search

OpenVPN / openvpn3-linux

OpenVPN 3 Linux client
GNU Affero General Public License v3.0
564 stars 151 forks source link

Line too long Issue #151

Closed malqabbani closed 2 years ago

malqabbani commented 2 years ago

When run the command openvpn3 session-start --config config.ovpn I got the following error config-import: ERROR ERR_PROFILE_LINE_TOO_LONG: line too long

ordex commented 2 years ago

Can you share your config file? This error basically says that one of the lines in the config file is beyond the acceptable limit.

malqabbani commented 2 years ago

@ordex config.ovpn

cipher AES-256-CBC
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 443 tcp
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 1194 udp
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 0
rcvbuf 0
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<ca>
ca.crt
</ca>
<cert>
user.crt
</cert>
<key>
user.key
</key>
key-direction 1
<tls-auth>
tls.key
</tls-auth>
malqabbani commented 2 years ago

ca.crt and user.crt and user.key, tls.key is fiiles where secrets is encoded as base64

dsommers commented 2 years ago

How are those embedded files encoded? As a long single line, or wrapped around 75-80 characters?

dsommers commented 2 years ago

Also, can you try to use the openvpn3-as utility to download the profile this way?

 $ openvpn3-as https://ovpn.xx.com/ --name MY_CONFIG_NAME

Then you can try to start the session like this:

 $ openvpn3 session-start --config MY_CONFIG_NAME
malqabbani commented 2 years ago

long single line, or wrapped around 75-80 characters

@dsommers I use the command to write file echo $CA_CRT > ca.crt

dsommers commented 2 years ago

@dsommers I use the command to write file echo $CA_CRT > ca.crt

Hmmm ... this looks very odd. The content of echo $CA_CRT might not give the expected output. In addition, using <ca>FILENAME</ca> might not behave as expected. If ca.crt, user.key, user.crt and tls.key are files, then your config should use this approach instead of the <ca|key|cert|tls-auth>...</ca|key|cert|tls-auth> approach. You config should have these lines instead:

 ca ca.crt
 key user.key
 cert user.crt
 tls-auth tls.key
malqabbani commented 2 years ago

@dsommers fine i use as ca ca.crt key user.key cert user.crt tls-auth tls.key

but still error showed

dsommers commented 2 years ago

Okay, that is still odd. Did you try the openvpn3-as approach as mentioned earlier?

malqabbani commented 2 years ago

@dsommers not yet, i am on mac os and use vpn client with provided client.ovpn file from the admin

malqabbani commented 2 years ago

@dsommers @ordex i modifiy config file to

client server-poll-timeout 4 nobind remote ovpn.xx.com 1194 udp remote ovpn.xx.com 1194 udp remote ovpn.xx.com 443 tcp remote ovpn.xx.com 1194 udp remote ovpn.xx.com 1194 udp remote ovpn.xx.com 1194 udp remote ovpn.xx.com 1194 udp remote ovpn.xx.com 1194 udp dev tun dev-type tun ns-cert-type server setenv opt tls-version-min 1.0 or-highest reneg-sec 604800 sndbuf 0 rcvbuf 0 auth-user-pass

comp-lzo no verb 3

ca ca.crt cert client.crt key client.key tls-auth ta.key 1

and the error is gone but have a new error session-start: ERROR Failed to start new session: Failed calling D-Bus method Connect: GDBus.Error:net.openvpn.v3.sessions.error: Failed communicating with VPN backend: Failed calling D-Bus method Connect: GDBus.Error:net.openvpn.v3.error.***: Configuration parsing failed: ERR_PROFILE_OPTION: option_error: remote option not specified

dsommers commented 2 years ago

Your configuration file seem to be completely broken some how. When I copy-paste your configuration to a directory which contains some test keys/certificates with the same names .... this is what happens:

$ cat test.conf 
client
server-poll-timeout 4
nobind
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 443 tcp
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 1194 udp
remote ovpn.xx.com 1194 udp
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 0
rcvbuf 0
auth-user-pass

comp-lzo no
verb 3

ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
$ openvpn2 --config test.conf --verb 6
Credentials needed
Auth User name: test
Auth Password: 
Press CTRL-C to stop the connection

