Page 1 of 1
Android OpenVPN connect ERROR - keyid to long
Posted: Tue Jun 15, 2021 1:45 am
by spamator12
I'm using OpenVPN 2.4.7 with EasyRSA-v3.0.6 to generate keys - done it successfully.
Now when installing OpenVPN Connect and import client configuration - there is error FAILED TO PARSE PROFILE - 'keyid:xxxxx' [about 'X509v3 Authority Key Identifier] is to long...
How to fix it!?
I have tried line ending as UNIX/WINDOWS/save to UTF-8 format to no avail.
BTW I'm using linux mint.
Re: Android OpenVPN connect ERROR - keyid to long
Posted: Tue Jun 15, 2021 10:40 am
by TinCanTech
It sounds like the file has been corrupted.
Re: Android OpenVPN connect ERROR - keyid to long
Posted: Thu Jun 17, 2021 7:29 pm
by spamator12
You need to pass config - for example this:
Code: Select all
#CONFIGURE IN CLIENT MODE, TUN MODE, UDP PROTOCOL.
client
dev tun
proto udp
# THIS DIRECTIVE IS THE CONNECTION WITH THE PUBLIC IP OR DOMAIN OF THE SERVER OPENVPN, WE ALSO HAVE TO PUT THE SAME SERVER PORT
remote 127.0.0.1 11949
#RESOLVING THE IP OR DOMAIN CONTINUOUSLY TO CONNECT, KEY AND YOUR PERSISTENT AS THE SERVER.
resolv-retry infinite
nobind
persist-key
persist-tun
#AC ROUTE, CLIENT CERTIFICATES AND TA.KEY.
# IF WE HAVE IT IN THE SAME FOLDER, IT IS NOT NECESSARY TO PUT THE ENTIRE ROUTE.
ca ca.crt
cert client1-openvpn-redeszone.crt
key cliente1-openvpn-redeszone.key
tls-crypt ta.key
#CHECK THE IDENTITY OF THE SERVER, USE GCM SYMMETRICAL ENCRYPTION, TLS 1.2 AND AUTH CONFIGURATION. If our client does not support TLS 1.3.
remote-cert-tls server
cipher AES-256-GCM
auth SHA512
#If our client supports TLS 1.3, we add this directive:
# tls-ciphersuites TLS_AES_256_GCM_SHA384: TLS_CHACHA20_POLY1305_SHA256
#If our client supports TLS 1.2 only, we add this directive:
# tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
# ENABLE LEVEL LOG VERBOSE 3
verb 3
where yuo specify where are the files you need:
ca ca.crt
cert client1-openvpn-redeszone.crt
key cliente1-openvpn-redeszone.key
tls-crypt ta.key
so just put files (ta.key, ca.crt, etc.) exactly where the config is, and OpenVPN Connect (Android) will import every key by it self.
DO NOT past keys/crt inside openvpn config file - it will not work with the version I wrote on first post.
If you need more details - here is very nice tutorial -
https://en.focuzcomputers.com/openvpn-c ... rma-segura
Re: Android OpenVPN connect ERROR - keyid to long
Posted: Thu Jun 17, 2021 7:45 pm
by TinCanTech
If you are in the mood to experiment then you may find this useful:
https://github.com/TinCanTech/easy-tls
Does all your keys and inline files for you .. and even more besides.