How can I use a .ovpn file with Network Manager?

Question

I have a .ovpn file with my VPN config - it works fine when I do

sudo openvpn --config ~jrg/Documents/vpn-config.ovpn

in the terminal, but I'd like to use Network Manager. How can I do this?

In terminal `sudo nmcli connection import type openvpn file /path/to/your.ovpn` https://www.cyberciti.biz/faq/linux-import-openvpn-ovpn-file-with-networkmanager-commandline/ — chepe263, Jun 06 '20 at 05:48
@chepe263 Make this an answer, you get my vote (BTW, NM architecture is such that `sudo` is *NOT* required with the connection import) — Samveen, Jan 04 '22 at 10:41
@chepe263 doesn't work for me: `Error: failed to import 'file.ovpn': configuration error: unsupported blob/xml element (line 7).` — Darkproduct, Jul 25 '23 at 14:32

score 200 · Accepted Answer · edited Nov 12 '16 at 22:23

200

First, install the OpenVPN Network Manager plugin:

sudo apt-get install network-manager-openvpn-gnome

Open Network Manager, click "Add" and from the opened window select "Import a saved VPN configuration..." under "Choose a Connection Type". Navigate to your .ovpn file (~jrg/Documents/vpn-config.ovpn). If it doesn't automatically find your certificates/keys (the paths of which are found in the .ovpn file), you can select them here, or make any other small changes.

openvpn dialog

One other thing that may save you some headache down the road is to click IPv4 Settings, then change the method to "Automatic (VPN) Addresses Only". When kept at the default, this will cause ALL internet traffic to go over the VPN, regardless of your .ovpn settings. Here you can also set the DNS server and search domains to use while connected.

openvpn dialog

edited Nov 12 '16 at 22:23

Nick Weinberg

4,555
4
24
30

answered Sep 13 '12 at 22:00

reverendj1

15,875
2
42
39

4

It doesn't show the certificates and such when I click "Import". – jrg Sep 13 '12 at 22:35
I updated my answer to be a little more thorough. If the options just aren't showing up, than you either have a misconfigured .ovpn and aren't actually using them, or you need to change the "Type" drop-down box. – reverendj1 Sep 14 '12 at 14:34
Were you able to get it to work? – reverendj1 Sep 19 '12 at 14:14
1

there is a bug in network manager for ovpn files. see https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/606365 – lenzai Oct 01 '12 at 10:05
22

there's no "Import..." button in my case (using debian jessie...) :( – knocte Jun 07 '13 at 13:33
4

I too cannot find any "import" buttons. Only a "create" option.. :( – Thomas Ahle Aug 18 '13 at 21:06
4

Open VPN AS ver 2.0.12 does not produce a .ovpn files that contains the locations of certs, it contains them itself. Therefore if will not find them and you can not find the location. You have to copy n paste like in the other answer. – jowan sebastian Mar 12 '15 at 10:29
1

I had to copy and paste as well: " VPN AS ver 2.0.12 does not produce a .ovpn files that contains the locations of certs, it contains them itself. Therefore if will not find them and you can not find the location. You have to copy n paste" – That Brazilian Guy May 11 '15 at 22:20
Could you please provide a screenshot of the window with the "Import" button? – naktinis Nov 06 '15 at 22:17
@naktinis Sorry it is in french, but here it is : https://github.com/dolanor/ovpnsplit/raw/master/doc/02-import-vpn-config.png – Dolanor Dec 19 '15 at 00:51
8

as of 16.04, It's still not working and at least this time you get "import is not supported in the plugin". Network manager still has issues even when manually configured – Christian Bongiorno May 22 '16 at 21:42
You can use https://www.npmjs.com/package/openvpn-config-splitter to split .ovpn into separate files – zub0r Feb 08 '18 at 00:35
The network-manager-openvpn-gnome plugin will only recognize 2.3 "remote vpn.site.com \n port 1194 \n proto tcp" not the new oneliner in 2.4 "remote vpn.site.com port 1194 tcp-client" it also requires a "something" in the form for the private key password even if the key is not protected – shadowbq Mar 30 '18 at 14:46
https://git.gnome.org/browse/network-manager-openvpn/tag/?h=1.8.2 may provide better support – shadowbq Mar 30 '18 at 19:10
I'm getting an error in Xubuntu, it says that the plugin doesn't support the import capability, however, the import button appeared after installing the plugin. – Slava Fomin II Jan 24 '19 at 12:12

jim smith · Answer 2 · 2022-06-20T10:50:23.813

41

Since ubuntu 18.04, if you already have the opvn file you can import it. (sudo is not required)

nmcli connection import type openvpn file [client].ovpn

Once done, go to search and find 'network', the new vpn connection will be there.

