I paste you the.ovpn file that I have in case you would see an important error knowing that the file works perfectly with all the devices. (I just deleted the certificate and IP ;-)))
Many thanks in advance
client
nobind
dev tun
redirect-gateway def1
<key>
-----BEGIN PRIVATE KEY-----
The certificate
-----END PRIVATE KEY-----
</key>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
Validity
Not Before: Sep 6 09:58:48 2017 GMT
Not After : Sep 4 09:58:48 2027 GMT
Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=jcpuech/name=EasyRSA/emailAddress=me@myhost.mydomain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
The Modulus
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
The Key idendifier
X509v3 Authority Key Identifier:
keyid: The Key ID
DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain
serial: The Serial number
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:jcpuech
Signature Algorithm: sha256WithRSAEncryption
The signature
-----BEGIN CERTIFICATE-----
The certificate
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
The certificate
-----END CERTIFICATE-----
</ca>
<dh>
-----BEGIN DH PARAMETERS-----
The DH parameters
-----END DH PARAMETERS-----
</dh>
# hardening
remote-cert-tls server
tls-version-min 1.2
cipher AES-256-CBC
auth SHA256
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
The Static key V1
-----END OpenVPN Static key V1-----
</tls-auth>
<connection>
remote XXX.XXX.XXX.XX 1194 udp
</connection>
<connection>
remote XXX.XXX.XXX.XX 443 tcp-client
</connection>
I think whats wrong is you need to only copy the base64 blob sections from your cert like i have above ONLY. The plaintext is causing the parser to remove those lines and then failing to load the config.
You can convert any cert files to base64 with the openvpn tools.
If you SSH into the router and check the ovpn in /etc/openvpn/YOUROPVNNAME , i think you will see that those plain text sections have been removed. You can compare the uploaded to the original and see what was “incorrect” in the original.
Thank you.
I’m my own supplier and I’m going to have to take a full ssh and .ovpn training just to get your router to work. I know how to see if the cost of online training is as expensive as an asus router that works perfectly with my.ovpn file.
It’s gonna be fun!
No offense but it’s not really a GL-iNet issue but an issue with the way you made your config. Asus routers and other systems spit out a “proper” ovpn file that is ready to go, upload and it works.
If you change your ovpn file as i wrote last, it will work for you too. You don’t need to SSH anything, you change your opvn config file to what it should have been in the first place. When you are done upload it with the GL interface.
OpenVPN is a massive system, you can’t expect GL-iNet to implement ALL the ways to load the config files. They have implemented the best and latest way (recommended way).
Thank you so much for taking the time to look at my file.
I’ll make the changes right now!
(no offense either I have always been delighted with the quality of your support for over 4 years and 3 routers ;-))
I tried to transform my file like yours but obviously it still doesn’t work…it’s driving me crazy!
Could you change it for me by simply leaving the IP address empty?
I think I’ll save 2 months of research, 50 forums, and half a day? Please ???
