INLINE client file: not connecting to server

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
fperloff
OpenVpn Newbie
Posts: 5
Joined: Sun Jul 23, 2017 1:45 am

INLINE client file: not connecting to server

Post by fperloff » Sun Jan 07, 2018 8:23 pm

Hi --
I have a working OpenVPN server with Windows and Android clients.
I want to develop an inline client config file for some Android and IOS clients. I took a working client config and pasted into it the ca.crt, client.cert, client.key and tls-auth.key. I received the error "Insufficient key material or header text not found in file '[[INLINE]]' (0/128/256 bytes found/min/max)"
I then copied out the ca.crt, client.crt, client.key and tls-auth.key to separate files and modified the client config file to refer to the files, rather than including them inline. I was able to connect the client to the server. So I'm quite confident that my key files are intact and correct.
Is there something wrong with my syntax in the inline .ovpn file?
Thanks!

SERVER

port 1194
proto udp
dev tun

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh4096.pem
tls-auth /etc/openvpn/keys/ta.key 0 # This file should be kept secret
key-direction 0


cipher AES-128-CBC
auth SHA256

server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

ifconfig-pool-persist ipp.txt
keepalive 10 120

comp-lzo

persist-key
persist-tun

status openvpn-status.log
verb 4444

user nobody
group nogroup

INLINE client config
CLIENT

# inline keys & certs for iOS
#
remote www.xxx.yyy.zzz 1194
comp-lzo
client
dev tun
redirect-gateway def1

remote-cert-tls server
key-direction 1
cipher AES-128-CBC
auth SHA256

proto udp
resolv-retry infinite
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Set log file verbosity.
verb 4
mute 20

<ca>
-----BEGIN CERTIFICATE-----
MIIGujCCBKKgAwIBAgIJAJnxCJw1PKh3MA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMRAwDgYDVQQHEwdBc2hsYW5kMQ0wCwYD
VQQKEwRIb21lMRQwEgYDVQQLEwtIb21lTmV0d29yazEQMA4GA1UEAxMHSG9tZSBD
QTEQMA4GA1UEKRMHUGVybG9mZjEeMBwGCSqGSIb3DQEJARYPZnJlZEBwZXJsb2Zm
LnVzMB4XDTE3MDYyODE2MTI0NloXDTI3MDYyNjE2MTI0NlowgZkxCzAJBgNVBAYT
AlVTMQ8wDQYDVQQIEwZPcmVnb24xEDAOBgNVBAcTB0FzaGxhbmQxDTALBgNVBAoT
BEhvbWUxFDASBgNVBAsTC0hvbWVOZXR3b3JrMRAwDgYDVQQDEwdIb21lIENBMRAw
DgYDVQQpEwdQZXJsb2ZmMR4wHAYJKoZIhvcNAQkBFg9mcmVkQHBlcmxvZmYudXMw
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8cTzxD7/VxADU45FBCoAY
vUF19z/F14k6aFhIWs8vP5T9QhdqfDqYn8F9YYQC794DPxgMUmSdiRtEiKlnLx6p
505ZHFBuNUYpPgg5CyziCtNrThGjkZhy6U4awsEYMNhyCfSedOi46bfFkX1iNEqJ
Z+73/zV+CkZJueus8B0NZMSSW4WgvI1d1IS9WcEMcqMNn4uo18KNIkp1zFKpw+xY
rs8B9BK6ekrGuqk66H8X//9RIVE8fzr4/yznDSL/sg0Pkj/dfw2l749tGbLkFDBI
qjP+3SKI/2Hsn8G9OytGnclHnFXfAh0gRAZUjPAhONOoiodVr9c8g0kAX1DMVlWN
l7YHBSA53/TL0pJ4+Zs/XVcT+8JVCuw1OiWqr2pfVffADSgMAESDOG1jOay3KWCT
iMVng687dmEfMqtwguDRxb11wZNqig/vw975KK7drhu7GBEmr6ya8bGiP9mevID9
R4wiNQLKnr+Wu6YCcqkdfKD9y0IrtsDkNl57lGDmW4CWxkSp1le0eQ4hdiD5gz4/
g1gMA3rzhdOnGQA9AD22pLFJCL2kcoP1L8VYzL8wG2xM0C7rIh7w9QVa7utu8h4F
laFi02WbQkuKRyaqpxnHOAKWCB91thJ4DAe6hs8j8hbry1MgiYtlhGlOwiHInDG5
FubWO1RaugOOLj3DfHN4fwIDAQABo4IBATCB/jAdBgNVHQ4EFgQUFjpWa1SvSRd2
UyzBgRAbVtL1G24wgc4GA1UdIwSBxjCBw4AUFjpWa1SvSRd2UyzBgRAbVtL1G26h
gZ+kgZwwgZkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xEDAOBgNVBAcT
B0FzaGxhbmQxDTALBgNVBAoTBEhvbWUxFDASBgNVBAsTC0hvbWVOZXR3b3JrMRAw
DgYDVQQDEwdIb21lIENBMRAwDgYDVQQpEwdQZXJsb2ZmMR4wHAYJKoZIhvcNAQkB
Fg9mcmVkQHBlcmxvZmYudXOCCQCZ8QicNTyodzAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4ICAQAU+Th2+O8AYGB+HCANA6siOgmdRhSy0H1YG4zH7IEPAMaH
gnrLvJ5wCocZZXGdTPzQ8dCGL+nvxgU4Ao/Adu8WANykbpMgtP5X1OifrZsrr0gY
tUeIa7JCiuQv4ET5vcy9TM8rTJh48JQ2rQ10sXFXM7IBUlWrpJvxYcOL5Lw5Zp42
wyMPY0TwFEGn7m0Ci+COA8B1iwS80iDtBkv+WG0mVFHnqQlr0L/nc6QTwqNGJqs0
QRorj/WHDf0mvrgpOpWqpRYxvk1RttU0IPs5gEk5SnS7feyVWY0nP7GV+rO7hNhH
pqYza7/K8zQ8xo1yniCvW1cPc/Yju/Rp/izUjk8IUDJjuJHMIb9r+Lc1bu3RI7tQ
vxlYCSlzQXYlO0IemPJYYuCJY1xMDyVGTvPnbjvNoBNGHPlP/tOxl2RcNMQ7a9gX
76FMrIY5vMSKSwu0uaMiPiBCJ5znzmrs7eEeqE4AeQGVNJRDmmSRRx6C4kwfjRsr
qIYaI0ieeEfUXovuNAHokpJY629QznpoRB0ROJd4r3Fw9R0cp3n6qpeUOgnXib0B
Ye5JGchfmPCqLAkWEfrJMBKnL4Zb9Vogn8aEqTdwGJkKq0kuP4PwQ1S7lA2mwcvR
abB4Sg7AJZH+ld5EuAvi6HN1GG+sJZ5IqBH/5Eig7PHk6fVgjKBKUM8T6BLBTQ==
-----END CERTIFICATE-----
</ca>

