-
Lomic
- OpenVpn Newbie
- Posts: 2
- Joined: Wed May 04, 2022 12:35 pm
Import error «failed to parse profile» new update 3.2.7
Hi. Encountered with the issue after last update 3.2.7 build 7957.
Phones with the issue — redmi note 9 pro and Samsung s10+.
In folder we have 4 files, key, ca, client cert and *.ovpn config.
While we importing ovpn config on new version we encountered withe issue of failed to parse profile and it list our files…
Ammm sorry not understood how to add screenshot (
On version 3.2.5 all worked fine. Without any errors.
-
Lomic
- OpenVpn Newbie
- Posts: 2
- Joined: Wed May 04, 2022 12:35 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post
by Lomic » Wed May 04, 2022 2:27 pm
How I understood after updating app loose rights to use explorer. And I can’t edit it. So it will be great to fix this issue, because on the redmi note 4 or 5 rights for this app stay and new version continue work without any errors.
-
makkio
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Mar 10, 2022 12:06 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post
by makkio » Mon May 16, 2022 7:06 am
same identical problem on a samsung galaxy tab s7.
Worked some days ago, but after a device factory reset i reinstalled ovpn connect and i obtained this error.
I tried using inline certificates and keys but in that case i obtained «line too long» error either on android and in windows.
Solutions?
-
Flotech88
- OpenVpn Newbie
- Posts: 2
- Joined: Fri May 20, 2022 1:00 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post
by Flotech88 » Fri May 20, 2022 1:29 pm
Hello,
Same since 3.2.7 update, unable to import config files:
Failed to import profile (Failed to parse profile)
Very blocking when using this application «in production» ….
A new update is expected soon?
At the moment I haven’t found a solution, if anyone has anything?
-
Flotech88
- OpenVpn Newbie
- Posts: 2
- Joined: Fri May 20, 2022 1:00 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post
by Flotech88 » Fri May 20, 2022 3:32 pm
I found the solution, I redownloaded the profile with my mobile from my firewall, choosing «SSL VPN profile for OpenVPN Connect mobile clients (single .ovpn file)» and importing just this config file, the connection is okay
-
andrixnet
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Aug 09, 2017 5:34 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post
by andrixnet » Fri Jun 03, 2022 7:57 am
I hit the same problem with a newly installed app (3.2.7 v7957) on a samsung tablet.
I looked under settings, it showed permissions: Files and media DENIED. I manually set it to allowed, but it can only be set to «media only».
Of course, it doesn’t work to import a profile. I’m stuck.
I have an APK version 3.2.5, but due to «benevolent Google» removing permission to install from other source, I can’t get it to work.
-
4Star
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Jun 08, 2022 1:16 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post
by 4Star » Wed Jun 08, 2022 1:18 pm
I had exactly the same issue, everything works fine on the PC client but cannot get the mobile to work.
I did get it working in the end, I had to use the inline profile configuration in the .ovpn file. Adding the Keys into the VPN profile allowed it to import successfully. As others have said I think it’s that the client no longer realises the other files are in the same folder as the profile you’re importing and can’t access the things it needs.
-
fabry09
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Jun 10, 2022 11:14 am
Re: Import error «failed to parse profile» new update 3.2.7
Post
by fabry09 » Fri Jun 10, 2022 11:16 am
Dear Openvpn Support
same problem!!!!!!!!!!!!!!!!!!!!!!
The profile does not import, is the same profile successfully imported in the last release (before 3.2.7).
Do you think OPENVPN could solve as soon as possibile????
Thank you
-
Trav2974
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Jun 10, 2022 11:15 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post
by Trav2974 » Fri Jun 10, 2022 11:23 pm
4Star wrote: ↑
Wed Jun 08, 2022 1:18 pm
I had exactly the same issue, everything works fine on the PC client but cannot get the mobile to work.I did get it working in the end, I had to use the inline profile configuration in the .ovpn file. Adding the Keys into the VPN profile allowed it to import successfully. As others have said I think it’s that the client no longer realises the other files are in the same folder as the profile you’re importing and can’t access the things it needs.
The inline profile configuration is the way to make it work as 4Star has said. I had to google it for help on how to correctly do the «inline configuration» but this worked for me. Here’s a link to the article that helped:
https://gist.github.com/renatolfc/f6c9e2a5bd6503005676
Following that, I’m on Android and noticed that it failed to parse on the «[inline]» blocks as another user noted. So you just take those lines out completely. In other words, you won’t have the 3 rows on lines 8, 9, and 10 in that github example above. Find the other 3 files and edit them in Notepad (or whatever), copy the text in those files and place them between the appropriate blocks at the end of the file (<ca></ca>, <key></key>, and <cert></cert>) and that should work. Client.key file goes in the <key> block, ca.crt file goes in the <ca> block, and client.crt goes in the <cert> block.
Save your .opvn file with those changes and drop it on your phone and import — should do the trick!
-
mizuhoid
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Jul 03, 2022 3:22 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post
by mizuhoid » Sun Jul 03, 2022 3:36 pm
The error that has been discussed here is like this?
«`
Failed to import profile
Failed to parse profile: ta.key:
cannot open for read: /data/user/0/net.openvpn.openvpn/files/temp/ta.key
«`
-
Bekese
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Jul 18, 2022 6:58 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post
by Bekese » Mon Jul 18, 2022 7:01 pm
4Star wrote: ↑
Wed Jun 08, 2022 1:18 pm
I had exactly the same issue, everything works fine on the PC client but cannot get the mobile to work.I did get it working in the end, I had to use the inline profile configuration in the .ovpn file. Adding the Keys into the VPN profile allowed it to import successfully. As others have said I think it’s that the client no longer realises the other files are in the same folder as the profile you’re importing and can’t access the things it needs.
How did you add the keys into the VPN profile? can you show what the new config looks like?
-
Monska85
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Jul 20, 2022 10:02 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post
by Monska85 » Wed Jul 20, 2022 10:07 pm
Bekese wrote: ↑
Mon Jul 18, 2022 7:01 pm
4Star wrote: ↑
Wed Jun 08, 2022 1:18 pm
I had exactly the same issue, everything works fine on the PC client but cannot get the mobile to work.I did get it working in the end, I had to use the inline profile configuration in the .ovpn file. Adding the Keys into the VPN profile allowed it to import successfully. As others have said I think it’s that the client no longer realises the other files are in the same folder as the profile you’re importing and can’t access the things it needs.
