NetworkManager- OpenVPN

deano_ferrari · December 2, 2018, 10:08pm

PattiMichelle:

I did see the plain text file format, but was unsure of the format for the .crt and .key files.
For instance, are these required? (in the .crt file)
<crl-verify>
-----BEGIN X509 CRL----- 
   (blah, blah...)
-----END X509 CRL-----
</crl-verify>
The python file has issues…
patti@linux-iczo:~/Desktop/ISOs/00_VPN> python ovpn-to-certificates.py
  File "ovpn-to-certificates.py", line 112
    selectedFiles = fileFilter(path, fileExtension)
    ^
IndentationError: unexpected indent
patti@linux-iczo:~/Desktop/ISOs/00_VPN>
Part of the problem may be that my .ovpn file only has

-----BEGIN CERTIFICATE-----

-----BEGIN X509 CRL-----

…and the only appearance of the word “key” is “persist-key”

from the command line, openvpn seems to be able to use the .ovpn file, and NM can import the .ovpn file (instead of creating an openvpn connection, I “Import VPN connection”) - but it cannot seem to connect. I note it imports it as a connection type “password,” and it appears to use only the CA certificate.

I note that the is used by some VPN providers for the provision of Certificate Revocation Lists (to help with identifying compromised/revoked server certificates and prevent MITM attacks). There are a number of bug reports describing this issue, and in particular I found this upstream bug report that seems to be pertinent…
https://bugzilla.gnome.org/show_bug.cgi?id=782309
It looks like there is a fix implemented upstream, but it doesn’t appear to have been applied with the NM version used in Leap 15. I had a quick look at the changelog for the ‘NetworkManager-openvpn’ package used in Leap 15 and I don’t see that bug #782309 referenced…

rpm -q --changelog NetworkManager-openvpn

You might want to consider raising an openSUSE bug report, or add to the upstream bug report perhaps.