NetworkManager OpenVPN client private key not recognized

Issues related to configuring your network
Post Reply
jankom
Posts: 9
Joined: 2019/10/23 21:34:37

NetworkManager OpenVPN client private key not recognized

Post by jankom » 2020/09/21 02:44:21

Hi, I've been struggling with this issue for awhile. I am able to start an OpenVPN client session from command line using OVPN file from a VPV server. However, I cannot configure NetworkManager to do the same. My system is old, but up to date, and the NetworkManager has the VPN plugin for OpenVPN. First of all, the NetworkManager configuration cannot simply import the working OVPN file. Therefore I created the corresponding pem files extracted from my working OVPN file.
The problem is that I cannot select the Private Key file in the NetworkManager VPN configuration screen. All other files show up as selectable options (ca, cert and tls), but the private key browser does not show

Code: Select all

key.pem
and therefore cannot complete the configuration.
If I trick NetworkManager configuration by selecting one of the selectable ca or cert files for Private Key, then export it to a foo.conf file, then edit it with the correct key file, finally and import the conf file back to Network Manager the correct private key file does appear in the configuration screen. However, the VPN connection fails.
Apparently the NetworkManager configuration screen does not recognize the available key.pem file as a valid PrivateKey file. Changing filename extension to .key does not help either.
By the way it does recognize the tls key file as selectable. Only the Private Key file configuration cannot be accomplished.

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: NetworkManager OpenVPN client private key not recognized

Post by Whoever » 2020/09/21 03:53:12

How old is the key? There was a change about 3 years ago, under which MD5 signatures were no longer supported. Redhat/CentOS allows the old certificates to be used if you set the environment variables:
OPENSSL_ENABLE_MD5_VERIFY=1
NSS_HASH_ALG_SUPPORT=+MD5

jankom
Posts: 9
Joined: 2019/10/23 21:34:37

Re: NetworkManager OpenVPN client private key not recognized

Post by jankom » 2020/09/21 15:42:17

Thx for the suggestion. Unfortunately it did not help. I updated my profile, rebooted, and

Code: Select all

echo $OPENSSL_ENABLE_MD5_VERIFY
does show 1, same for the other added environment variable. Yet, the configuration screen still not bring up the key file. Strangely in the Advanced section both the tls key and the private key files are visible and selectable. The main configuration screen has only the ca and the cert files visible. By the way, the ovpn file from which the private key was extracted was created on my OVPN server with

Code: Select all

sudo bash /root/openvpn-install.sh
Looks like OpenVPN is already installed.

What do you want to do?
1) Add a new user
with selection 1). The new user (foo) is the 2nd ovpn connection. The "Private key" section in the OVPN file is the same for both users. I believe the private key is for the ovpn server so that it can encrypt communication to any connection - but I'm not really an expert. Both connections were created less than 3 years ago. The (foo) user was created only a few months ago. VPN connection works from the CentOS-6 machine with command line initiation using the OVPN file, but I'm unable to make it with NetworkManager.
OK, no big deal, I could continue to use the command line access, but am curious, what seems to be the problem?

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: NetworkManager OpenVPN client private key not recognized

Post by Whoever » 2020/09/22 05:13:45

Also, why are you struggling with this on an OS that is going to be EOL in a matter of weeks?

jankom
Posts: 9
Joined: 2019/10/23 21:34:37

Re: NetworkManager OpenVPN client private key not recognized

Post by jankom » 2020/09/22 13:51:29

Good point. The reason is that this is an old desktop that I use for the past 14 years as a sandbox to learn and play with linux. It is 32 bit, with Amdahl processor. I do have a current laptop (Ubuntu 20.04), a virtual linux box in the cloud, and a smatphone. But besides GUI and bells_and_whistles I'm interested to understand how things work. There most be a reason why NetworkManager in CentOS-6 does not recognize the key file. Btw, on the same box I have a customized, working Fedora-3 OS that allows me to do things I cannot do with Vindooz or fancy Ubuntu or Android machines. Thank you for your attention anyway.

Post Reply