Android OpenVPN connect ERROR - keyid to long

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
spamator12
OpenVpn Newbie
Posts: 3
Joined: Tue Jun 15, 2021 1:41 am

Android OpenVPN connect ERROR - keyid to long

Post by spamator12 » Tue Jun 15, 2021 1:45 am

I'm using OpenVPN 2.4.7 with EasyRSA-v3.0.6 to generate keys - done it successfully.

Now when installing OpenVPN Connect and import client configuration - there is error FAILED TO PARSE PROFILE - 'keyid:xxxxx' [about 'X509v3 Authority Key Identifier] is to long...

How to fix it!?

I have tried line ending as UNIX/WINDOWS/save to UTF-8 format to no avail.

BTW I'm using linux mint.

User avatar
TinCanTech
Forum Team
Posts: 9374
Joined: Fri Jun 03, 2016 1:17 pm

Re: Android OpenVPN connect ERROR - keyid to long

Post by TinCanTech » Tue Jun 15, 2021 10:40 am

It sounds like the file has been corrupted.

spamator12
OpenVpn Newbie
Posts: 3
Joined: Tue Jun 15, 2021 1:41 am

Re: Android OpenVPN connect ERROR - keyid to long

Post by spamator12 » Thu Jun 17, 2021 7:29 pm

You need to pass config - for example this:

Code: Select all

#CONFIGURE IN CLIENT MODE, TUN MODE, UDP PROTOCOL.

client
dev tun
proto udp

# THIS DIRECTIVE IS THE CONNECTION WITH THE PUBLIC IP OR DOMAIN OF THE SERVER OPENVPN, WE ALSO HAVE TO PUT THE SAME SERVER PORT
remote 127.0.0.1 11949

#RESOLVING THE IP OR DOMAIN CONTINUOUSLY TO CONNECT, KEY AND YOUR PERSISTENT AS THE SERVER.
resolv-retry infinite
nobind
persist-key
persist-tun

#AC ROUTE, CLIENT CERTIFICATES AND TA.KEY.
# IF WE HAVE IT IN THE SAME FOLDER, IT IS NOT NECESSARY TO PUT THE ENTIRE ROUTE.
ca ca.crt
cert client1-openvpn-redeszone.crt
key cliente1-openvpn-redeszone.key
tls-crypt ta.key

#CHECK THE IDENTITY OF THE SERVER, USE GCM SYMMETRICAL ENCRYPTION, TLS 1.2 AND AUTH CONFIGURATION. If our client does not support TLS 1.3.
remote-cert-tls server
cipher AES-256-GCM
auth SHA512

#If our client supports TLS 1.3, we add this directive:
# tls-ciphersuites TLS_AES_256_GCM_SHA384: TLS_CHACHA20_POLY1305_SHA256

#If our client supports TLS 1.2 only, we add this directive:
# tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256

# ENABLE LEVEL LOG VERBOSE 3

verb 3
where yuo specify where are the files you need:

ca ca.crt
cert client1-openvpn-redeszone.crt
key cliente1-openvpn-redeszone.key
tls-crypt ta.key

so just put files (ta.key, ca.crt, etc.) exactly where the config is, and OpenVPN Connect (Android) will import every key by it self.

DO NOT past keys/crt inside openvpn config file - it will not work with the version I wrote on first post.

If you need more details - here is very nice tutorial - https://en.focuzcomputers.com/openvpn-c ... rma-segura

User avatar
TinCanTech
Forum Team
Posts: 9374
Joined: Fri Jun 03, 2016 1:17 pm

Re: Android OpenVPN connect ERROR - keyid to long

Post by TinCanTech » Thu Jun 17, 2021 7:45 pm

If you are in the mood to experiment then you may find this useful:
https://github.com/TinCanTech/easy-tls

Does all your keys and inline files for you .. and even more besides.

Post Reply