[Freedombox-discuss] OpenVPN configuration / FreedomBox 0.7

Sunil Mohan Adapa sunil at medhas.org
Mon Jan 4 17:24:40 UTC 2016 

On 01/04/2016 07:38 PM, Stacy Cockrum wrote:
> Just downloaded the most recent release of FreedomBox and experimenting
> with the freedombox-unstable-free_2015-12-13_all-amd64.vdi.xz
> <http://ftp.skolelinux.org/pub/freedombox/0.7/freedombox-unstable-free_2015-12-13_all-amd64.vdi.xz>
> image.  I'm very excited about this product and looking forward to the
> upcoming releases.  Currently, I'm having a challenge with the
> implementation of OpenVPN.  I have enabled the feature through the
> FreedomBox web interface and downloaded the .ovpn file. I then attempted
> to create the VPN connection in the cliented by importing the .ovpn file
> into the network connections utility.  The client default authentication
> type is "Certifictes (TLS)", however, it seems that the .ovpn file is
> missing the "User Certificate:" information.  I have also tried the
> "Password" authentication type using my FreedomBox login credentials
> with no success. I have attempted every search term that I can think of
> and just can't seem to find a help page for configuring the client to
> successfully connect to the OpenVPN connection.  The gateway is a
> pagekite URL that I created.  The client uses Manjaro Archlinux.  Any
> help or direction is appreciated.

Desktop VPN connectors based on Network Manager have a major problem
with .ovpn profile handling.  They can't properly use the Certificates
from inside the .ovpn files.  This applies at least to network manager
based connection editor in GNOME (and possibly KDE and other desktop
environments too).  Android OpenVPN clients typically don't have this
problem.

While this support is being worked on in upstream network manager, there
is a workaround procedure to manually extract the certificates from
within the .ovpn profile and then feed the certificate files to the VPN
connection editors[1].  You should be using authentication type as
'Certificates'.  Username/password pair is not required.

Also, PageKite is petty much restricted to web services and SSH.  You
will not be able to connect to VPN via PageKite.

I should be documenting this soon.

Links:

1)
https://askubuntu.com/questions/446057/converting-ovpn-file-to-these-3-files-ca-crt-client-crt-client-key

-- 
Sunil

More information about the Freedombox-discuss mailing list