How did you add the keys into the VPN profile? can you show what the new config looks like?
As described here, you can use the following syntax to add the inline configuration in your .ovpn files:
Code: Select all
<ca>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
</key>ATTENTION: remember to remove any occurrences of the file path configuration (e.g.: ca /path/of/your/ca/certificate)
-
susli
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Aug 27, 2022 11:20 am
Re: Import error «failed to parse profile» new update 3.2.7
Post
by susli » Sat Aug 27, 2022 11:43 am
mizuhoid wrote: ↑
Sun Jul 03, 2022 3:36 pm
The error that has been discussed here is like this?«`
Failed to import profile
Failed to parse profile: ta.key:
cannot open for read: /data/user/0/net.openvpn.openvpn/files/temp/ta.key
«`
Hello, I found an earlier post how to add ta.key file into ovpn file as inline.
I tried it and it works
you can find it here:
viewtopic.php?t=11987#p26978
my client.ovpn file looks like this:
Code: Select all
client
dev tun
proto udp
remote "your.domain port"
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
verb 3
<ca>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
[...]
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
[...]
-----END OpenVPN Static key V1-----
</tls-auth>
Looks like you’re using OpenVPN Connect on Windows and I assume it’s version 3.In that version TAP is no longer supported. You should use TUN mode.
I believe OpenVPN Community Edition 2.5 (https://openvpn.net/community-downloads/ Opens a new window) still supports TAP.
Better option is to just turn off TAP altogether if you can in the Netgear. The screenshot above does not seem to suggest a way to only configure TUN. Perhaps in Advanced settings you can do such a thing?
You can look at modifying the generated openvpn configuration file and see about removing the TAP portions. The ovpn file is usually just a text file you can edit in Notepad.
Was this post helpful?
thumb_up
thumb_down
OP
RDB001
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
jalapeno
Looks like you’re using OpenVPN Connect on Windows and I assume it’s version 3.In that version TAP is no longer supported. You should use TUN mode.
I believe OpenVPN Community Edition 2.5 (https://openvpn.net/community-downloads/ Opens a new window) still supports TAP.
Better option is to just turn off TAP altogether if you can in the Netgear. The screenshot above does not seem to suggest a way to only configure TUN. Perhaps in Advanced settings you can do such a thing?
You can look at modifying the generated openvpn configuration file and see about removing the TAP portions. The ovpn file is usually just a text file you can edit in Notepad.
It looks like the TAP can not be disabled through the interface. I will attempt to download version 2.5 to see if I can get this to work. If that doesn’t work, what steps would need to be taken to remove the openvpn configuration files?
Was this post helpful?
thumb_up
thumb_down
OP
RDB001
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
jalapeno
Here is the error I am receiving when using version 2.5:
2021-02-23 09:35:59 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless «allow-compression yes» is also set.
2021-02-23 09:35:59 us=883743 DEPRECATED OPTION: —cipher set to ‘AES-128-CBC’ but missing in —data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore —cipher for cipher negotiations. Add ‘AES-128-CBC’ to —data-ciphers or change —cipher ‘AES-128-CBC’ to —data-ciphers-fallback ‘AES-128-CBC’ to silence this warning.
Options error: —ca fails with ‘ca.crt’: No such file or directory (errno=2)
Options error: —cert fails with ‘client.crt’: No such file or directory (errno=2)
2021-02-23 09:35:59 us=884706 WARNING: cannot stat file ‘client.key’: No such file or directory (errno=2)
Options error: —key fails with ‘client.key’: No such file or directory (errno=2)
Options error: Please correct these errors.
Use —help for more information.
Was this post helpful?
thumb_up
thumb_down
OP
RDB001
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
jalapeno
Additionally,
The config files are in the directory of:
C:Program filesOpenVPNconfig
Was this post helpful?
thumb_up
thumb_down
OP
RDB001
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
jalapeno
Which in turns gives this result:
Was this post helpful?
thumb_up
thumb_down
OP
RDB001
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
jalapeno
The client.opvn extension file:
client
dev tap
proto udp
dev-node NETGEAR-VPN
remote x.x.x.x (MY IP) 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5
Was this post helpful?
thumb_up
thumb_down
Try just changing «tap» to «tun» and update the port number in the «remote» line from 12974 to the TUN port shown in your Netgear config.
The other errors about missing files are curious because you are showing those files exist in the same folder. Or did you move the files into there after you showed the error log? The last screenshot tells you to check the client.log file — what does that contain?
1 found this helpful
thumb_up
thumb_down
Have you opened the appropriate ports in the client firewall?
Also, try entering the appropriate path to the certs in the config. Examples (notice the double slashes):
ca «C:\Program Files\OpenVPN\config\ca.crt»
cert «C:\Program Files\OpenVPN\config\MRdesktop.crt»
key «C:\Program Files\OpenVPN\config\MRdesktop.key»
1 found this helpful
thumb_up
thumb_down
OP
RDB001
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
jalapeno
GerardBeekmans wrote:
Try just changing «tap» to «tun» and update the port number in the «remote» line from 12974 to the TUN port shown in your Netgear config.
The other errors about missing files are curious because you are showing those files exist in the same folder. Or did you move the files into there after you showed the error log? The last screenshot tells you to check the client.log file — what does that contain?
Okay I replaced tap with tun and changed the port to 12973 and I am getting a bit further but am running into a TLS handshake issue.
2021-02-23 11:15:58 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless «allow-compression yes» is also set.
2021-02-23 11:15:58 us=108749 DEPRECATED OPTION: —cipher set to ‘AES-128-CBC’ but missing in —data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore —cipher for cipher negotiations. Add ‘AES-128-CBC’ to —data-ciphers or change —cipher ‘AES-128-CBC’ to —data-ciphers-fallback ‘AES-128-CBC’ to silence this warning.
