Why is the openvpn client not reading the config file normally from the server?

N

nik2102020-02-01 08:45:16

linux

nik210, 2020-02-01 08:45:16

Hello.
1) I raised openvpn on a Dutch server (ubuntu), generated a config file.
2) I uploaded the config file to my home server (Debian GNU/Linux 8 (jessie).
3) I start the VPN connection openvpn --config /root/box.ovpn and get an error

Options error: Unrecognized option or missing parameter(s) in /root/box.ovpn:17: tls-crypt (2.3.4)
Use --help for more information.

Line 17 is the second line of the certificate, it turns out that openvpn does not read the line with the certificate correctly, although all the tags are written correctly

client
dev tun
proto udp
remote айпи порт
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
BIIDQjdCAiqgARIBAgIvDc6nXUjiUHWI8T5kn1o8FW3LyT0wpQYJKoZzhvc1AQEL
9QAw Вот на этой строке openvpn и ругается     MDQ1ODM1WhcNMzAwMTI5
1111111111111111111111111111111111111111111111111111111111111111
бла-бла-бла22222222222222222222222222222222222222222222222222222
sieb9NyTsxFtQL/IvXKZO0dcLivYUw==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
.....
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
.....
-----END OpenVPN Static key V1-----
</tls-crypt>

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

res2001, 2020-02-01
@nik210

The error is not where you indicated, but in the tls-crypt tag.
What version of openvpn is on the client? tls-crypt was only introduced in version 2.4
Use tls-auth.

G

Germanjon, 2020-02-01
@Germanjon

Purely theoretically: several lines with a certificate can be considered as one. So do head -n 17 /root/box.ovpn - what gives?