edited Jun 20 '22 at 10:50

answered Feb 10 '21 at 15:07

jim smith

630
6
6

2

Thanks, this is way better than fooling around in the Network Manager GUI. (I don't even have to use sudo if nm-applet is owned by me) – AAAfarmclub Feb 14 '21 at 10:48
1

works also on Debian 10, IMHO since the OP inquired how to import, this should be the answer – HidekiAI Jun 04 '21 at 03:23
1

This worked for Ubuntu 18, just one fact if it continuously asks for password even if you are entering correct password, please check the configuration, I had to manually enter the username, password by editing the config via GUI. – Mohd Abdul Mujib Nov 24 '21 at 11:17
1

as I mentioned in the comment to the OP, `sudo` is *NOT* required given NM's architecture. – Samveen Jan 04 '22 at 10:43

score 36 · Answer 3 · edited Oct 10 '17 at 16:58

My own experience of successful VPN connection establishing on Ubuntu 14.04.

Our admin gave me 3 files to install them into openVPN for Windows 7: *.ovpn, *.crt, *.key

Execute the following commands in your Ubuntu terminal:

sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome network-manager-vpnc
sudo /etc/init.d/networking restart

Open "Network Connections" window (VPN Connections -> Configure VPN)
Press "ADD" button, click on drop-down menu and pick "Import a saved VPN configuration", press Create button.
In "Select File to import" choose your "*.ovpn" file.
In "Editing ...your *.ovpn file name..." window enter your username and password for vpn. Make sure that a *.crt file appeared in CA Certificate field.
Open "IPv4 Settings" panel and choose "Automatic (VPN) addresses only".
Open "VPN" panel again and click "Advanced" button.
Open "TLS Authentication" panel and make sure your "*.key" appeared in "Key File" field. Press Ok button.
Press "Save" button in "Editing ...your *.ovpn file name..." window.
Your VPN connection should appear in "Network Connections" window.

That's all, I hope it helps. Good luck!

this worked for me but without step 8. – Aamir Abro Nov 27 '15 at 06:02 — Aamir Abro, Nov 27 '15 at 06:02

Buford T. Justice · Answer 4 · 2015-01-09T06:00:00.283

It's late to answer, but I found a solution (and it is a PAIN)...

Create a folder in your home directory called .OpenVPN (with the dot in front of it so it is hidden) then open that folder and create one called FrootVPN (no dot needed). This makes management of different VPN providers easier.
Copy/Paste froot.ovpn to the /home/YOU/.OpenVPN/FrootVPN folder.
Open the froot.ovpn file with a text editor.
Copy everything between the ca /ca tags.
Paste the contents to a new file and save it as ca.crt within the /home/YOU/.OpenVPN/FrootVPN folder.
Click on the Network Manager icon and go to VPN CONNECTIONS > CONFIGURE VPN...
Click on ADD and select OpenVPN. Click CREATE.
Call it FrootVPN 1194 and use se-openvpn.frootvpn.com for the Gateway. Type will be PASSWORD. Enter your FrootVPN username and password. On CA Certificate, click the folder icon and browse to the ca.crt file you created.
Click the Advanced button and change "Use custom gateway port:" to 1194. Click OK.
Change the Method on both the IPv4 and IPv6 tabs to Automatic (VPN) addresses only.
Click SAVE.

Now for the PAIN part: you will have to create 15 more FrootVPN connections since they use ports 1194-1209. Repeat Steps 7-11 above for port 1195 then again for 1196 and so on until you finish with port 1209 making sure the name in Step 8 matches the port in Step 9. I know... it sucks!

Now you can connect to FrootVPN by clicking on the Network Manager icon and going to VPN Connections. Work through the list of FrootVPN connections until you find one you can connect to.

Frankly, I wish Network Manager supported .ovpn files directly. We should be able to IMPORT the .ovpn file, Network Manager gets all the correct settings from the .ovpn file, does the correct range of gateway ports and other settings specified by the VPN provider, and saves it all as ONE connection. The .crt files should not be needed if everything is in the .ovpn file.

this totally sucks, anyone know if there is an offical bug report anywhere ? — jowan sebastian, Mar 26 '15 at 06:46
I know. It DOES totally suck. I wish there was a simple GUI that opens them like Windows has. — Buford T. Justice, Jun 03 '15 at 22:31
*It's late to answer...* its 2019 now and this answer still saved my day, thanks! — Mathias Vonende, Jan 17 '19 at 17:26

score 9 · Answer 5 · edited Jul 19 '15 at 12:07

9

In Unity 14.04, all I had to do was go to edit connections, Click "add" by using the drop down list to select import a saved VPN configuration, and then select my "filename.ovpn" file, and voila. Done.

