INLINE client file: not connecting to server

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
fperloff
OpenVpn Newbie
Posts: 5
Joined: Sun Jul 23, 2017 1:45 am

INLINE client file: not connecting to server

Post by fperloff » Sun Jan 07, 2018 8:23 pm

Hi --
I have a working OpenVPN server with Windows and Android clients.
I want to develop an inline client config file for some Android and IOS clients. I took a working client config and pasted into it the ca.crt, client.cert, client.key and tls-auth.key. I received the error "Insufficient key material or header text not found in file '[[INLINE]]' (0/128/256 bytes found/min/max)"
I then copied out the ca.crt, client.crt, client.key and tls-auth.key to separate files and modified the client config file to refer to the files, rather than including them inline. I was able to connect the client to the server. So I'm quite confident that my key files are intact and correct.
Is there something wrong with my syntax in the inline .ovpn file?
Thanks!

SERVER

port 1194
proto udp
dev tun

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh4096.pem
tls-auth /etc/openvpn/keys/ta.key 0 # This file should be kept secret
key-direction 0


cipher AES-128-CBC
auth SHA256

server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

ifconfig-pool-persist ipp.txt
keepalive 10 120

comp-lzo

persist-key
persist-tun

status openvpn-status.log
verb 4444

user nobody
group nogroup

INLINE client config
CLIENT

# inline keys & certs for iOS
#
remote www.xxx.yyy.zzz 1194
comp-lzo
client
dev tun
redirect-gateway def1

remote-cert-tls server
key-direction 1
cipher AES-128-CBC
auth SHA256

proto udp
resolv-retry infinite
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Set log file verbosity.
verb 4
mute 20

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

<cert>

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>


Client log file (INLINE configuration):

Code: Select all

Sun Jan 07 11:35:18 2018 us=428444 Current Parameter Settings:
Sun Jan 07 11:35:18 2018 us=428444   config = 'xxx-pixel.ovpn'
Sun Jan 07 11:35:18 2018 us=428444   mode = 0
Sun Jan 07 11:35:18 2018 us=428444   show_ciphers = DISABLED
Sun Jan 07 11:35:18 2018 us=428444   show_digests = DISABLED
Sun Jan 07 11:35:18 2018 us=428444   show_engines = DISABLED
Sun Jan 07 11:35:18 2018 us=428444   genkey = DISABLED
Sun Jan 07 11:35:18 2018 us=428444   key_pass_file = '[UNDEF]'
Sun Jan 07 11:35:18 2018 us=428444   show_tls_ciphers = DISABLED
Sun Jan 07 11:35:18 2018 us=428444   connect_retry_max = 0
Sun Jan 07 11:35:18 2018 us=428444 Connection profiles [0]:
Sun Jan 07 11:35:18 2018 us=428444   proto = udp
Sun Jan 07 11:35:18 2018 us=428444   local = '[UNDEF]'
Sun Jan 07 11:35:18 2018 us=428444   local_port = '[UNDEF]'
Sun Jan 07 11:35:18 2018 us=428444   remote = 'www.xxx.yyy.zzz'
Sun Jan 07 11:35:18 2018 us=428444   remote_port = '1194'
Sun Jan 07 11:35:18 2018 us=428444   remote_float = DISABLED
Sun Jan 07 11:35:18 2018 us=428444   bind_defined = DISABLED
Sun Jan 07 11:35:18 2018 us=428444   bind_local = DISABLED
Sun Jan 07 11:35:18 2018 us=428444   bind_ipv6_only = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 NOTE: --mute triggered...
Sun Jan 07 11:35:18 2018 us=428444 272 variation(s) on previous 20 message(s) suppressed by --mute
Sun Jan 07 11:35:18 2018 us=428444 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Sun Jan 07 11:35:18 2018 us=428444 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Jan 07 11:35:18 2018 us=428444 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Sun Jan 07 11:35:18 2018 us=429447 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jan 07 11:35:18 2018 us=429447 Need hold release from management interface, waiting...
Sun Jan 07 11:35:18 2018 us=430449 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jan 07 11:35:18 2018 us=533726 MANAGEMENT: CMD 'state on'
Sun Jan 07 11:35:18 2018 us=533726 MANAGEMENT: CMD 'log all on'
Sun Jan 07 11:35:18 2018 us=552777 MANAGEMENT: CMD 'echo all on'
Sun Jan 07 11:35:18 2018 us=553781 MANAGEMENT: CMD 'hold off'
Sun Jan 07 11:35:18 2018 us=555285 MANAGEMENT: CMD 'hold release'
Sun Jan 07 11:35:18 2018 us=617952 MANAGEMENT: Client disconnected
Sun Jan 07 11:35:18 2018 us=617952 Insufficient key material or header text not found in file '[[INLINE]]' (0/128/256 bytes found/min/max)
Sun Jan 07 11:35:18 2018 us=617952 Exiting due to fatal error
Client config where keys are in separate files (i.e. not INLINE)
CLIENT