2022-09-27 13:28:55.497723 [STATUS] (StatusMajor.CONNECTION, StatusMinor.CFG_OK) config_path=/net/openvpn/v3/configuration/1e2047e2x6323x4365x99a2xd1ed6a8824d8
2022-09-27 13:28:55.497782 [LOG] Starting connection
2022-09-27 13:28:55.497809 [LOG] Username/password provided successfully for 'test'
2022-09-27 13:28:55.497833 [LOG] Using DNS resolver scope: global
2022-09-27 13:28:55.497854 [LOG] [Connect] DCO flag: disabled
2022-09-27 13:28:55.497877 [STATUS] (StatusMajor.CONNECTION, StatusMinor.CONN_CONNECTING) 
2022-09-27 13:28:55.497902 [LOG] OpenVPN core 3.git:released:a1c44bd0 linux x86_64 64-bit OVPN-DCO built on Sep 23 2022 23:49:07
2022-09-27 13:28:55.497924 [LOG] Frame=512/2048/512 mssfix-ctrl=1250
2022-09-27 13:28:55.498333 [LOG] UNUSED OPTIONS
                                 21 [verb] [6]
2022-09-27 13:28:55.498444 [LOG] Resolving
2022-09-27 13:28:55.515294 [LOG] Contacting 199.59.243.222:1194 via UDP
2022-09-27 13:28:55.515389 [LOG] Waiting for server response
2022-09-27 13:28:55.518694 [LOG] Connecting to [ovpn.xx.com]:1194 (199.59.243.222) via UDPv4
^C
Disconnecting...
Connection statistics:
                    BYTES_OUT: 168
                  PACKETS_OUT: 4

Closing session

It doesn't connect, as the ovpn.xx.com host isn't really an OpenVPN server, and the credentials and certificates would be wrong too. But this demonstration shows that the configuration itself is fine.

dsommers commented 2 years ago

And another test, using openvpn3 session-start

$ openvpn3 session-start --config test.conf
Using configuration profile from file: test.conf
Session path: /net/openvpn/v3/sessions/cf5f2d94s68efs47d5sa2ecsfe658c8d12fd
Auth User name: test
Auth Password: 
^C!!

session-start: ** ERROR ** Session stopped

In another terminal, before I run this command above, I started a log grabber:

$ openvpn3 log --config test.conf
Waiting for session to start ... Done
Attaching to session /net/openvpn/v3/sessions/cf5f2d94s68efs47d5sa2ecsfe658c8d12fd
2022-09-27 13:32:56 [STATUS] Connection, Configuration OK: config_path=/net/openvpn/v3/configuration/cb82c76cxb0f3x497dx9488xec4495dec819
2022-09-27 13:32:56 Client INFO: Starting connection
2022-09-27 13:32:56 Client VERB1: Username/password provided successfully for 'test'
2022-09-27 13:32:56 Client DEBUG: Using DNS resolver scope: global
2022-09-27 13:32:56 Client DEBUG: [Connect] DCO flag: disabled
2022-09-27 13:32:56 [STATUS] Connection, Client connecting
2022-09-27 13:32:56 Client DEBUG: OpenVPN core 3.git:released:a1c44bd0 linux x86_64 64-bit OVPN-DCO built on Sep 23 2022 23:49:07
2022-09-27 13:32:56 Client DEBUG: Frame=512/2048/512 mssfix-ctrl=1250
2022-09-27 13:32:56 Client DEBUG: UNUSED OPTIONS
     2 [nobind]
     16 [sndbuf] [0]
     17 [rcvbuf] [0]
     20 [verb] [6]
2022-09-27 13:32:56 Client VERB2: Resolving
2022-09-27 13:32:56 Client DEBUG: Contacting 199.59.243.222:1194 via UDP
2022-09-27 13:32:56 Client VERB1: Waiting for server response
2022-09-27 13:32:56 Client DEBUG: Connecting to [ovpn.xx.com]:1194 (199.59.243.222) via UDPv4
2022-09-27 13:33:00 Client DEBUG: Server poll timeout, trying next remote entry...
2022-09-27 13:33:00 Client VERB2: Resolving
2022-09-27 13:33:00 Client DEBUG: Contacting 199.59.243.222:1194 via UDP
2022-09-27 13:33:00 Client VERB1: Waiting for server response
2022-09-27 13:33:00 Client DEBUG: Connecting to [ovpn.xx.com]:1194 (199.59.243.222) via UDPv4
2022-09-27 13:33:02 Client INFO: Stopping connection
2022-09-27 13:33:02 [STATUS] Connection, Client disconnecting
2022-09-27 13:33:02 [STATUS] Connection, Client disconnected
2022-09-27 13:33:02 Client INFO: Disconnected
2022-09-27 13:33:02 [STATUS] Connection, Client process exited
Session closed
dsommers commented 2 years ago

Please .... use openvpn3-as on your Linux machine to fetch the configuration profile needed from the Access Server you try to connect to.

dsommers commented 2 years ago

I'm converting this to a "Discussion", as this seems no longer to be a bug or an issue in the openvpn3-linux or related code.