<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12 (0xc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Oregon, L=Ashland, O=Home, OU=HomeNetwork, CN=Home CA/name=Perloff/emailAddress=fred@perloff.us
Validity
Not Before: Jan 6 23:58:15 2018 GMT
Not After : Jan 4 23:58:15 2028 GMT
Subject: C=US, ST=Oregon, L=Ashland, O=Home, OU=HomeNetwork, CN=pixel/name=Perloff/emailAddress=fred@perloff.us
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c6:37:05:a6:cc:a9:81:7b:2d:fd:86:a1:47:8c:
2d:10:c7:3f:fd:37:41:4a:32:e8:30:c4:45:7c:fa:
5f:df:bc:fe:5c:99:3d:09:3f:75:85:2e:9c:73:38:
84:64:02:47:43:d7:c1:cc:06:ea:91:70:30:b8:92:
e2:0d:cb:17:49:bd:20:9e:dc:f9:10:e0:0c:43:49:
7c:a4:aa:a3:9f:02:b0:b2:a5:8f:0a:99:91:40:e0:
53:97:e1:47:9c:7b:8e:2e:1e:06:cb:15:79:fd:a5:
f8:ff:33:0a:a7:ef:13:9e:70:61:60:e8:65:85:3d:
81:02:54:7f:ba:1c:ae:fb:14:0d:aa:22:91:b6:65:
d4:fa:c7:22:ea:3b:fc:19:97:c6:58:2f:b9:6e:8f:
87:48:10:91:a1:96:fa:25:65:aa:97:18:9a:e0:9e:
17:2c:d5:49:ed:a3:ec:47:f8:89:43:19:64:fb:8a:
95:d5:c4:5e:1b:98:c7:62:44:c1:5a:80:53:db:2a:
56:17:da:53:77:d7:50:bb:a4:17:b9:11:7a:6e:4a:
b4:7e:89:b9:a9:50:b0:60:9e:b5:e4:6a:4e:1d:ae:
be:30:04:d7:54:fc:aa:f6:6c:e4:c5:9b:dd:4e:4a:
90:0a:b8:2a:db:77:7b:af:62:73:ef:c7:1d:08:08:
1e:80:fb:19:0f:10:13:d9:00:86:b0:81:8f:58:9e:
0e:64:a7:f3:70:fb:dc:ef:f4:b8:ed:32:e5:a3:05:
61:65:8c:94:81:79:e3:7c:35:df:89:b1:c9:10:58:
30:43:d0:29:da:63:d9:04:55:4d:a0:22:4a:ee:4b:
1d:53:96:51:59:27:e9:65:e4:e3:21:e2:10:ae:38:
78:7a:fe:5e:d6:f5:f9:a2:10:0c:f5:1b:83:04:f7:
ee:da:e3:5a:ab:4f:09:de:5c:04:a4:1b:0e:ee:60:
73:53:2b:4a:a7:f1:fd:9a:de:cb:c2:f0:cc:56:63:
95:34:de:72:8d:68:3d:ec:1c:fb:5f:1c:ec:20:c2:
16:c1:cc:e0:85:57:0d:e8:64:55:98:6a:7d:97:50:
4b:44:3c:3a:2a:00:d6:e7:0d:e0:22:be:46:e0:80:
a2:71:33:47:bc:e1:05:2c:46:3e:d8:16:24:3c:71:
5d:65:3b:8c:2a:8e:59:27:75:36:ad:12:be:80:89:
bd:39:03:56:7a:9d:f9:0f:99:8b:af:98:fc:45:85:
2c:51:bf:13:41:6a:17:05:30:3a:d5:6a:c8:61:97:
cd:c4:0f:f5:67:ef:af:af:96:86:49:33:a5:65:0f:
d5:d8:bb:47:85:6e:e0:a0:62:ad:7e:a4:2e:95:38:
5f:eb:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
2A:80:CE:3A:51:81:E6:A7:A5:54:3E:1D:18:1D:DB:15:D9:C5:BF:73
X509v3 Authority Key Identifier:
keyid:16:3A:56:6B:54:AF:49:17:76:53:2C:C1:81:10:1B:56:D2:F5:1B:6E
DirName:/C=US/ST=Oregon/L=Ashland/O=Home/OU=HomeNetwork/CN=Home CA/name=Perloff/emailAddress=fred@perloff.us
serial:99:F1:08:9C:35:3C:A8:77