ca keys/ca.crt
cert keys/pixel.crt
key keys/pixel.key
tls-auth keys/ta.key 1

remote www.xxx.yyy.zzz
comp-lzo
client
dev tun
redirect-gateway def1

remote-cert-tls server

cipher AES-128-CBC
auth SHA256
auth-nocache

proto udp
resolv-retry infinite
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Set log file verbosity.
verb 4
mute 20


Client log where keys are in separate files (i.e. not INLINE):

Code: Select all

Sun Jan 07 12:08:48 2018 us=419084 Current Parameter Settings:
Sun Jan 07 12:08:48 2018 us=419084   config = 'xxx.ovpn'
Sun Jan 07 12:08:48 2018 us=419084   mode = 0
Sun Jan 07 12:08:48 2018 us=419084   show_ciphers = DISABLED
Sun Jan 07 12:08:48 2018 us=419084   show_digests = DISABLED
Sun Jan 07 12:08:48 2018 us=419084   show_engines = DISABLED
Sun Jan 07 12:08:48 2018 us=419084   genkey = DISABLED
Sun Jan 07 12:08:48 2018 us=419084   key_pass_file = '[UNDEF]'
Sun Jan 07 12:08:48 2018 us=419084   show_tls_ciphers = DISABLED
Sun Jan 07 12:08:48 2018 us=419084   connect_retry_max = 0
Sun Jan 07 12:08:48 2018 us=419084 Connection profiles [0]:
Sun Jan 07 12:08:48 2018 us=419084   proto = udp
Sun Jan 07 12:08:48 2018 us=419084   local = '[UNDEF]'
Sun Jan 07 12:08:48 2018 us=419084   local_port = '[UNDEF]'
Sun Jan 07 12:08:48 2018 us=419084   remote = 'www.xxx.yyy.zzz''
Sun Jan 07 12:08:48 2018 us=419084   remote_port = '1194'
Sun Jan 07 12:08:48 2018 us=419084   remote_float = DISABLED
Sun Jan 07 12:08:48 2018 us=419084   bind_defined = DISABLED
Sun Jan 07 12:08:48 2018 us=420087   bind_local = DISABLED
Sun Jan 07 12:08:48 2018 us=420087   bind_ipv6_only = DISABLED
Sun Jan 07 12:08:48 2018 us=420087 NOTE: --mute triggered...
Sun Jan 07 12:08:48 2018 us=420087 272 variation(s) on previous 20 message(s) suppressed by --mute
Sun Jan 07 12:08:48 2018 us=420087 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Sun Jan 07 12:08:48 2018 us=420087 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Jan 07 12:08:48 2018 us=420087 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Sun Jan 07 12:08:48 2018 us=420087 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Sun Jan 07 12:08:48 2018 us=420087 Need hold release from management interface, waiting...
Sun Jan 07 12:08:48 2018 us=421090 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Sun Jan 07 12:08:48 2018 us=524367 MANAGEMENT: CMD 'state on'
Sun Jan 07 12:08:48 2018 us=524367 MANAGEMENT: CMD 'log all on'
Sun Jan 07 12:08:48 2018 us=546928 MANAGEMENT: CMD 'echo all on'
Sun Jan 07 12:08:48 2018 us=548933 MANAGEMENT: CMD 'hold off'
Sun Jan 07 12:08:48 2018 us=549936 MANAGEMENT: CMD 'hold release'
Sun Jan 07 12:08:48 2018 us=615612 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:48 2018 us=615612 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:48 2018 us=615612 LZO compression initializing
Sun Jan 07 12:08:48 2018 us=615612 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sun Jan 07 12:08:48 2018 us=615612 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Sun Jan 07 12:08:48 2018 us=615612 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Sun Jan 07 12:08:48 2018 us=615612 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Sun Jan 07 12:08:48 2018 us=615612 TCP/UDP: Preserving recently used remote address: [AF_INET]www.xxx.yyy.zzz:1194
Sun Jan 07 12:08:48 2018 us=615612 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 07 12:08:48 2018 us=615612 UDP link local: (not bound)
Sun Jan 07 12:08:48 2018 us=615612 UDP link remote: [AF_INET]www.xxx.yyy.zzz:1194
Sun Jan 07 12:08:48 2018 us=615612 MANAGEMENT: >STATE:1515355728,WAIT,,,,,,
Sun Jan 07 12:08:48 2018 us=655719 MANAGEMENT: >STATE:1515355728,AUTH,,,,,,
Sun Jan 07 12:08:48 2018 us=655719 TLS: Initial packet from [AF_INET]www.xxx.yyy.zzz:1194, sid=b9ee9c5b 185d7d9f
