OpenVPN connection problem

REPRODUCIBILITY (% or how often): Every time
BUILD ID = OS VERSION (Settings > About product):
HARDWARE (XA2, Xperia 10…): XperiaX
REGRESSION: (compared to previous public release: Yes, No, ?): ?

DESCRIPTION: esthablishing openVPN connection from Sailfish is not working. Establishing the connection with SecureFishNet is flawless. I use the same opvn file.



  1. establish new openvpn connection via Sailfish
  2. import openvpn file
  3. accept settings

EXPECTED RESULT: vpn established

ACTUAL RESULT: problem with connection


(Please ALWAYS attach relevant data such as logs, screenshots, etc…): taking the same staps with SecureFishNet is functional


Is you connection password protected? You might have to set up a new profile with the old config file. Without a password my OpenVPN setups work flawless.

Yes, it’s password protected. But: the same ovpn file import in SecureFishNet works perfect. Same credentials of course.

Did you try to set up the connection as new?

Yes, I imported the ovpnfile in a new vpn connection

If it still does not work I cannot help any further. I am sorry.

You could try to remove the passphrase from the key as outlined here.

This didn’t work. And now even Securefish isn’t working anymore. :frowning_face:
It seems I’m without vpn for now.
Giving it up. Hope implementation is better in next update.
FYI: Openvpn config file that I use works flawless in Linux networkmanager.

I have the same issue, using a XA2 Ultra single sim.
I never had saved my password, instead typed it every time I wanted to use VPN with older SFOS 3.x Versions. Now it doesn’t even come to this step: The device immediately reports ‘problems with connection’. However, this is not only since SFOS 4.0.1: If have another device (Xperia X) still running, and this also doesn’t work. On both devices I started VPN setups from scratch, using a .ovpn file with company-CA and user-cert-files (pem + key) which work flawless when connecting with my openVPN client on PC.
When trying to connect via Sailsfish builtin VPN client, I even tried to see some messages on our openVPN server, but I haven’t spotted anything obvious. It seems that the error occurs so rapidly that not even anything happens regarding network communication.
Is there a way to retrieve log-information?

Now that error message is not very helpful, neither “does not work”. Are there any error messages if you use OpenVPN from the terminal?

I have the same behavior on Xperia10-DualSIM. The logfiles (journalctl) report “openvpn: WARNING: cannot stat file ‘SailfishX.p12’: No such file or directory (errno=2)” although I defined the link to the file in the GUI correctly and the file is readable by ugo. Therefore it could be that the GUI input is not used correctly. -> Does anybody know where to put the key file (SailfishX.p12) so that openvpn finds it?

I’d convert that to PEM and include it directly into the configuration file, inline. I always do that for my customers, they only get one file containing all parts of the configuration, even fallback endpoints.

Thanks for your reply, Maus. I am using ipfire and per default I export a zip file with the configuration (.ovpn) and the key file (.p12). I used the Sailfish OpenVPN import wizard with the *.ovpn file, and entered the key at “Certificate authority certificate file” (sorry, this is a translation from German).

When I enable the VPN-connection, I get the following error in the logfile:

WARNING: cannot stat file ‘SailfishX.p12’: No such file or directory (errno=2)
Options error: --pkcs12 fails with ‘SailfishX.p12’: No such file or directory (errno=2)
Options error: Please correct these errors.

To me it looks like the path to *.p12 file is not handled correctly, and OpenVPN expects a .p12 file (and no .pem). Therefore it seems to be a bug in the OpenVPN-configuration-wizard?

However, could you give me a hint how to include the PEM file inline in the configuration file (I already converted the p12 into pem)?

Look for Inline File Support on the OpenVPN manual page. You place XML-like tags as <ca>...</ca> into your configuration file and between those tags the complete contents of your previous CA file (and subsequently, <cert>, <key> and <tls-auth>, if that applies to your situation). For my configurations, and to be potentially compatible with older clients, I prepend all that with this:

ca [inline]
cert [inline]
key [inline]
tls-auth [inline] 1

And on that manual page, I’ve even learnt how to include p12 files (sort-of) directly.

I found a complete example file using inline files but I don’t know how long this is available, it has been for the last six years, though.