X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:pixel
Signature Algorithm: sha256WithRSAEncryption
61:a4:be:15:27:a5:58:3e:14:9c:8d:26:a4:6c:e7:ac:b8:e5:
c4:f8:3c:29:11:0b:91:64:65:29:af:3b:f4:8e:0d:a4:bb:94:
e1:fe:1d:9e:c0:05:63:ca:5d:c8:64:93:6d:dd:05:cf:4d:df:
37:7a:ef:f1:a4:58:cd:77:5d:00:10:8f:6b:5d:56:ee:3e:76:
16:6c:98:34:b4:aa:c6:e3:97:47:66:0b:f6:d4:15:59:f7:af:
41:e8:b6:e2:c4:a3:d1:8b:f8:d9:ba:10:74:8b:b2:6d:ac:1c:
f4:b2:67:18:d9:0c:76:c2:a6:37:ad:b5:36:e7:29:cd:61:43:
0d:0e:bd:6c:81:86:d1:66:c3:85:b1:33:50:9b:8e:07:f9:0f:
13:9a:25:d3:ba:0e:2a:d0:60:74:d4:78:9c:b4:aa:54:5d:19:
c9:5b:7f:23:6c:bd:1b:bf:a4:0a:77:23:05:d5:76:1a:47:b0:
b4:1e:a9:d3:c6:07:a8:43:e9:6e:3a:a9:8a:c5:b5:18:4f:56:
4d:36:0c:ca:6e:9c:4b:f3:1a:f5:84:ee:7f:ee:6e:b7:7f:35:
6b:14:0a:c2:eb:6d:a5:be:bb:56:57:7a:fa:42:75:45:cf:e6:
c3:1e:50:78:99:4f:d9:d6:fc:38:61:54:90:c5:69:2c:4f:b2:
d4:3c:64:58:2c:c5:d9:ba:98:ec:ea:5f:fa:a3:ca:cb:76:4e:
ca:c0:67:ea:2f:9a:46:3b:9b:fb:f7:e5:64:6c:ac:61:5a:39:
6d:94:bf:6c:b8:d4:c0:44:df:a7:2a:fe:69:b3:29:13:44:d5:
3d:9c:d7:65:7b:03:d4:fd:f9:ca:47:65:18:f5:6c:f0:03:7b:
c4:ae:69:24:4c:14:73:a1:52:c6:14:71:fd:d8:75:b4:d1:90:
4b:55:28:79:c0:22:75:b9:87:12:73:2a:bd:d1:85:cc:eb:08:
8c:26:e7:3d:ef:e0:52:9d:fb:46:38:4c:87:0b:2d:5f:a0:1f:
ba:8b:88:bd:8f:5d:3e:20:6a:49:e9:ec:83:29:b5:73:b4:51:
ea:cd:06:bf:37:ce:17:34:79:fe:6d:03:46:5d:64:f4:c7:d6:
e9:41:ce:98:36:9b:39:83:49:f3:83:88:ef:34:f4:bd:36:68:
2c:7f:d2:f0:26:fa:6b:c8:bc:14:6e:48:0f:9e:c4:ef:b7:0f:
ee:d0:95:31:7b:73:b8:9c:03:38:56:80:72:aa:e3:e3:4a:63:
4f:a9:86:06:e9:7d:66:32:94:3a:48:78:13:3f:0c:b6:ae:68:
f8:3f:cb:f4:9a:95:ea:02:ee:cd:5e:fe:17:51:7d:b1:99:01:
01:52:97:7b:1f:45:29:a8
-----BEGIN CERTIFICATE-----
MIIHETCCBPmgAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
DzANBgNVBAgTBk9yZWdvbjEQMA4GA1UEBxMHQXNobGFuZDENMAsGA1UEChMESG9t
ZTEUMBIGA1UECxMLSG9tZU5ldHdvcmsxEDAOBgNVBAMTB0hvbWUgQ0ExEDAOBgNV
BCkTB1BlcmxvZmYxHjAcBgkqhkiG9w0BCQEWD2ZyZWRAcGVybG9mZi51czAeFw0x
ODAxMDYyMzU4MTVaFw0yODAxMDQyMzU4MTVaMIGXMQswCQYDVQQGEwJVUzEPMA0G
A1UECBMGT3JlZ29uMRAwDgYDVQQHEwdBc2hsYW5kMQ0wCwYDVQQKEwRIb21lMRQw
EgYDVQQLEwtIb21lTmV0d29yazEOMAwGA1UEAxMFcGl4ZWwxEDAOBgNVBCkTB1Bl
cmxvZmYxHjAcBgkqhkiG9w0BCQEWD2ZyZWRAcGVybG9mZi51czCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMY3BabMqYF7Lf2GoUeMLRDHP/03QUoy6DDE
RXz6X9+8/lyZPQk/dYUunHM4hGQCR0PXwcwG6pFwMLiS4g3LF0m9IJ7c+RDgDENJ
fKSqo58CsLKljwqZkUDgU5fhR5x7ji4eBssVef2l+P8zCqfvE55wYWDoZYU9gQJU
f7ocrvsUDaoikbZl1PrHIuo7/BmXxlgvuW6Ph0gQkaGW+iVlqpcYmuCeFyzVSe2j
7Ef4iUMZZPuKldXEXhuYx2JEwVqAU9sqVhfaU3fXULukF7kRem5KtH6JualQsGCe
teRqTh2uvjAE11T8qvZs5MWb3U5KkAq4Ktt3e69ic+/HHQgIHoD7GQ8QE9kAhrCB
j1ieDmSn83D73O/0uO0y5aMFYWWMlIF543w134mxyRBYMEPQKdpj2QRVTaAiSu5L
