I'm using OpenVPN 2.4.7 with EasyRSA-v3.0.6 to generate keys - done it successfully.
Now when installing OpenVPN Connect and import client configuration - there is error FAILED TO PARSE PROFILE - 'keyid:xxxxx' [about 'X509v3 Authority Key Identifier] is to long...
How to fix it!?
I have tried line ending as UNIX/WINDOWS/save to UTF-8 format to no avail.
BTW I'm using linux mint.
Android OpenVPN connect ERROR - keyid to long
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Jun 15, 2021 1:41 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Android OpenVPN connect ERROR - keyid to long
It sounds like the file has been corrupted.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Jun 15, 2021 1:41 am
Re: Android OpenVPN connect ERROR - keyid to long
You need to pass config - for example this:
where yuo specify where are the files you need:
ca ca.crt
cert client1-openvpn-redeszone.crt
key cliente1-openvpn-redeszone.key
tls-crypt ta.key
so just put files (ta.key, ca.crt, etc.) exactly where the config is, and OpenVPN Connect (Android) will import every key by it self.
DO NOT past keys/crt inside openvpn config file - it will not work with the version I wrote on first post.
If you need more details - here is very nice tutorial - https://en.focuzcomputers.com/openvpn-c ... rma-segura
Code: Select all
#CONFIGURE IN CLIENT MODE, TUN MODE, UDP PROTOCOL.
client
dev tun
proto udp
# THIS DIRECTIVE IS THE CONNECTION WITH THE PUBLIC IP OR DOMAIN OF THE SERVER OPENVPN, WE ALSO HAVE TO PUT THE SAME SERVER PORT
remote 127.0.0.1 11949
#RESOLVING THE IP OR DOMAIN CONTINUOUSLY TO CONNECT, KEY AND YOUR PERSISTENT AS THE SERVER.
resolv-retry infinite
nobind
persist-key
persist-tun
#AC ROUTE, CLIENT CERTIFICATES AND TA.KEY.
# IF WE HAVE IT IN THE SAME FOLDER, IT IS NOT NECESSARY TO PUT THE ENTIRE ROUTE.
ca ca.crt
cert client1-openvpn-redeszone.crt
key cliente1-openvpn-redeszone.key
tls-crypt ta.key
#CHECK THE IDENTITY OF THE SERVER, USE GCM SYMMETRICAL ENCRYPTION, TLS 1.2 AND AUTH CONFIGURATION. If our client does not support TLS 1.3.
remote-cert-tls server
cipher AES-256-GCM
auth SHA512
#If our client supports TLS 1.3, we add this directive:
# tls-ciphersuites TLS_AES_256_GCM_SHA384: TLS_CHACHA20_POLY1305_SHA256
#If our client supports TLS 1.2 only, we add this directive:
# tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
# ENABLE LEVEL LOG VERBOSE 3
verb 3
ca ca.crt
cert client1-openvpn-redeszone.crt
key cliente1-openvpn-redeszone.key
tls-crypt ta.key
so just put files (ta.key, ca.crt, etc.) exactly where the config is, and OpenVPN Connect (Android) will import every key by it self.
DO NOT past keys/crt inside openvpn config file - it will not work with the version I wrote on first post.
If you need more details - here is very nice tutorial - https://en.focuzcomputers.com/openvpn-c ... rma-segura
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Android OpenVPN connect ERROR - keyid to long
If you are in the mood to experiment then you may find this useful:
https://github.com/TinCanTech/easy-tls
Does all your keys and inline files for you .. and even more besides.
https://github.com/TinCanTech/easy-tls
Does all your keys and inline files for you .. and even more besides.