edited Jul 19 '15 at 12:07

sugab

4,337
4
30
48

answered Jul 19 '15 at 09:11

user431052

91
1
1

6

This looks promising, but it barely uses my .ovpn at all, it just pulls out the gateway. None of the certificates are present. :\ – James T Snell Sep 15 '15 at 01:37
This worked for me, no problems. Ubuntu 16.04. – jonasfh Oct 02 '18 at 11:05

score 6 · Answer 6 · edited Sep 02 '16 at 18:48

6

I answered this with a way to use Network Manager as the OP asked, but there is a MUCH BETTER WAY! All you have to do is download and install a program called gopenvpn which is available via Ubuntu Software Center. Save your .ovpn files to /etc/openvpn as admin. Open gopenvpn which should be listed under Applications > Internet and click on the .ovpn file to connect to by right-clicking on the gopenvpn icon you will see on your task bar. Easy as pie which is the way anything on a computer should be :)

Also you can bypass usernames and password by making .txt files in /etc/openvpn using this format:

username
password

Then in each of your .ovpn files (for example VPNBook .ovpn files), change the line that says this:

auth-user-pass

To:

auth-user-pass VPNBook.txt

Use SED to make the replacement per line in all your .ovpn -files, etc

root@masi:/etc/openvpn# sed -i '/auth-user-pass/c\auth-user-pass nordvpn.txt' *.ovpn

Lastly ensure security and do such that others do not see your username and password

root@masi:/etc/openvpn# chmod 700 nordvpn.txt

edited Sep 02 '16 at 18:48

Léo Léopold Hertz 준영

4,617
20
77
153

answered Jul 01 '15 at 09:01

Buford T. Justice

1,444
3
13
21

Use `sed` to replace the thing in all your .ovpn -files etc `root@masi:/etc/openvpn# sed -i '/auth-user-pass/c\auth-user-pass nordvpn.txt' *.ovpn` where the password file locates in `/etc/openvpn/`. - - Related: https://nordvpn.com/tutorials/linux/openvpn/ – Léo Léopold Hertz 준영 Sep 02 '16 at 16:59
2

Please, pay more attention to security. Your password would be open to others. – Léo Léopold Hertz 준영 Sep 02 '16 at 17:06
Also protect the file before putting sensitive info inside. `600` should be the file permissions and owner should be `root` I assume. I don't see how is this better than importing with `nmcli` or network manager UI whatever you are using (depends on DE). – akostadinov Oct 27 '21 at 17:02

score 5 · Answer 7 · answered Dec 19 '15 at 00:32

Since this issue bit me quite a few times, I decided to also create a tool to automate the "downgrading" of the .ovpn file with embedded certs to a .ovpn file pointing to other .pem files.

It is available here : https://github.com/dolanor/ovpnsplit/ It is in go, so you need go installed or you can just use the binaries from here : https://github.com/dolanor/ovpnsplit/releases

Put your .ovpn file where you want it (I put it in ~/.config/openvpn/ that I created), then launch the tool ovpnsplit ~/.config/openvpn/file.ovpn It will create all the files that were embedded in file.ovpn into individual .pem files

In NetworkManager, select import vpn config and then choose your ~/.config/openvpn/file.ovpn. Normally, all the certificate files should point to the good one.

But another bug made that NetworkManager doesn't detect the key direction from the Advanced settings of TLS Auth. So you need to put it to the right direction also…

And after that, you save and you should be good to go.

This tool will help with the use of the kylemanna/openvpn docker image which create all the certificates and the TLS Auth.

do you know which version of ubuntu will be the first one to allow .opvn files with embedded certs? (in order to resort to ovpnsplit, which is a great tool, don't get me wrong) — knocte, Feb 29 '16 at 05:08
Given this : https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/606365 . It seems it has been fixed. I think we're still before feature freeze, and since it is a bug it might get to the 16.04 anyway. I guess you were the knocte posting on this bug :) — Dolanor, Mar 01 '16 at 06:49

score 2 · Answer 8 · edited Dec 10 '15 at 04:54

2

I created a script here to automate fetching password & zip files from several vpn sites such as vpnbook.com, extracting the ca, cert, and key data from the ovpn files, and updating the opvn files so the certs should just import for you. It could easily be modified for use with other providers.

edited Dec 10 '15 at 04:54

Community

1

answered Dec 02 '15 at 22:53

ryry1985

176
6

score 0 · Answer 9 · answered Nov 08 '13 at 02:05

When you aren't given an user certificate, you must select the 'Password' type in the authentication drop down. Then in advanced, in 'TLS Authentication' add the TLS .key file and set the direction accordingly (1 or 0, that should be set in the .ovpn file).

How can I use a .ovpn file with Network Manager?

9 Answers9

Linked