Networkmanager openvpn with Express vpn - failed to activate (solved)

I struggled for a long time before I was finally able to get Network Manager calling openvpn to work with an Express vpn ‘ovpn’ file. I kept getting the error “failed to activate”.

I dare say I went on a wild goose chase and I spent a few hours checking the .pem files and trying .crt /.key files (as one can convert between the two with ‘ssl’ ) but to no avail. I even tried an ‘openvpn’ (and support files) de-install and re-install to no avail.

Finally I stumbled on the solution here:

The solution: One needs to modify the Express OVPN file (with a text editor) by removing the line that defines the keysize option, which appears to be not supported anymore as of openvpn version 2.6 (where LEAP-15.6 comes with openvpn 2.6.8). For what ever reason, the openSUSE network manager has an issue with the ‘keysize’ in the opvn file - which makes me believe that network manager needs an update.

As noted in the quoted article, the solution, once known, simply requires one to open the opvn file with a text editor, and remove the line that defines the keysize option.

Then import the opvn file with Network manager, and enter one’s Express vpn user name (a long sequence of characters) and one’s Express vpn password (another long sequence of characters) and the vpn connection works.

If it had not been for my stumbling across that internet article, I do not believe I would have solved this.

It does mean I now need to go to all of the ovpn files for the different countries ovpn files (that I downloaded from Express vpn), and remove that ‘keysize’ option from the files.

It makes sense to me that Network manager needs an update to ignore that line, as it does not make sense for ExpressVPN to change their ovpn entries just to be compatible with the openSUSE Network manager implementation (as Express VPN needs to be compatible with different openvpn version implementations).

I don’t know if this issue is openSUSE Network manager specific, or true across all distributions for their Network manager implementations.

Needless to say - I am happy to having sorted this. As I get older - this does not get easier. :smiley:

1 Like

Further to the above, I had a ‘hint’ in the ‘journal’ but I was not smart enough to deduce the problem solution (hence I needed the noted link to put me on the right path):

This is a journal extract that does point to the problem I was experiencing:

Aug 11 11:35:48 lenovo NetworkManager[18154]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: **keysize (2.6.8)**
Aug 11 11:35:48 lenovo NetworkManager[18154]: Use --help for more information.
Aug 11 11:35:48 lenovo NetworkManager[1234]: <warn>  [1723350948.0341] vpn[0x56501a13b680,c63a8e9f-c3d4-4ab5-9a91-99099cf8c4ab,"my_expressvpn_iceland_udp"]: dbus: failure: connect-failed (1)
Aug 11 11:35:48 lenovo NetworkManager[1234]: <warn>  [1723350948.0342] vpn[0x56501a13b680,c63a8e9f-c3d4-4ab5-9a91-99099cf8c4ab,"my_expressvpn_iceland_udp"]: dbus: failure: connect-failed (1)

The statement:

extra parameter(s) in [CMD-LINE]:1: keysize (2.6.8)

indicated the issue, where I did not know enough (initially) as to how I should proceed from there.

Fortunately the internet link I noted set me on the right path to solve my issue.

And for those not familiar with accessing information from the journal (where I am by no means an expert ) I used the following to obtain the information noted in the above post:

oldcpu@lenovo:~> sudo journalctl -fu NetworkManager

Good debug!

If I read you linked article and the link to the Reference Manual I read:

–keysize n
DEPRECATED This option will be removed in OpenVPN 2.6.

And for me on Tumbleweed:

> sudo openvpn --version
OpenVPN 2.6.10 x86_64-suse-linux-gnu

So I think the only good solution is to have Express VPN remove keysize from their OVPN files. The NetworkManager journal entry is reasonably good pin-pointing the problem.

Or… are you using older .ovpn files and does Express VPN already solved the problem?

I might be using older ovpn files from Express vpn.

I have over a couple dozen ovpn files, each for different servers around the world for Express VPN. When I started editing the files I noted only 3/4 had the " offending " entry, and 1/4 did not have the entry. So possibly the ones that did not have the entry, were newer. < unsure >

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.