2021-02-23 11:15:58 us=109744 Current Parameter Settings:
2021-02-23 11:15:58 us=109744 config = ‘client.ovpn’
2021-02-23 11:15:58 us=109744 mode = 0
2021-02-23 11:15:58 us=109744 show_ciphers = DISABLED
2021-02-23 11:15:58 us=109744 show_digests = DISABLED
2021-02-23 11:15:58 us=109744 show_engines = DISABLED
2021-02-23 11:15:58 us=109744 genkey = DISABLED
2021-02-23 11:15:58 us=109744 genkey_filename = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 key_pass_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 show_tls_ciphers = DISABLED
2021-02-23 11:15:58 us=109744 connect_retry_max = 0
2021-02-23 11:15:58 us=109744 Connection profiles [0]:
2021-02-23 11:15:58 us=109744 proto = udp
2021-02-23 11:15:58 us=109744 local = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 local_port = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 remote = ‘MYIP’
2021-02-23 11:15:58 us=109744 remote_port = ‘12973’
2021-02-23 11:15:58 us=109744 remote_float = DISABLED
2021-02-23 11:15:58 us=109744 bind_defined = DISABLED
2021-02-23 11:15:58 us=109744 bind_local = DISABLED
2021-02-23 11:15:58 us=109744 bind_ipv6_only = DISABLED
2021-02-23 11:15:58 us=109744 connect_retry_seconds = 5
2021-02-23 11:15:58 us=109744 connect_timeout = 120
2021-02-23 11:15:58 us=109744 socks_proxy_server = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 socks_proxy_port = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 tun_mtu = 1500
2021-02-23 11:15:58 us=109744 tun_mtu_defined = ENABLED
2021-02-23 11:15:58 us=109744 link_mtu = 1500
2021-02-23 11:15:58 us=109744 link_mtu_defined = DISABLED
2021-02-23 11:15:58 us=109744 tun_mtu_extra = 0
2021-02-23 11:15:58 us=109744 tun_mtu_extra_defined = DISABLED
2021-02-23 11:15:58 us=109744 mtu_discover_type = -1
2021-02-23 11:15:58 us=109744 fragment = 0
2021-02-23 11:15:58 us=109744 mssfix = 1450
2021-02-23 11:15:58 us=109744 explicit_exit_notification = 0
2021-02-23 11:15:58 us=109744 tls_auth_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 key_direction = not set
2021-02-23 11:15:58 us=109744 tls_crypt_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 tls_crypt_v2_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 Connection profiles END
2021-02-23 11:15:58 us=109744 remote_random = DISABLED
2021-02-23 11:15:58 us=109744 ipchange = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 dev = ‘tun’
2021-02-23 11:15:58 us=109744 dev_type = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 dev_node = ‘NETGEAR-VPN’
2021-02-23 11:15:58 us=109744 lladdr = ‘[UNDEF]’
2021-02-23 11:15:58 us=109744 topology = 1
2021-02-23 11:15:58 us=109744 ifconfig_local = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 ifconfig_remote_netmask = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 ifconfig_noexec = DISABLED
2021-02-23 11:15:58 us=110741 ifconfig_nowarn = DISABLED
2021-02-23 11:15:58 us=110741 ifconfig_ipv6_local = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 ifconfig_ipv6_netbits = 0
2021-02-23 11:15:58 us=110741 ifconfig_ipv6_remote = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 shaper = 0
2021-02-23 11:15:58 us=110741 mtu_test = 0
2021-02-23 11:15:58 us=110741 mlock = DISABLED
2021-02-23 11:15:58 us=110741 keepalive_ping = 0
2021-02-23 11:15:58 us=110741 keepalive_timeout = 0
2021-02-23 11:15:58 us=110741 inactivity_timeout = 0
2021-02-23 11:15:58 us=110741 ping_send_timeout = 0
2021-02-23 11:15:58 us=110741 ping_rec_timeout = 0
2021-02-23 11:15:58 us=110741 ping_rec_timeout_action = 0
2021-02-23 11:15:58 us=110741 ping_timer_remote = DISABLED
2021-02-23 11:15:58 us=110741 remap_sigusr1 = 0
2021-02-23 11:15:58 us=110741 persist_tun = ENABLED
2021-02-23 11:15:58 us=110741 persist_local_ip = DISABLED
2021-02-23 11:15:58 us=110741 persist_remote_ip = DISABLED
2021-02-23 11:15:58 us=110741 persist_key = ENABLED
2021-02-23 11:15:58 us=110741 passtos = DISABLED
2021-02-23 11:15:58 us=110741 resolve_retry_seconds = 1000000000
2021-02-23 11:15:58 us=110741 resolve_in_advance = DISABLED
2021-02-23 11:15:58 us=110741 username = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 groupname = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 chroot_dir = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 cd_dir = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 writepid = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 up_script = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 down_script = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 down_pre = DISABLED
2021-02-23 11:15:58 us=110741 up_restart = DISABLED
2021-02-23 11:15:58 us=110741 up_delay = DISABLED
2021-02-23 11:15:58 us=110741 daemon = DISABLED
2021-02-23 11:15:58 us=110741 inetd = 0
2021-02-23 11:15:58 us=110741 log = ENABLED
2021-02-23 11:15:58 us=110741 suppress_timestamps = DISABLED
2021-02-23 11:15:58 us=110741 machine_readable_output = DISABLED
2021-02-23 11:15:58 us=110741 nice = 0
2021-02-23 11:15:58 us=110741 verbosity = 5
2021-02-23 11:15:58 us=110741 mute = 0
2021-02-23 11:15:58 us=110741 gremlin = 0
2021-02-23 11:15:58 us=110741 status_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 status_file_version = 1
2021-02-23 11:15:58 us=110741 status_file_update_freq = 60
2021-02-23 11:15:58 us=110741 occ = ENABLED
2021-02-23 11:15:58 us=110741 rcvbuf = 0
2021-02-23 11:15:58 us=110741 sndbuf = 0
2021-02-23 11:15:58 us=110741 sockflags = 0
2021-02-23 11:15:58 us=110741 fast_io = DISABLED
2021-02-23 11:15:58 us=110741 comp.alg = 2
2021-02-23 11:15:58 us=110741 comp.flags = 1
2021-02-23 11:15:58 us=110741 route_script = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 route_default_gateway = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 route_default_metric = 0
2021-02-23 11:15:58 us=110741 route_noexec = DISABLED
2021-02-23 11:15:58 us=110741 route_delay = 5
2021-02-23 11:15:58 us=110741 route_delay_window = 30
2021-02-23 11:15:58 us=110741 route_delay_defined = ENABLED
2021-02-23 11:15:58 us=110741 route_nopull = DISABLED
2021-02-23 11:15:58 us=110741 route_gateway_via_dhcp = DISABLED