Sun Jan 07 12:08:48 2018 us=742953 VERIFY OK: depth=1, C=US, ST=XX, ...
Sun Jan 07 12:08:48 2018 us=743456 VERIFY KU OK
Sun Jan 07 12:08:48 2018 us=743456 Validating certificate extended key usage
Sun Jan 07 12:08:48 2018 us=743456 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Jan 07 12:08:48 2018 us=743456 VERIFY EKU OK
Sun Jan 07 12:08:48 2018 us=743456 VERIFY OK: depth=0, C=US, ST=XX, ...
Sun Jan 07 12:08:48 2018 us=931460 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sun Jan 07 12:08:48 2018 us=932463 [server] Peer Connection Initiated with [AF_INET]www.xxx.yyy.zzz:1194
Sun Jan 07 12:08:50 2018 us=69558 MANAGEMENT: >STATE:1515355730,GET_CONFIG,,,,,,
Sun Jan 07 12:08:50 2018 us=69558 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jan 07 12:08:50 2018 us=106658 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.34 10.8.0.33'
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: route options modified
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan 07 12:08:50 2018 us=106658 Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:406 ET:0 EL:3 ]
Sun Jan 07 12:08:50 2018 us=106658 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 07 12:08:50 2018 us=106658 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:50 2018 us=106658 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 07 12:08:50 2018 us=106658 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:50 2018 us=106658 interactive service msg_channel=0
Sun Jan 07 12:08:50 2018 us=110669 ROUTE_GATEWAY 10.10.10.1/255.255.255.0 I=2 HWADDR=b0:6e:bf:84:7e:43
Sun Jan 07 12:08:50 2018 us=115681 open_tun
Sun Jan 07 12:08:50 2018 us=115681 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{499BAD2B-5964-4951-817A-724F82FD29B1}.tap
Sun Jan 07 12:08:50 2018 us=115681 TAP-Windows Driver Version 9.21 
Sun Jan 07 12:08:50 2018 us=115681 TAP-Windows MTU=1500
Sun Jan 07 12:08:50 2018 us=116684 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.34/255.255.255.252 on interface {499BAD2B-5964-4951-817A-724F82FD29B1} [DHCP-serv: 10.8.0.33, lease-time: 31536000]
Sun Jan 07 12:08:50 2018 us=116684 DHCP option string: 06080808 08080808 0404
Sun Jan 07 12:08:50 2018 us=116684 Successful ARP Flush on interface [8] {499BAD2B-5964-4951-817A-724F82FD29B1}
Sun Jan 07 12:08:50 2018 us=118689 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Jan 07 12:08:50 2018 us=118689 MANAGEMENT: >STATE:1515355730,ASSIGN_IP,,10.8.0.34,,,,
Sun Jan 07 12:08:55 2018 us=807177 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Jan 07 12:08:55 2018 us=807177 C:\WINDOWS\system32\route.exe ADD www.xxx.yyy.zzz MASK 255.255.255.255 10.10.10.1
Sun Jan 07 12:08:55 2018 us=809181 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=809181 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=809181 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.33
Sun Jan 07 12:08:55 2018 us=810183 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=810183 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=810183 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.33
Sun Jan 07 12:08:55 2018 us=811186 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=811186 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=811186 MANAGEMENT: >STATE:1515355735,ADD_ROUTES,,,,,,
Sun Jan 07 12:08:55 2018 us=811186 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.33
Sun Jan 07 12:08:55 2018 us=812189 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=812189 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=812189 Initialization Sequence Completed
Sun Jan 07 12:08:55 2018 us=812189 MANAGEMENT: >STATE:1515355735,CONNECTED,SUCCESS,10.8.0.34,www.xxx.yyy.zzz,,
Last edited by Pippin on Sat May 02, 2020 11:03 am, edited 1 time in total.
Reason: Formatting
Top
fperloff
OpenVpn Newbie
Posts: 5
Joined: Sun Jul 23, 2017 1:45 am