HVOWUVkn6WXk4yHiEK44eHr+Xtb1+aIQDPUbgwT37trjWqtPCd5cBKQbDu5gc1Mr
Sqfx/Zrey8LwzFZjlTTeco1oPewc+18c7CDCFsHM4IVXDehkVZhqfZdQS0Q8OioA
1ucN4CK+RuCAonEzR7zhBSxGPtgWJDxxXWU7jCqOWSd1Nq0SvoCJvTkDVnqd+Q+Z
i6+Y/EWFLFG/E0FqFwUwOtVqyGGXzcQP9Wfvr6+WhkkzpWUP1di7R4Vu4KBirX6k
LpU4X+sFAgMBAAGjggFiMIIBXjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5F
YXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFCqAzjpRgean
pVQ+HRgd2xXZxb9zMIHOBgNVHSMEgcYwgcOAFBY6VmtUr0kXdlMswYEQG1bS9Rtu
oYGfpIGcMIGZMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMRAwDgYDVQQH
EwdBc2hsYW5kMQ0wCwYDVQQKEwRIb21lMRQwEgYDVQQLEwtIb21lTmV0d29yazEQ
MA4GA1UEAxMHSG9tZSBDQTEQMA4GA1UEKRMHUGVybG9mZjEeMBwGCSqGSIb3DQEJ
ARYPZnJlZEBwZXJsb2ZmLnVzggkAmfEInDU8qHcwEwYDVR0lBAwwCgYIKwYBBQUH
AwIwCwYDVR0PBAQDAgeAMBAGA1UdEQQJMAeCBXBpeGVsMA0GCSqGSIb3DQEBCwUA
A4ICAQBhpL4VJ6VYPhScjSakbOesuOXE+DwpEQuRZGUprzv0jg2ku5Th/h2ewAVj
yl3IZJNt3QXPTd83eu/xpFjNd10AEI9rXVbuPnYWbJg0tKrG45dHZgv21BVZ969B
6LbixKPRi/jZuhB0i7JtrBz0smcY2Qx2wqY3rbU25ynNYUMNDr1sgYbRZsOFsTNQ
m44H+Q8TmiXTug4q0GB01HictKpUXRnJW38jbL0bv6QKdyMF1XYaR7C0HqnTxgeo
Q+luOqmKxbUYT1ZNNgzKbpxL8xr1hO5/7m63fzVrFArC622lvrtWV3r6QnVFz+bD
HlB4mU/Z1vw4YVSQxWksT7LUPGRYLMXZupjs6l/6o8rLdk7KwGfqL5pGO5v79+Vk
bKxhWjltlL9suNTARN+nKv5psykTRNU9nNdlewPU/fnKR2UY9WzwA3vErmkkTBRz
oVLGFHH92HW00ZBLVSh5wCJ1uYcScyq90YXM6wiMJuc97+BSnftGOEyHCy1foB+6
i4i9j10+IGpJ6eyDKbVztFHqzQa/N84XNHn+bQNGXWT0x9bpQc6YNps5g0nzg4jv
NPS9Nmgsf9LwJvpryLwUbkgPnsTvtw/u0JUxe3O4nAM4VoByquPjSmNPqYYG6X1m
MpQ6SHgTPwy2rmj4P8v0mpXqAu7NXv4XUX2xmQEBUpd7H0UpqA==
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDGNwWmzKmBey39
hqFHjC0Qxz/9N0FKMugwxEV8+l/fvP5cmT0JP3WFLpxzOIRkAkdD18HMBuqRcDC4
kuINyxdJvSCe3PkQ4AxDSXykqqOfArCypY8KmZFA4FOX4Uece44uHgbLFXn9pfj/
Mwqn7xOecGFg6GWFPYECVH+6HK77FA2qIpG2ZdT6xyLqO/wZl8ZYL7luj4dIEJGh
lvolZaqXGJrgnhcs1Unto+xH+IlDGWT7ipXVxF4bmMdiRMFagFPbKlYX2lN311C7
pBe5EXpuSrR+ibmpULBgnrXkak4drr4wBNdU/Kr2bOTFm91OSpAKuCrbd3uvYnPv
xx0ICB6A+xkPEBPZAIawgY9Yng5kp/Nw+9zv9LjtMuWjBWFljJSBeeN8Nd+JsckQ
WDBD0CnaY9kEVU2gIkruSx1TllFZJ+ll5OMh4hCuOHh6/l7W9fmiEAz1G4ME9+7a
41qrTwneXASkGw7uYHNTK0qn8f2a3svC8MxWY5U03nKNaD3sHPtfHOwgwhbBzOCF
Vw3oZFWYan2XUEtEPDoqANbnDeAivkbggKJxM0e84QUsRj7YFiQ8cV1lO4wqjlkn
dTatEr6Aib05A1Z6nfkPmYuvmPxFhSxRvxNBahcFMDrVashhl83ED/Vn76+vloZJ
M6VlD9XYu0eFbuCgYq1+pC6VOF/rBQIDAQABAoICAFQk1Wxao3aJARwIA/0of5UI
0JxA0aGa/MB/AXStoPeM9nn+v09mtg/kmpu7GVCPOwuM0wM2yGsXMkeYawgp9+fg
trFZ4w2L3wjNcHFC0xTUgohECfYY/PWKhVILW2gNd20SaBXcNx47T/meBF8H+c8f
q+cEoNwwIM0Ja/No68tAVxCrfintDr2qvaKr9jgzGwsir1hE68vm5LuxKN2pTAK6
ejzyP6pTnP+Zv9tJoZNve1PhH/xQURbsA3Au+dnecjquvT+A+j/8kpQlc8Cnr86U
Pg0dkEhVLZrGpTai/ihRnwEpfPPiEv1req58nTT4KC+0wNTL4yCv7cGTSDq5n6Cn
Bu4F+qP86/+Z0zU+VIlbsIdkBbZjRvGIuqtB+51Zcln5e85uGbAbdhhSLuPeuWDG