2021-02-23 11:15:58 us=110741 allow_pull_fqdn = DISABLED
2021-02-23 11:15:58 us=110741 Pull filters:
2021-02-23 11:15:58 us=110741 ignore «route-method»
2021-02-23 11:15:58 us=110741 management_addr = ‘127.0.0.1’
2021-02-23 11:15:58 us=110741 management_port = ‘25340’
2021-02-23 11:15:58 us=110741 management_user_pass = ‘stdin’
2021-02-23 11:15:58 us=110741 management_log_history_cache = 250
2021-02-23 11:15:58 us=110741 management_echo_buffer_size = 100
2021-02-23 11:15:58 us=110741 management_write_peer_info_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 management_client_user = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 management_client_group = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 management_flags = 6
2021-02-23 11:15:58 us=110741 shared_secret_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 key_direction = not set
2021-02-23 11:15:58 us=110741 ciphername = ‘AES-128-CBC’
2021-02-23 11:15:58 us=110741 ncp_enabled = ENABLED
2021-02-23 11:15:58 us=110741 ncp_ciphers = ‘AES-256-GCM:AES-128-GCM:AES-128-CBC’
2021-02-23 11:15:58 us=110741 authname = ‘SHA1’
2021-02-23 11:15:58 us=110741 prng_hash = ‘SHA1’
2021-02-23 11:15:58 us=110741 prng_nonce_secret_len = 16
2021-02-23 11:15:58 us=110741 keysize = 0
2021-02-23 11:15:58 us=110741 engine = DISABLED
2021-02-23 11:15:58 us=110741 replay = ENABLED
2021-02-23 11:15:58 us=110741 mute_replay_warnings = DISABLED
2021-02-23 11:15:58 us=110741 replay_window = 64
2021-02-23 11:15:58 us=110741 replay_time = 15
2021-02-23 11:15:58 us=110741 packet_id_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 test_crypto = DISABLED
2021-02-23 11:15:58 us=110741 tls_server = DISABLED
2021-02-23 11:15:58 us=110741 tls_client = ENABLED
2021-02-23 11:15:58 us=110741 ca_file = ‘ca.crt’
2021-02-23 11:15:58 us=110741 ca_path = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 dh_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 cert_file = ‘client.crt’
2021-02-23 11:15:58 us=110741 extra_certs_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=110741 priv_key_file = ‘client.key’
2021-02-23 11:15:58 us=110741 pkcs12_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 cryptoapi_cert = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 cipher_list = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 cipher_list_tls13 = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 tls_cert_profile = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 tls_verify = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 tls_export_cert = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 verify_x509_type = 0
2021-02-23 11:15:58 us=111738 verify_x509_name = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 crl_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 ns_cert_type = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_ku[i] = 0
2021-02-23 11:15:58 us=111738 remote_cert_eku = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 ssl_flags = 0
2021-02-23 11:15:58 us=111738 tls_timeout = 2
2021-02-23 11:15:58 us=111738 renegotiate_bytes = -1
2021-02-23 11:15:58 us=111738 renegotiate_packets = 0
2021-02-23 11:15:58 us=111738 renegotiate_seconds = 3600
2021-02-23 11:15:58 us=111738 handshake_window = 60
2021-02-23 11:15:58 us=111738 transition_window = 3600
2021-02-23 11:15:58 us=111738 single_session = DISABLED
2021-02-23 11:15:58 us=111738 push_peer_info = DISABLED
2021-02-23 11:15:58 us=111738 tls_exit = DISABLED
2021-02-23 11:15:58 us=111738 tls_crypt_v2_metadata = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_protected_authentication = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_private_mode = 00000000
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_cert_private = DISABLED
2021-02-23 11:15:58 us=111738 pkcs11_pin_cache_period = -1
2021-02-23 11:15:58 us=111738 pkcs11_id = ‘[UNDEF]’
2021-02-23 11:15:58 us=111738 pkcs11_id_management = DISABLED
2021-02-23 11:15:58 us=111738 server_network = 0.0.0.0
2021-02-23 11:15:58 us=111738 server_netmask = 0.0.0.0
2021-02-23 11:15:58 us=111738 server_network_ipv6 = ::
2021-02-23 11:15:58 us=111738 server_netbits_ipv6 = 0
2021-02-23 11:15:58 us=111738 server_bridge_ip = 0.0.0.0
2021-02-23 11:15:58 us=111738 server_bridge_netmask = 0.0.0.0
2021-02-23 11:15:58 us=111738 server_bridge_pool_start = 0.0.0.0
2021-02-23 11:15:58 us=111738 server_bridge_pool_end = 0.0.0.0
2021-02-23 11:15:58 us=111738 ifconfig_pool_defined = DISABLED
2021-02-23 11:15:58 us=111738 ifconfig_pool_start = 0.0.0.0
2021-02-23 11:15:58 us=111738 ifconfig_pool_end = 0.0.0.0
2021-02-23 11:15:58 us=112736 ifconfig_pool_netmask = 0.0.0.0
2021-02-23 11:15:58 us=112736 ifconfig_pool_persist_filename = ‘[UNDEF]’
2021-02-23 11:15:58 us=112736 ifconfig_pool_persist_refresh_freq = 600
2021-02-23 11:15:58 us=112736 ifconfig_ipv6_pool_defined = DISABLED
2021-02-23 11:15:58 us=112736 ifconfig_ipv6_pool_base = ::
2021-02-23 11:15:58 us=112736 ifconfig_ipv6_pool_netbits = 0
2021-02-23 11:15:58 us=112736 n_bcast_buf = 256
2021-02-23 11:15:58 us=112736 tcp_queue_limit = 64
2021-02-23 11:15:58 us=112736 real_hash_size = 256
2021-02-23 11:15:58 us=112736 virtual_hash_size = 256
2021-02-23 11:15:58 us=112736 client_connect_script = ‘[UNDEF]’
2021-02-23 11:15:58 us=112736 learn_address_script = ‘[UNDEF]’
2021-02-23 11:15:58 us=112736 client_disconnect_script = ‘[UNDEF]’
2021-02-23 11:15:58 us=112736 client_config_dir = ‘[UNDEF]’
2021-02-23 11:15:58 us=112736 ccd_exclusive = DISABLED
2021-02-23 11:15:58 us=112736 tmp_dir = ‘C:UsersitAppDataLocalTemp’
2021-02-23 11:15:58 us=112736 push_ifconfig_defined = DISABLED
2021-02-23 11:15:58 us=112736 push_ifconfig_local = 0.0.0.0
2021-02-23 11:15:58 us=112736 push_ifconfig_remote_netmask = 0.0.0.0
2021-02-23 11:15:58 us=112736 push_ifconfig_ipv6_defined = DISABLED
2021-02-23 11:15:58 us=112736 push_ifconfig_ipv6_local = ::/0
2021-02-23 11:15:58 us=112736 push_ifconfig_ipv6_remote = ::
2021-02-23 11:15:58 us=112736 enable_c2c = DISABLED
2021-02-23 11:15:58 us=112736 duplicate_cn = DISABLED
2021-02-23 11:15:58 us=112736 cf_max = 0