Re: INLINE client file: not connecting to server

Post by fperloff » Wed Jan 10, 2018 8:12 pm

So, what does '[[INLINE]]' refer to in the client log? Which key / header is insufficient? :?

Insufficient key material or header text not found in file '[[INLINE]]' (0/128/256 bytes found/min/max)

If I knew, I could fix the client config.

Thanks!
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: INLINE client file: not connecting to server

Post by TinCanTech » Wed Jan 10, 2018 9:40 pm

fperloff wrote:
Wed Jan 10, 2018 8:12 pm
 what does '[[INLINE]]' refer to in the client log? Which key / header is insufficient? :?
That is a good question .. I have asked the devs for details.

However, the message says "in file '[[INLINE]]' (0/128/256 bytes found/min/max)" .. so it found 0 Zero data in the Inline section. I cannot say for sure but perhaps it is a copy/paste error ..

FYI: you also need --key-direction with inline --tls-auth
Last edited by TinCanTech on Wed Jan 10, 2018 9:45 pm, edited 1 time in total.
Top
fperloff
OpenVpn Newbie
Posts: 5
Joined: Sun Jul 23, 2017 1:45 am

Re: INLINE client file: not connecting to server

Post by fperloff » Wed Jan 10, 2018 9:43 pm

SOLVED
I regenerated the tls key on the server and copied it into the client config file. I can now connect using the INLINE ovpn file.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: INLINE client file: not connecting to server

Post by TinCanTech » Wed Jan 10, 2018 9:44 pm

Thanks for letting us know you solved it 8-)
Top
AlanBardgett
OpenVpn Newbie
Posts: 1
Joined: Sat May 02, 2020 12:18 am

Re: INLINE client file: not connecting to server

Post by AlanBardgett » Sat May 02, 2020 12:19 am

@fperloff

Two years later and still saving people time! THANK YOU! Ran into the issue with pfsense 2.4.4_P3 generating the invalid TLS initially. Did the same "regenerate" (removed TLS requirement, enabled again, autogenerate, saved, worked!).
Top
Post Reply

Return to “Configuration”