tNRJWm/7P1KQHvZ7bupA6IHQ+5/lI5es17t+lf0CrIXjlykYYEz+Z6aLsMvldyAK
UzhEsg5TPoIst09MWNjxJO+h9zksg/jcZS4xYlrq19+7GTTg4p8UD3fUb2zsfery
m6sIXCPyVSpKUn3MpC+wckw5ZMJEMrARb6AG7KMTXmR+grJLkVmAPPWd5m/4z1KS
vat4fk/loBcB/ag2F6uaYnUThSBAO1kC8NMkXumY8FRaLsomXWIu+WVyg8vlRaCi
kwHo70VY+qLVxVOHKXsdAoIBAQD7yKW5LtZWKrvkwzE4fhC6TW45nFvhnl++XgLt
VUZLkrPuwhAoZ7nBunaa7uG40JgZR9mqtkeHd3OUMycpmwe7XNFmvRq3LscLtAdh
QEHH4+Skul873k8rVHs7EHNaUD5zMDjs7xYEB6j701D0jtQIa7wCf0A2jNNBraMf
Cydp8V7zc0FBi5KyJVzyoo06XpI340HZOmpd+ClbbnydpOWwtM3QOg0/sY8iZpdl
xc4NZqiJrPilOH9r2Xxo+WiwzhCo+pD+VC6p6fo1WO2V++X8UU84BtSGeKupPnIB
bzK+77bkYctsI52XHkaFwtmMXJEXqTelyN/GmPArgnsOPgG7AoIBAQDJiLwJKW82
aK+S6qgmorAlPv9I4ZE44f3WnitreJHvFlP2kkgQ0PvdfHYgTz/mu+DDCgMuJnKV
g5CCW+2qYNGkUp8GMP0C0rHBTm/bRbr7z6xSSydDsueqdXdW4SX7j867ktB90TK8
t7syf46I0+HTdZRX3ThyBDNE8q3OqeZWwd9gbNi/S2hQb6/Er1zIwCjkcoMkWa32
bfsX0HxVnsnXlZ5h9q3eeB1Fv716k5OsQAgA6MI3M/7ka3/Y4l1orBCj1XQTFuxb
jz96qaRIjIImm8yddkPkcPJFxmtxWnP/yC+BlVtM1Dvq0RlYAzm/LbwhbVP6kY1t
eVNrocsniZo/AoIBAQDNYb+lTgpyoUtBcONulI7qmYzHG79rTDgHXkJ+/Gdp8BIs
OUra2rmQyJxFB4VCr4zSWmS4txWj8BFsm0lfy+FDuZPqfWkUcejVqBW5A6Rk/IWe
xZQ3jsD/tFsNM/8UdY5rgbN9ug04XlM+kAJiazuUXuUvGEP1+2u8EHqWMRAGgGiW
p7ZcVBDmlkm6dlRDf69APXWST+9CFdMOjRLDuSXPvbyBFUmHYjxCsHLhBrhtAAeM
vnbYtzxhajfsnT4DsyOt4y5w95RU79I0wASVqrPQ3TaEmjW0Nyy30oNGnkFDtOB4
bTl1TZwYEA8wv1+b+ko0hckpx7CaHFkU9MuSM4xPAoIBADM//GFwEgIKGSwJVH2O
vbCbFpxYEHAguEaNrokD/kiIqw13IbB1FLe8YOXSgXORr5SpxSlFSbpP3L3p1sSP
HoDlKd+PMag4IFACPFvMncJPi4jZ58BFjLhCavjDBL+2UGJO8YotWvO23Xn4Ci0t
hK4bpn+5mBMWklskQ6LcfeDuKHoC9BOhf4OFA3PHDJdYlo2RuVvTGnQif8oMkLHN
UZLrT32mF40NipQkMHEtek5BckeY6VrUdCtuUvK6jfqCVzDypTP9jlmyUfhFj6uL
X8WltSEN5DIBrvqjfMs0r28KX1pauv8MsbgDOKizGUpOvRrbDJIZ1ZdTVS131YvW
aE0CggEBANJP562BjlVfwVAcZzfZQAiCh338dCCYwvAJJG2aY1iC3+FQ1MVKn08G
/3bIwrgz8LsbSkND6GyPF77ZZqATMzYlWEWlRQa/Go+SJI8ROkullRrG6Nzgbe6O
Adgy0U2EIkS8FypOYvXdweDZMuVG31pSjP4x6aPqY2TwIF8P9UxrEmtN3zqacH9g
P3YFjAxVRGrVgjWOr+r2KgvCxgGOwBOn95af9HzDU1xL/Hx8QQK//LBcTMDf/9aJ
iRwDJGDJk04qHE5m/smJEtS5TZ5448Lhpuo5G2bmZ3PCED6DhuNF3ph8Kb1d6MBf
sgDlbYoBlwT60EuMRgMyUcw0rbzzhqU=
-----END PRIVATE KEY-----
</key>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
c663e25ceba3cd84dfbed97fe702ce53
c24af80719a7a2a3f0ee885c5ca892d3
10e71159b6ff6d17effb2109eb27711b
f7b3b7e75c7f04e52eda232818da1a34
e94900006969ee78f45bda2ac710bef8
f1069f2dc00227473edc1f0913704c5f
2f46efd399cf04e703e6ccd9041ddbda
1aa445525b9e7a333fd54b9b6ed2c505
d502374a48a8b10d3c85835ff306e8d6
5a7c92cd1c925c8e10e090b583916800
c284fc8589c04db052543453b71e4702
2a70a02e4e9c977080e7744b77624d00
dc82284fa4d22e1ede47ebb418249b87
160348f7a6b0658c6ebb4e9080f69114
6aebe1fae504f35e68639788277b2c7f
c0b3a9a3e20f348eb2d157349cfe2e40
-----END OpenVPN Static key V1-----
</tls-auth>