2021-02-23 11:15:58 us=112736 cf_per = 0
2021-02-23 11:15:58 us=112736 max_clients = 1024
2021-02-23 11:15:58 us=112736 max_routes_per_client = 256
2021-02-23 11:15:58 us=112736 auth_user_pass_verify_script = ‘[UNDEF]’
2021-02-23 11:15:58 us=112736 auth_user_pass_verify_script_via_file = DISABLED
2021-02-23 11:15:58 us=112736 auth_token_generate = DISABLED
2021-02-23 11:15:58 us=112736 auth_token_lifetime = 0
2021-02-23 11:15:58 us=112736 auth_token_secret_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=112736 vlan_tagging = DISABLED
2021-02-23 11:15:58 us=112736 vlan_accept = all
2021-02-23 11:15:58 us=112736 vlan_pvid = 1
2021-02-23 11:15:58 us=112736 client = ENABLED
2021-02-23 11:15:58 us=112736 pull = ENABLED
2021-02-23 11:15:58 us=112736 auth_user_pass_file = ‘[UNDEF]’
2021-02-23 11:15:58 us=112736 show_net_up = DISABLED
2021-02-23 11:15:58 us=112736 route_method = 3
2021-02-23 11:15:58 us=112736 block_outside_dns = DISABLED
2021-02-23 11:15:58 us=112736 ip_win32_defined = DISABLED
2021-02-23 11:15:58 us=112736 ip_win32_type = 3
2021-02-23 11:15:58 us=112736 dhcp_masq_offset = 0
2021-02-23 11:15:58 us=112736 dhcp_lease_time = 31536000
2021-02-23 11:15:58 us=112736 tap_sleep = 0
2021-02-23 11:15:58 us=112736 dhcp_options = DISABLED
2021-02-23 11:15:58 us=112736 dhcp_renew = DISABLED
2021-02-23 11:15:58 us=112736 dhcp_pre_release = DISABLED
2021-02-23 11:15:58 us=112736 domain = ‘[UNDEF]’
2021-02-23 11:15:58 us=112736 netbios_scope = ‘[UNDEF]’
2021-02-23 11:15:58 us=112736 netbios_node_type = 0
2021-02-23 11:15:58 us=112736 disable_nbt = DISABLED
2021-02-23 11:15:58 us=112736 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-02-23 11:15:58 us=112736 Windows version 10.0 (Windows 10 or greater) 64bit
2021-02-23 11:15:58 us=112736 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2021-02-23 11:15:58 us=113734 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-02-23 11:15:58 us=113734 Need hold release from management interface, waiting…
2021-02-23 11:15:58 us=585474 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-02-23 11:15:58 us=696210 MANAGEMENT: CMD ‘state on’
2021-02-23 11:15:58 us=696210 MANAGEMENT: CMD ‘log all on’
2021-02-23 11:15:58 us=875747 MANAGEMENT: CMD ‘echo all on’
2021-02-23 11:15:58 us=877747 MANAGEMENT: CMD ‘bytecount 5’
2021-02-23 11:15:58 us=879737 MANAGEMENT: CMD ‘hold off’
2021-02-23 11:15:58 us=881731 MANAGEMENT: CMD ‘hold release’
2021-02-23 11:15:58 us=881731 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm Opens a new window for more info.
2021-02-23 11:15:58 us=884676 LZO compression initializing
2021-02-23 11:15:58 us=884676 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2021-02-23 11:15:58 us=884676 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2021-02-23 11:15:58 us=884676 Local Options String (VER=V4): ‘V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client’
2021-02-23 11:15:58 us=884676 Expected Remote Options String (VER=V4): ‘V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server’
2021-02-23 11:15:58 us=884676 TCP/UDP: Preserving recently used remote address: [AF_INET]MYIP:12973
2021-02-23 11:15:58 us=884676 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-02-23 11:15:58 us=884676 UDP link local: (not bound)
2021-02-23 11:15:58 us=884676 UDP link remote: [AF_INET]MYIP:12973
2021-02-23 11:15:58 us=884676 MANAGEMENT: >STATE:1614100558,WAIT,,,,,,
Was this post helpful?
thumb_up
thumb_down
I see some warnings in that log but no showstoppers. Last line shows your openvpn client is in a waiting state. Does the Netgear show you anything useful like an incoming connection?
1 found this helpful
thumb_up
thumb_down
Check this link that’s embedded in the log: http://openvpn.net/howto.html#mitm Opens a new window . The How To can answer a lot of questions.
1 found this helpful
thumb_up
thumb_down
OP
RDB001
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
jalapeno
It now works in V 3.3. Changing the tap to tun and the port number resolved this issue.
Was this post helpful?
thumb_up
thumb_down
Содержание
- OpenVPN Support Forum
- .ovpn file cannot be imported in Android, but works perfectly in Windows
- .ovpn file cannot be imported in Android, but works perfectly in Windows
- Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
- Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
- Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
- Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
- Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
- Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
- Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
- Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
- Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
- OpenVPN Support Forum
- Importing of a working profile not working in Connect v3
- Importing of a working profile not working in Connect v3
- Re: Importing of a working profile not working in Connect v3
- OpenVPN Support Forum
- Import error «failed to parse profile» new update 3.2.7
- Import error «failed to parse profile» new update 3.2.7
- Re: Import error «failed to parse profile» new update 3.2.7
- Re: Import error «failed to parse profile» new update 3.2.7
- Re: Import error «failed to parse profile» new update 3.2.7
- Re: Import error «failed to parse profile» new update 3.2.7
- Re: Import error «failed to parse profile» new update 3.2.7
- Re: Import error «failed to parse profile» new update 3.2.7
- Re: Import error «failed to parse profile» new update 3.2.7
- Re: Import error «failed to parse profile» new update 3.2.7
OpenVPN Support Forum
Community Support Forum
.ovpn file cannot be imported in Android, but works perfectly in Windows
.ovpn file cannot be imported in Android, but works perfectly in Windows
Post by Joachim » Thu Feb 11, 2021 12:05 am
I have a .ovpn config file that works perfectly in the Windows OpenVPN GUI, but when I want to import the same file in Android it gives the following message: «Failed to parse profile: option_error: remote option not specified».
