OpenVPN connection problem

babydoc056 · 17 February 2021 16:28

REPRODUCIBILITY (% or how often): Every time
BUILD ID = OS VERSION (Settings > About product): 4.0.1.48
HARDWARE (XA2, Xperia 10…): XperiaX
UI LANGUAGE: dutch
REGRESSION: (compared to previous public release: Yes, No, ?): ?

DESCRIPTION: esthablishing openVPN connection from Sailfish is not working. Establishing the connection with SecureFishNet is flawless. I use the same opvn file.

PRECONDITIONS:

STEPS TO REPRODUCE:

establish new openvpn connection via Sailfish
import openvpn file
accept settings

EXPECTED RESULT: vpn established

ACTUAL RESULT: problem with connection

ADDITIONAL INFORMATION:

(Please ALWAYS attach relevant data such as logs, screenshots, etc…): taking the same staps with SecureFishNet is functional

WT.Sane · 17 February 2021 16:31

Is you connection password protected? You might have to set up a new profile with the old config file. Without a password my OpenVPN setups work flawless.

babydoc056 · 17 February 2021 16:44

Yes, it’s password protected. But: the same ovpn file import in SecureFishNet works perfect. Same credentials of course.

WT.Sane · 17 February 2021 16:52

Did you try to set up the connection as new?

babydoc056 · 17 February 2021 17:06

Yes, I imported the ovpnfile in a new vpn connection

WT.Sane · 17 February 2021 17:07

If it still does not work I cannot help any further. I am sorry.

Maus · 17 February 2021 19:09

You could try to remove the passphrase from the key as outlined here.

babydoc056 · 21 February 2021 15:40

This didn’t work. And now even Securefish isn’t working anymore.
It seems I’m without vpn for now.
Giving it up. Hope implementation is better in next update.
FYI: Openvpn config file that I use works flawless in Linux networkmanager.

mmr · 30 March 2021 15:50

I have the same issue, using a XA2 Ultra single sim.
I never had saved my password, instead typed it every time I wanted to use VPN with older SFOS 3.x Versions. Now it doesn’t even come to this step: The device immediately reports ‘problems with connection’. However, this is not only since SFOS 4.0.1: If have another device (Xperia X) still running 3.4.0.24, and this also doesn’t work. On both devices I started VPN setups from scratch, using a .ovpn file with company-CA and user-cert-files (pem + key) which work flawless when connecting with my openVPN client on PC.
When trying to connect via Sailsfish builtin VPN client, I even tried to see some messages on our openVPN server, but I haven’t spotted anything obvious. It seems that the error occurs so rapidly that not even anything happens regarding network communication.
Is there a way to retrieve log-information?

Maus · 31 March 2021 14:36

Now that error message is not very helpful, neither “does not work”. Are there any error messages if you use OpenVPN from the terminal?

uargae · 2 April 2021 06:36

I have the same behavior on Xperia10-DualSIM. The logfiles (journalctl) report “openvpn: WARNING: cannot stat file ‘SailfishX.p12’: No such file or directory (errno=2)” although I defined the link to the file in the GUI correctly and the file is readable by ugo. Therefore it could be that the GUI input is not used correctly. -> Does anybody know where to put the key file (SailfishX.p12) so that openvpn finds it?

Maus · 2 April 2021 09:56

I’d convert that to PEM and include it directly into the configuration file, inline. I always do that for my customers, they only get one file containing all parts of the configuration, even fallback endpoints.

uargae · 11 April 2021 16:52

Thanks for your reply, Maus. I am using ipfire and per default I export a zip file with the configuration (.ovpn) and the key file (.p12). I used the Sailfish OpenVPN import wizard with the *.ovpn file, and entered the key at “Certificate authority certificate file” (sorry, this is a translation from German).

When I enable the VPN-connection, I get the following error in the logfile:

WARNING: cannot stat file ‘SailfishX.p12’: No such file or directory (errno=2)
Options error: --pkcs12 fails with ‘SailfishX.p12’: No such file or directory (errno=2)
Options error: Please correct these errors.

To me it looks like the path to *.p12 file is not handled correctly, and OpenVPN expects a .p12 file (and no .pem). Therefore it seems to be a bug in the OpenVPN-configuration-wizard?

However, could you give me a hint how to include the PEM file inline in the configuration file (I already converted the p12 into pem)?

Maus · 12 April 2021 06:35

Look for Inline File Support on the OpenVPN manual page. You place XML-like tags as <ca>...</ca> into your configuration file and between those tags the complete contents of your previous CA file (and subsequently, <cert>, <key> and <tls-auth>, if that applies to your situation). For my configurations, and to be potentially compatible with older clients, I prepend all that with this:

ca [inline]
cert [inline]
key [inline]
tls-auth [inline] 1

And on that manual page, I’ve even learnt how to include p12 files (sort-of) directly.

I found a complete example file using inline files but I don’t know how long this is available, it has been for the last six years, though.