50

I am trying to import a .ovpn file from the network manager. Here are the steps I follow.

Network Manager → VPN Connections → configure VPN

This opens the Network Connections dialogue. Then,

Add → import saved vpn configuration → choose .ovpn file

This should load my .ovpn configuration, but instead I get a prompt saying

ERROR: plugin does not support import capability.

I can still use VPN using the command 

sudo openvpn --config ~/openvpn/xxx.conf

is this a bug that needs to be filed?

David Foerster
  • 35,754
  • 55
  • 92
  • 145
Lucosias
  • 623
  • 1
  • 5
  • 10
  • 1
    I had a similar problem importing the .ovpn file on one of 2 32 bit installs I updated to Lubuntu 16.04 yesterday. I was ab le to enter the config manually and get it to work. The puzzling thing to me is why it failed on one system and not the other. – Organic Marble Apr 22 '16 at 11:19

12 Answers12

49

I know this is an old question but since I still couldn't find an (easy) answer I want to help others (and future me).

Use this

sudo nmcli connection import type openvpn file FILE_NAME

offcourse replace FILE_NAME with the full path to your file name

This will tell you exactly what's wrong with the file and which lines you should edit/delete.

After you edited the file with the recommendations the command gave you. You can import the file.

Nin
  • 771
  • 1
  • 8
  • 12
  • 1
    Thanks. This method allow to understand the problem. It show error messages. In my case errors emerged from deprecated options in .ovpn file. – PRIHLOP Feb 15 '18 at 11:53
  • Tried a lot of methods but none of them worked. Using this command i found where is the error. Thanks! – Agustin Baez Apr 17 '18 at 12:52
  • Using this tells you what the problem exactly was, instead of the unhelpful error message you get from the GUI. Thanks. – rgin Sep 22 '18 at 19:25
  • 1
    This command imported the connection without an error. Thanks. Still wondering why the gnome ui just allows me to view the configuration (save is disabled). – Kai Aug 01 '19 at 08:19
  • 1
    After executing above I got `Could not find VPN plugin service for 'org.freedesktop.NetworkManager'`. Solved my issue after executing `sudo apt-get install network-manager-openvpn-gnome` – Asif Ali Oct 29 '19 at 09:36
  • Thanks! It helped. In my case I had a tag in the file. Removing it with it's content allowed to import config from the file. – Alex K. Mar 22 '20 at 19:44
  • Thanks. It helped me a lot. In my case, the error was `configuration error: unsupported 1th argument remote_host to “route” (line 6).` I just commented the line, which was `route remote_host 255.255.255.255 net_gateway` – chesterman Nov 12 '20 at 14:01
31

On commenting out the following line with #, I was able to successfully import the VPN config:

#route remote_host 255.255.255.255 net_gateway default

Others have reported that commenting out, or removing, this line works for them as well per bug #606365 in launchpad in spite of this being a valid argument.

That said, while I'm able to successfully connect to the VPN, I'm not able to hit any host over the VPN. On trying to manually set these values using the network manager GUI, I see that only numerical IP addresses are accepted. String values like remote_host or net_gateway cannot be entered via the GUI.

I've also had success importing the same .OVPN file without any modification in Fedora 23, Windows 10 (using Viscosity), OS X El Capitan (using Viscosity) and earlier versions of Ubuntu. Something is definitely broken in 16.04.

Ondra Žižka
  • 3,668
  • 5
  • 35
  • 43
Karthic Raghupathi
  • 411
  • 6
  • 10
  • 9
    remove "route remote_host 255.255.255.255 net_gateway default" then go to IPv4 settings => routes => Check the option “Use this connection only for resources on its network” => press OK => Save. Now you can connect VPN and access to remote host. – Guille Acosta Mar 10 '17 at 19:34
  • 2
    Thanks but that didn't work for me. I was able to successfully connect to the VPN but I was not able to access any hosts over the VPN connection. – Karthic Raghupathi Mar 12 '17 at 19:31
  • Worked for me on Fedora 26 – Heinrich Ulbricht May 17 '18 at 21:17
  • Wondering what "route remote_host 255.255.255.255 net_gateway default" means? In the linked comment they say it's a legitimate OpenVPN argument... – Alex Mar 12 '20 at 10:10
  • If I'm not mistaken, it should mean: _Add a host route to the server’s public IP through the existing default gateway_. While it may be a legitimate OpenVPN argument, the issue here is that the OS's network manager widget is not able to parse it correctly preventing the file from being imported. – Karthic Raghupathi Mar 12 '20 at 20:07
  • @KarthicRaghupathi Can we parse it manually? I don't know how to do it via the command line, but the network manager GUI has "Address", "Netmask", "Gateway", "Metric" under "routes". – T.C. Proctor Jun 11 '20 at 13:28
  • 1
    @T.C.Proctor I'm using a MacBook now and I don't have access to an Ubuntu desktop and this was a while ago. IIRC the GUI in the network manager does not allow you to enter `net_gateway` as the value. It won't let you save the change. I'm not sure if that has changed now. Or you won't have the problem with manually putting those values in if you have a proper IP address. So give it a shot and let us all know how things worked out. – Karthic Raghupathi Jun 11 '20 at 19:36
  • @KarthicRaghupathi doesn't allow `net_gateway` or `remote_host` on mine. These actually resolve to something else though... though can't your `net_gateway` be different - mine has a list of possible gateways that can be used. – T.C. Proctor Jun 12 '20 at 14:08
  • Yeah like I mentioned in my earlier comment, if you have a valid list of IPs, things can be entered manually. In any case this was a while back so I just remember commenting that line out and things working for me. Also I'm using Viscosity on my Mac these days and I didn't have any trouble parsing the same file. – Karthic Raghupathi Jun 12 '20 at 20:28
  • Three years after getting it to work by removing said line I suddenly face the problem that DNS resolution fails. Accessing servers via IP works, though. Narf. – Heinrich Ulbricht Jul 29 '21 at 19:20
17