This is very strange because it is no problem in Windows and the remote option is specified (see below). Is this a bug in the Android app (OpenVPN Connect)? I obtained the .ovpn file from a Synology NAS configuration.
My .ovpn file looks like this:
dev tun
tls-client
remote my.ddns.com 1194
# The «float» tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the —remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
# If redirect-gateway is enabled, the client will redirect it’s
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
# If you want to connect by Server’s IPv6 address, you should use
# «proto udp6» in UDP mode or «proto tcp6-client» in TCP mode
proto udp
auth-nocache
——BEGIN CERTIFICATE——
ABCDEFGHIJ
——END CERTIFICATE——
——BEGIN CERTIFICATE——
KLMNOPQRST
——END CERTIFICATE——
Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
Post by TinCanTech » Thu Feb 11, 2021 12:46 am
Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
Post by Joachim » Thu Feb 11, 2021 1:25 am
No, it is a recent one (DS218). But I don’t think that this can have something to do with the error because the error comes immediately when I try to open the config file on Android (the app is clearly not taking the time to search for a server). So I would assume that there is some missing information in the file that is very important. But my VPN connection works perfect on Windows, which is really strange.
I forgot to mention that I used on Windows the software ‘OpenVPN 2.5.0’ from https://openvpn.net/community-downloads/. Is there a difference with the installer ‘OpenVPN Connect 3.2.2’ for Windows from https://openvpn.net/download-open-vpn/ ? The latter has the same name as the app for Android.
Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
Post by TinCanTech » Thu Feb 11, 2021 2:15 am
Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
Post by Joachim » Thu Feb 11, 2021 7:06 pm
When I try to use Arne Schwabe’s version, I can choose to import the .ovpn file, but I thought that this file also contains the certificate. However, the app asks to import the certificate separately. Why is this, when it could just be read from the .ovpn? In OpenVPN 2.5.0 on Windows I just needed a .ovpn file.
Which ‘type’ should I choose in the app? Because I have indeed the certificate (same as in the .ovpn file) in a separate file with a .crt extension, but in most ‘type’ options in the app I need to choose multiple files. There is also an option ‘username/password’, but is that not always needed to connect to a VPN? For me this is the case on my computer. In the Windows version ‘OpenVPN Connect’ it is also needed to import the certificate as a separate file for some strange reason, but there also just one file is sufficient and the VPN works fine.
I am also unfamiliar with the terminology: CA certificate, cert certificate, client certificate, server certificate, root certificate, intermediate certificate. Which one is is the certificate from the .ovpn file? Is CA synonym for client certificate?
Just for my information: is there really no support platform for questions about OpenVPN Connect? This is quite confusing because the name of this subforum is ‘OpenVPN Connect (Android)’
Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
Post by TinCanTech » Thu Feb 11, 2021 7:35 pm
Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
Post by Joachim » Thu Feb 11, 2021 9:10 pm
Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
Post by TinCanTech » Thu Feb 11, 2021 9:52 pm
In your first post the problem was remote
Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
Post by Joachim » Fri Feb 12, 2021 9:43 am
Thank you, that seems to be an interesting article about certificates.
Sorry, if my explanation was confusing. I will summerise it again.
In my first post I gave the .ovpn config file that has an inserted CA certificate. This worked perfectly on Windows OpenVPN 2.5.0 (open source software) to establish a complete functional VPN connection. So a really simple configuration.
Then, I tried to use the same .ovpn file to configure the Android OpenVPN Connect (closed source as you said), but then I got the error «Failed to parse profile: option_error: remote option not specified» (see also first message).
Then, you said you could not help me with the closed source Android version, so as you suggested I am now trying to use the open source Android version from Arne Schwabe.
But my question now is: which settings in that app should I choose so that it is sufficient to just import the .ovpn config file as given in my first post? Is there an easy configuration method as easy as for Windows OpenVPN 2.5.0? So with other words, is there a setting in Arne Schwabe’s app that prevents the recognition of the inline CA certificate from my .ovpn file?
Re: .ovpn file cannot be imported in Android, but works perfectly in Windows
Post by Joachim » Fri Feb 12, 2021 2:56 pm
Wow, I finally found the SOLUTION. The same .ovpn config file works now for both Windows and Android!
I now totally understand why you couldn’t help me
Both OpenVPN Connect for Android and OpenVPN from Arne Schwabe apparently didn’t find any data in my .ovpn file. When I open my file in Windows with Notepad, I can perfectly see normal text in the .ovpn file. However, when I send the file to my phone via e-mail to my own e-mail address and I open the .ovpn file with a simple text editor, the file is blank! Of course the apps cannot detect any configurations from an unreadable file and give errors like ‘there is no remote chosen’ or ‘no CA certificate is present’.
I also did a separate test: I created a random .txt file on Windows with Notepad, then I sent it to my own e-mail and tried to open it with a texteditor. Now the file appeared not empty, but only some unreadable strange symbols were visible.
SOLUTION:
The problem is a very very very specific bug! When you send a simple text file like .txt or .ovpn with a mail address that is configured with IMAP in Microsoft Outlook 2019 to another (or your own) e-mail address that can be IMAP configured on the Gmail app on your Android phone, then the .txt attachment becomes corrupted upon opening. It becomes also unreadable in Windows when I would bring the file back to my Windows PC by transferring it via USB to my PC. So the file is permanantly corrupted.
When you would open the same received mail with another IMAP configured Android mail app, the file is not corrupted.
When the email sender uses the webmail interface of the email-provider instead of IMAP in Outlook, then there is also no problem when the receiver opens the attachment in the IMAP configured Android Gmail app.
When you use non-IMAP configured e-mail addresses as sender OR as receiver, there is also no problem.
In fact this bug should be send to both Google and Microsoft. Do you have connections?
I would never have encountered the problem if I would have just used a USB connection to transfer the file to my phone.
I am so happy my Open VPN finally works on Android! All this waste of time just because of a stupid mail bug that has nothing to do with OpenVPN
Источник
OpenVPN Support Forum
Community Support Forum
Importing of a working profile not working in Connect v3
Importing of a working profile not working in Connect v3
Post by Phil30 » Sat Dec 18, 2021 3:46 pm
I have set up an OpenVPN Server and was using the VPN Client for Windows version 2.4 were my profiles are working and I am able to import new profiles.