Client log file (INLINE configuration):

Sun Jan 07 11:35:18 2018 us=428444 Current Parameter Settings:
Sun Jan 07 11:35:18 2018 us=428444 config = 'xxx-pixel.ovpn'
Sun Jan 07 11:35:18 2018 us=428444 mode = 0
Sun Jan 07 11:35:18 2018 us=428444 show_ciphers = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 show_digests = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 show_engines = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 genkey = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 key_pass_file = '[UNDEF]'
Sun Jan 07 11:35:18 2018 us=428444 show_tls_ciphers = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 connect_retry_max = 0
Sun Jan 07 11:35:18 2018 us=428444 Connection profiles [0]:
Sun Jan 07 11:35:18 2018 us=428444 proto = udp
Sun Jan 07 11:35:18 2018 us=428444 local = '[UNDEF]'
Sun Jan 07 11:35:18 2018 us=428444 local_port = '[UNDEF]'
Sun Jan 07 11:35:18 2018 us=428444 remote = 'www.xxx.yyy.zzz'
Sun Jan 07 11:35:18 2018 us=428444 remote_port = '1194'
Sun Jan 07 11:35:18 2018 us=428444 remote_float = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 bind_defined = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 bind_local = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 bind_ipv6_only = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 NOTE: --mute triggered...
Sun Jan 07 11:35:18 2018 us=428444 272 variation(s) on previous 20 message(s) suppressed by --mute
Sun Jan 07 11:35:18 2018 us=428444 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Sun Jan 07 11:35:18 2018 us=428444 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Jan 07 11:35:18 2018 us=428444 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Sun Jan 07 11:35:18 2018 us=429447 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jan 07 11:35:18 2018 us=429447 Need hold release from management interface, waiting...
Sun Jan 07 11:35:18 2018 us=430449 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jan 07 11:35:18 2018 us=533726 MANAGEMENT: CMD 'state on'
Sun Jan 07 11:35:18 2018 us=533726 MANAGEMENT: CMD 'log all on'
Sun Jan 07 11:35:18 2018 us=552777 MANAGEMENT: CMD 'echo all on'
Sun Jan 07 11:35:18 2018 us=553781 MANAGEMENT: CMD 'hold off'
Sun Jan 07 11:35:18 2018 us=555285 MANAGEMENT: CMD 'hold release'
Sun Jan 07 11:35:18 2018 us=617952 MANAGEMENT: Client disconnected
Sun Jan 07 11:35:18 2018 us=617952 Insufficient key material or header text not found in file '[[INLINE]]' (0/128/256 bytes found/min/max)
Sun Jan 07 11:35:18 2018 us=617952 Exiting due to fatal error

