *.ovpn files instead of relying on functions from dynamic library provided by the NetworkManager-openvpn package.

It has been reported to KDE, and I also added my comment there. https://bugs.kde.org/show_bug.cgi?id=396530

With that being said, obviously it has nothing to do with openvpn-install script itself. Sorry for any caused trouble.

[Nyr]

Thank you for the useful explanation and your help reporting the issue.

It sometimes takes a while if it is not urgent, but I always respond to issues here.

[DrunkenToast]

For anyone that has this issue in KDE you can use the command sudo nmcli connection import type openvpn file client.ovpn to import the file instead, it will then be added to the applet and work as intended.