Now I wanted to set it up on a new machine and wanted to try version 3.3.4 of VPN Connect but when I try to import a profile which can be imported in version 2.4 it throws an error saying the client profile configuration is incorrect.
Error Message: ca.crt, client.crt, client.key, ta.key.
I have also attached the vpn profile but removed sensitive data.
As the error message is not really helpful, do you have any idea why I cannot import the profile?
Re: Importing of a working profile not working in Connect v3
Post by TinCanTech » Sat Dec 18, 2021 3:57 pm
——BEGIN CERTIFICATE——
cert-text
——END CERTIFICATE——
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
serial-text
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Easy-RSA CA
Validity
Not Before: Jan 11 21:51:19 2021 GMT
Not After : Dec 27 21:51:19 2023 GMT
Subject: CN=philipp-pc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
modulus-text
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
subject-key-text
X509v3 Authority Key Identifier:
keyid:key-id-text
DirName:/CN=Easy-RSA CA
serial:dirname-text
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
signature-text
——BEGIN CERTIFICATE——
cert-text
——END CERTIFICATE——
——BEGIN PRIVATE KEY——
key-text
——END PRIVATE KEY——
#
# 2048 bit OpenVPN static key
#
——BEGIN OpenVPN Static key V1——
key-text
——END OpenVPN Static key V1——
Источник
OpenVPN Support Forum
Community Support Forum
Import error «failed to parse profile» new update 3.2.7
Import error «failed to parse profile» new update 3.2.7
Post by Lomic » Wed May 04, 2022 12:45 pm
Hi. Encountered with the issue after last update 3.2.7 build 7957.
Phones with the issue — redmi note 9 pro and Samsung s10+.
In folder we have 4 files, key, ca, client cert and *.ovpn config.
While we importing ovpn config on new version we encountered withe issue of failed to parse profile and it list our files.
Ammm sorry not understood how to add screenshot (
On version 3.2.5 all worked fine. Without any errors.
Re: Import error «failed to parse profile» new update 3.2.7
Post by Lomic » Wed May 04, 2022 2:27 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post by makkio » Mon May 16, 2022 7:06 am
same identical problem on a samsung galaxy tab s7.
Worked some days ago, but after a device factory reset i reinstalled ovpn connect and i obtained this error.
I tried using inline certificates and keys but in that case i obtained «line too long» error either on android and in windows.
Re: Import error «failed to parse profile» new update 3.2.7
Post by Flotech88 » Fri May 20, 2022 1:29 pm
Same since 3.2.7 update, unable to import config files:
Failed to import profile (Failed to parse profile)
Very blocking when using this application «in production» .
A new update is expected soon?
At the moment I haven’t found a solution, if anyone has anything?
Re: Import error «failed to parse profile» new update 3.2.7
Post by Flotech88 » Fri May 20, 2022 3:32 pm
Re: Import error «failed to parse profile» new update 3.2.7
Post by andrixnet » Fri Jun 03, 2022 7:57 am
I hit the same problem with a newly installed app (3.2.7 v7957) on a samsung tablet.
I looked under settings, it showed permissions: Files and media DENIED. I manually set it to allowed, but it can only be set to «media only».
Of course, it doesn’t work to import a profile. I’m stuck.
I have an APK version 3.2.5, but due to «benevolent Google» removing permission to install from other source, I can’t get it to work.
Re: Import error «failed to parse profile» new update 3.2.7
Post by 4Star » Wed Jun 08, 2022 1:18 pm
I had exactly the same issue, everything works fine on the PC client but cannot get the mobile to work.
I did get it working in the end, I had to use the inline profile configuration in the .ovpn file. Adding the Keys into the VPN profile allowed it to import successfully. As others have said I think it’s that the client no longer realises the other files are in the same folder as the profile you’re importing and can’t access the things it needs.
Re: Import error «failed to parse profile» new update 3.2.7
Post by fabry09 » Fri Jun 10, 2022 11:16 am
Dear Openvpn Support
The profile does not import, is the same profile successfully imported in the last release (before 3.2.7).
Do you think OPENVPN could solve as soon as possibile.
Re: Import error «failed to parse profile» new update 3.2.7
Post by Trav2974 » Fri Jun 10, 2022 11:23 pm
I had exactly the same issue, everything works fine on the PC client but cannot get the mobile to work.
I did get it working in the end, I had to use the inline profile configuration in the .ovpn file. Adding the Keys into the VPN profile allowed it to import successfully. As others have said I think it’s that the client no longer realises the other files are in the same folder as the profile you’re importing and can’t access the things it needs.
The inline profile configuration is the way to make it work as 4Star has said. I had to google it for help on how to correctly do the «inline configuration» but this worked for me. Here’s a link to the article that helped:
https://gist.github.com/renatolfc/f6c9e2a5bd6503005676
Following that, I’m on Android and noticed that it failed to parse on the «[inline]» blocks as another user noted. So you just take those lines out completely. In other words, you won’t have the 3 rows on lines 8, 9, and 10 in that github example above. Find the other 3 files and edit them in Notepad (or whatever), copy the text in those files and place them between the appropriate blocks at the end of the file ( , , and ) and that should work. Client.key file goes in the block, ca.crt file goes in the block, and client.crt goes in the block.
Save your .opvn file with those changes and drop it on your phone and import — should do the trick!
Источник
You can run into trouble importing an .ovpn config file in Ubuntu, while the same file is imported without any problem in Android.
Somehow when there are unknown or not-supported sections in the config file, importing in Ubuntu will fail with this rather obscure error:
The file
'vpn.ovpn'could not be read or does not contain recognized VPN connection informationError: the plugin does not support import capability.
The solution is to manually edit the openvpn.ovpn file in a text editor and fix it.
In my case the openvpn.ovpn config file suffered from 2 problems:
- connections were double defined
- a <dh> tag was includes, which shouldn’t be in a client file
Fixing the openvpn.ovpn file import
Following these steps will fix the import of openvpn.ovpn config files in Ubuntu 16.04 LTS. Open the openvp.ovpn in a text-editor.
- Delete the complete <dh> tag.
- When you have multiple <connection> tags, it won’t import. Remove the TCP connection tag completely:
<connection>
remote <ip> 443 tcp-client
</connection - The edit the remaining connection tag by removing the surrounding tags, simply unXML it.