Client config where keys are in separate files (i.e. not INLINE)
CLIENT

ca keys/ca.crt
cert keys/pixel.crt
key keys/pixel.key
tls-auth keys/ta.key 1

remote www.xxx.yyy.zzz
comp-lzo
client
dev tun
redirect-gateway def1

remote-cert-tls server

cipher AES-128-CBC
auth SHA256
auth-nocache

proto udp
resolv-retry infinite
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Set log file verbosity.
verb 4
mute 20


Client log where keys are in separate files (i.e. not INLINE):

Sun Jan 07 12:08:48 2018 us=419084 Current Parameter Settings:
Sun Jan 07 12:08:48 2018 us=419084 config = 'xxx.ovpn'
Sun Jan 07 12:08:48 2018 us=419084 mode = 0
Sun Jan 07 12:08:48 2018 us=419084 show_ciphers = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 show_digests = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 show_engines = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 genkey = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 key_pass_file = '[UNDEF]'
Sun Jan 07 12:08:48 2018 us=419084 show_tls_ciphers = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 connect_retry_max = 0
Sun Jan 07 12:08:48 2018 us=419084 Connection profiles [0]:
Sun Jan 07 12:08:48 2018 us=419084 proto = udp
Sun Jan 07 12:08:48 2018 us=419084 local = '[UNDEF]'
Sun Jan 07 12:08:48 2018 us=419084 local_port = '[UNDEF]'
Sun Jan 07 12:08:48 2018 us=419084 remote = 'www.xxx.yyy.zzz''
Sun Jan 07 12:08:48 2018 us=419084 remote_port = '1194'
Sun Jan 07 12:08:48 2018 us=419084 remote_float = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 bind_defined = DISABLED
Sun Jan 07 12:08:48 2018 us=420087 bind_local = DISABLED
Sun Jan 07 12:08:48 2018 us=420087 bind_ipv6_only = DISABLED
Sun Jan 07 12:08:48 2018 us=420087 NOTE: --mute triggered...
Sun Jan 07 12:08:48 2018 us=420087 272 variation(s) on previous 20 message(s) suppressed by --mute
Sun Jan 07 12:08:48 2018 us=420087 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Sun Jan 07 12:08:48 2018 us=420087 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Jan 07 12:08:48 2018 us=420087 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Sun Jan 07 12:08:48 2018 us=420087 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Sun Jan 07 12:08:48 2018 us=420087 Need hold release from management interface, waiting...
Sun Jan 07 12:08:48 2018 us=421090 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Sun Jan 07 12:08:48 2018 us=524367 MANAGEMENT: CMD 'state on'
Sun Jan 07 12:08:48 2018 us=524367 MANAGEMENT: CMD 'log all on'
Sun Jan 07 12:08:48 2018 us=546928 MANAGEMENT: CMD 'echo all on'
Sun Jan 07 12:08:48 2018 us=548933 MANAGEMENT: CMD 'hold off'
Sun Jan 07 12:08:48 2018 us=549936 MANAGEMENT: CMD 'hold release'
Sun Jan 07 12:08:48 2018 us=615612 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:48 2018 us=615612 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:48 2018 us=615612 LZO compression initializing
Sun Jan 07 12:08:48 2018 us=615612 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sun Jan 07 12:08:48 2018 us=615612 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Sun Jan 07 12:08:48 2018 us=615612 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Sun Jan 07 12:08:48 2018 us=615612 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Sun Jan 07 12:08:48 2018 us=615612 TCP/UDP: Preserving recently used remote address: [AF_INET]www.xxx.yyy.zzz:1194
Sun Jan 07 12:08:48 2018 us=615612 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 07 12:08:48 2018 us=615612 UDP link local: (not bound)
Sun Jan 07 12:08:48 2018 us=615612 UDP link remote: [AF_INET]www.xxx.yyy.zzz:1194
Sun Jan 07 12:08:48 2018 us=615612 MANAGEMENT: >STATE:1515355728,WAIT,,,,,,
Sun Jan 07 12:08:48 2018 us=655719 MANAGEMENT: >STATE:1515355728,AUTH,,,,,,
Sun Jan 07 12:08:48 2018 us=655719 TLS: Initial packet from [AF_INET]www.xxx.yyy.zzz:1194, sid=b9ee9c5b 185d7d9f
Sun Jan 07 12:08:48 2018 us=742953 VERIFY OK: depth=1, C=US, ST=XX, ...
Sun Jan 07 12:08:48 2018 us=743456 VERIFY KU OK
Sun Jan 07 12:08:48 2018 us=743456 Validating certificate extended key usage
Sun Jan 07 12:08:48 2018 us=743456 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Jan 07 12:08:48 2018 us=743456 VERIFY EKU OK
Sun Jan 07 12:08:48 2018 us=743456 VERIFY OK: depth=0, C=US, ST=XX, ...
