Bug 1267252

Summary: OpenVPN doesn't support <cert>, <key>, <ca> tags in config
Product: [Fedora] Fedora Reporter: Ivo Petrov <cmptuomp3>
Component: NetworkManager-openvpnAssignee: Dan Williams <dcbw>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 22CC: choeger, dcbw, huzaifas, jklimes, psimerda, steve, thaller
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-29 13:27:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ivo Petrov 2015-09-29 13:04:09 UTC 
Description of problem:

OpenVPN doesn't support <cert>, <key>, <ca> tags in config

Version-Release number of selected component (if applicable):
NetworkManager-openvpn-1.0.2-2.fc22.x86_64

How reproducible:
very

Steps to Reproduce:
1. generate openvpn config with <cert>, <key>, <ca> tags instead of separate files
2. select network, add network connection, import from file
3. choose the generated config

Actual results:
can't import openvpn config

Expected results:
i should be able to import this openvpn config as it is a valid one (openvpn /path/to/config works from cdm)

Additional info:
Here's a sample config:

$ cat openvpnconfig.conf
client
dev tun
proto tcp
remote someserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
$CA HERE
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
$user_cert HERE
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
$user_key HERE
-----END PRIVATE KEY-----
</key>
ns-cert-type server
comp-lzo
verb 3
route-method exe
route-delay 2



Such a config works fine from cmd. I think it's reasonable to think it would work in NM.
Comment 1 Jirka Klimes 2015-09-29 13:27:25 UTC 
Yeah, NetworkManager-openvpn should be improved to allow inline certificates.

*** This bug has been marked as a duplicate of bug 1157817 ***