<connection>
remote <ip> 1194 udp
</connection>
to
remote <ip> 1194 udp
Save your file and import it.
- Edit connections
- Add
- Scroll down
- Import a saved vpn connection
- create
- Select the edited openvpn.ovpn file
- Done!
Explanation
The Diffie Hellman Parameters are only needed for the server, so this is a bug in the openvpn server that creates the client config file. Still the import script should skip this setting instead of choking on it.
Then the multiple connection issue: Most openvpn servers will accept connections over UPD (preferred setting), but will offer a fallback over TCP when the client is behind a firewall that doesn’t allow UDP. This will happen now and then. The TCP port is the same as the https port, so that port is always open. It seems the network manager doesn’t allow multiple connection setup, although it can use a TCP connection. If you need TCP as a fallback just setup two connections:
- OpenVPN UDP
- OpenVPN TCP
And choose what you need in your network settings, this is probably the best solution. And actually easier then changing method inside the the profile settings, like you should do in Android.
You probably need to replace tcp-client with tcp, and remove the connection tag:
remote <ip> 443 tcp
Happy and safe networking!
This entry was posted
on Sunday, October 22nd, 2017 at 5:58 pm and is filed under privacy, Webtechnology.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
I am trying to import a .ovpn file from the network manager.
Here are the steps I follow.
Network Manager → VPN Connections → configure VPN
This opens the Network Connections dialogue.
Then,
Add → import saved vpn configuration → choose
.ovpnfile
This should load my .ovpn configuration, but instead I get a prompt saying
ERROR: plugin does not support import capability.
I can still use VPN using the command
sudo openvpn --config ~/openvpn/xxx.conf
is this a bug that needs to be filed?
asked Apr 22, 2016 at 6:29
1
I know this is an old question but since I still couldn’t find an (easy) answer I want to help others (and future me).
Use this
sudo nmcli connection import type openvpn file FILE_NAME
offcourse replace FILE_NAME with the full path to your file name
This will tell you exactly what’s wrong with the file and which lines you should edit/delete.
After you edited the file with the recommendations the command gave you. You can import the file.
answered Dec 30, 2017 at 14:10
NinNin
7711 gold badge8 silver badges12 bronze badges
7
On commenting out the following line with #, I was able to successfully import the VPN config:
#route remote_host 255.255.255.255 net_gateway default
Others have reported that commenting out, or removing, this line works for them as well per bug #606365 in launchpad in spite of this being a valid argument.
That said, while I’m able to successfully connect to the VPN, I’m not able to hit any host over the VPN. On trying to manually set these values using the network manager GUI, I see that only numerical IP addresses are accepted. String values like remote_host or net_gateway cannot be entered via the GUI.
I’ve also had success importing the same .OVPN file without any modification in Fedora 23, Windows 10 (using Viscosity), OS X El Capitan (using Viscosity) and earlier versions of Ubuntu. Something is definitely broken in 16.04.
Ondra Žižka
3,4484 gold badges34 silver badges43 bronze badges
answered Aug 24, 2016 at 2:22
10
worked for me:
sudo apt install network-manager-openvpn-gnome
answered Jun 14, 2016 at 9:41
3
- open your .ovpn file with any editor
-
add # to the beginning of this line to comment it out
route remote_host 255.255.255.255 net_gateway default
-
Go to IPv4 settings > routes > Check the option “Use this connection only for resources on its network” > press OK > Save
Done!
This is just a wrap up of what worked for me on ubuntu 16.04 based on the other answers and comments here.
5
Importing .ovpn profiles inside network manager has recently been improved, but there are still bugs and misleading error messages. Sometimes you can successfully import the .ovpn file by removing a single line that breaks the import procedure. In my case, I removed the line float 1 from my .ovpn file and the file has been imported successfully.
answered May 4, 2016 at 20:40
giox069giox069
2511 gold badge3 silver badges5 bronze badges
1
Its working 
from https://zorrovpn.com/howto/openvpn/ubuntu?lang=en
Open .ovpn file with a text editor.
And change lines that looks like
remote 11.2.2.2 443 tcp-client
to
remote 11.2.2.2
port 443
proto tcp-client
Then save .ovpn file and try again to import VPN connection.
answered Aug 24, 2016 at 8:40
2
You might be suffering from the NetworkManager-openvpn bug #83.
Current suggested workaround is a downgrade to 1.8.10-1, however this version is not available in Ubuntu 21.10.
In my case the issue was caused by a PKCS#12 certificate from which I extracted a PKCS#8 CA certificate with
openssl pkcs12 -in [input.p12] -cacerts -nokeys -out ca.crt
and specified
ca ca.crt
in the config file before being able to import the connection with
sudo nmcli connection import type openvpn file your-file.ovpn
You might have to enter your certificate password for every connection. Consider this a workaround until the issue is fixed upstream and you can import your configuration through the UI without issues again.
answered Dec 1, 2021 at 10:26
Kalle RichterKalle Richter
5,78619 gold badges67 silver badges100 bronze badges
I’ve found out that changing
remote REMOTE_SERVER 12345
with
remote REMOTE_SERVER
port 12345
Fixed the issue.
answered Aug 15, 2016 at 10:41
1
For me (Ubuntu 16.04.1 LTS), removing the section
<extra-certs>
worked.
Here is the ovpn file generated by a tunnel provider.
setenv USERNAME "user@provider.xx"
client
dev tun
remote host 1194 udp
remote host 1194 udp
remote host 443 tcp
remote host 1194 udp
remote host 1194 udp
remote host 1194 udp
remote host 1194 udp
remote host 1194 udp
remote-cert-tls server
comp-lzo no
auth SHA1
nobind
verb 3
sndbuf 0
rcvbuf 0
socket-flags TCP_NODELAY
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
## -----BEGIN RSA SIGNATURE-----
## DIGEST:SHA1WithRSA
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
answered Aug 19, 2016 at 17:31
3
In my case the following item caused the problem:
float 1
After commenting it out, it worked:
#float 1
answered May 12, 2017 at 11:23
Nothing here worked for me so I added it to the openvpn config manually.
$ sudo cp ~/me.ovpn /etc/openvpn/me.conf
Then I start OpenVPN with:
$ sudo systemctl start openvpn@me
# Enable/disable on computer start
$ sudo systemctl enable openvpn@me
answered Jul 2, 2020 at 10:16
NekNek
2114 silver badges12 bronze badges