worked for me:

sudo apt install network-manager-openvpn-gnome
Mark Khateeb
  • 311
  • 1
  • 10
  • This is how I remember configuring OpenVPN saved configurations (exported from other applications) in previous versions of Ubuntu (12.04, 14.04). I'm not sure I had to install this package in those cases, though. Anyway, thanks for the tip! – nicorellius Feb 18 '17 at 13:44
  • 1
    Works on Ubuntu 17.10... Remember to close settings and reopen. – Dehan Jan 22 '18 at 14:17
  • 1
    Working in Ubuntu 18.04. I exported one file from a router (archer60) with the extension .ovpn and was not able to import the keys and the settings to enable the VPN. Installing that package solved the issue. – Alessandro D'lncal Sep 02 '18 at 12:36
11
  1. open your .ovpn file with any editor

  2. add # to the beginning of this line to comment it out

    route remote_host 255.255.255.255 net_gateway default

  3. Go to IPv4 settings > routes > Check the option “Use this connection only for resources on its network” > press OK > Save

Done!

This is just a wrap up of what worked for me on ubuntu 16.04 based on the other answers and comments here.

Nick
  • 113
  • 1
  • 7
2

Importing .ovpn profiles inside network manager has recently been improved, but there are still bugs and misleading error messages. Sometimes you can successfully import the .ovpn file by removing a single line that breaks the import procedure. In my case, I removed the line float 1 from my .ovpn file and the file has been imported successfully.

giox069
  • 251
  • 1
  • 3
  • 5
  • 3
    I think we should gather these potential solutions into a wiki answer because they *may or may not work* and there's no point in lowering someone's stackoverflow rep because one particular workaround didn't work –  Feb 14 '17 at 14:59
2

Its working :) from https://zorrovpn.com/howto/openvpn/ubuntu?lang=en

Open .ovpn file with a text editor.

And change lines that looks like

remote 11.2.2.2 443 tcp-client

to

remote 11.2.2.2
port 443
proto tcp-client

Then save .ovpn file and try again to import VPN connection.

Ali Saleh
  • 21
  • 1
1

You might be suffering from the NetworkManager-openvpn bug #83.

Current suggested workaround is a downgrade to 1.8.10-1, however this version is not available in Ubuntu 21.10.

In my case the issue was caused by a PKCS#12 certificate from which I extracted a PKCS#8 CA certificate with

openssl pkcs12 -in [input.p12] -cacerts -nokeys -out ca.crt

and specified

ca ca.crt

in the config file before being able to import the connection with

sudo nmcli connection import type openvpn file your-file.ovpn

You might have to enter your certificate password for every connection. Consider this a workaround until the issue is fixed upstream and you can import your configuration through the UI without issues again.

Kalle Richter
  • 5,935
  • 20
  • 69
  • 101
1

I am experiencing the same issue. It looks like a bug, according to this link: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/606365

Kestrell
  • 66
  • 1
  • 8
  • I do not think it is the exact same bug. The workaround posted (#14) in the bugs link that you have shared does not apply to me. The suggested workaround is to have separate key and cert files instead of tags in the ovpn file. My ovpn file already does not contain any tags. cert and key are in separate files as well. – Lucosias May 07 '16 at 01:41
  • See the solution #77: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/606365/comments/77 – jgomo3 Nov 01 '16 at 15:45
0

Nothing here worked for me so I added it to the openvpn config manually.

$ sudo cp ~/me.ovpn /etc/openvpn/me.conf

Then I start OpenVPN with:

$ sudo systemctl start openvpn@me

# Enable/disable on computer start
$ sudo systemctl enable openvpn@me
Nek
  • 221
  • 4
  • 12
0

I've found out that changing 

remote REMOTE_SERVER 12345

with

remote REMOTE_SERVER
port 12345

Fixed the issue.

user1018130
  • 1
0

For me (Ubuntu 16.04.1 LTS), removing the section <extra-certs> worked.

Here is the ovpn file generated by a tunnel provider.

setenv USERNAME "user@provider.xx"
client
dev tun
remote host 1194 udp
remote host 1194 udp
remote host 443 tcp
remote host 1194 udp
remote host 1194 udp
remote host 1194 udp
remote host 1194 udp
remote host 1194 udp
remote-cert-tls server
comp-lzo no
auth SHA1
nobind
verb 3
sndbuf 0
rcvbuf 0
socket-flags TCP_NODELAY

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>

<extra-certs>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</extra-certs>

<key>
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
## -----BEGIN RSA SIGNATURE-----
## DIGEST:SHA1WithRSA
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
malaise
  • 1
  • 2
0

In my case the following item caused the problem:

float 1

After commenting it out, it worked:

#float 1
Karel Pičman
  • 1