Sun Jan 07 12:08:48 2018 us=931460 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sun Jan 07 12:08:48 2018 us=932463 [server] Peer Connection Initiated with [AF_INET]www.xxx.yyy.zzz:1194
Sun Jan 07 12:08:50 2018 us=69558 MANAGEMENT: >STATE:1515355730,GET_CONFIG,,,,,,
Sun Jan 07 12:08:50 2018 us=69558 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jan 07 12:08:50 2018 us=106658 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.34 10.8.0.33'
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: route options modified
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan 07 12:08:50 2018 us=106658 Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:406 ET:0 EL:3 ]
Sun Jan 07 12:08:50 2018 us=106658 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 07 12:08:50 2018 us=106658 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:50 2018 us=106658 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 07 12:08:50 2018 us=106658 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:50 2018 us=106658 interactive service msg_channel=0
Sun Jan 07 12:08:50 2018 us=110669 ROUTE_GATEWAY 10.10.10.1/255.255.255.0 I=2 HWADDR=b0:6e:bf:84:7e:43
Sun Jan 07 12:08:50 2018 us=115681 open_tun
Sun Jan 07 12:08:50 2018 us=115681 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{499BAD2B-5964-4951-817A-724F82FD29B1}.tap
Sun Jan 07 12:08:50 2018 us=115681 TAP-Windows Driver Version 9.21
Sun Jan 07 12:08:50 2018 us=115681 TAP-Windows MTU=1500
Sun Jan 07 12:08:50 2018 us=116684 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.34/255.255.255.252 on interface {499BAD2B-5964-4951-817A-724F82FD29B1} [DHCP-serv: 10.8.0.33, lease-time: 31536000]
Sun Jan 07 12:08:50 2018 us=116684 DHCP option string: 06080808 08080808 0404
Sun Jan 07 12:08:50 2018 us=116684 Successful ARP Flush on interface [8] {499BAD2B-5964-4951-817A-724F82FD29B1}
Sun Jan 07 12:08:50 2018 us=118689 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Jan 07 12:08:50 2018 us=118689 MANAGEMENT: >STATE:1515355730,ASSIGN_IP,,10.8.0.34,,,,
Sun Jan 07 12:08:55 2018 us=807177 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Jan 07 12:08:55 2018 us=807177 C:\WINDOWS\system32\route.exe ADD www.xxx.yyy.zzz MASK 255.255.255.255 10.10.10.1
Sun Jan 07 12:08:55 2018 us=809181 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=809181 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=809181 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.33
Sun Jan 07 12:08:55 2018 us=810183 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=810183 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=810183 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.33
Sun Jan 07 12:08:55 2018 us=811186 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=811186 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=811186 MANAGEMENT: >STATE:1515355735,ADD_ROUTES,,,,,,
Sun Jan 07 12:08:55 2018 us=811186 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.33
Sun Jan 07 12:08:55 2018 us=812189 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=812189 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=812189 Initialization Sequence Completed
Sun Jan 07 12:08:55 2018 us=812189 MANAGEMENT: >STATE:1515355735,CONNECTED,SUCCESS,10.8.0.34,www.xxx.yyy.zzz,,

fperloff
OpenVpn Newbie
Posts: 5
Joined: Sun Jul 23, 2017 1:45 am

Re: INLINE client file: not connecting to server

Post by fperloff » Wed Jan 10, 2018 8:12 pm

So, what does '[[INLINE]]' refer to in the client log? Which key / header is insufficient? :?

Insufficient key material or header text not found in file '[[INLINE]]' (0/128/256 bytes found/min/max)

If I knew, I could fix the client config.

Thanks!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4196
Joined: Fri Jun 03, 2016 1:17 pm

Re: INLINE client file: not connecting to server

Post by TinCanTech » Wed Jan 10, 2018 9:40 pm

fperloff wrote:
Wed Jan 10, 2018 8:12 pm
what does '[[INLINE]]' refer to in the client log? Which key / header is insufficient? :?
That is a good question .. I have asked the devs for details.

However, the message says "in file '[[INLINE]]' (0/128/256 bytes found/min/max)" .. so it found 0 Zero data in the Inline section. I cannot say for sure but perhaps it is a copy/paste error ..

FYI: you also need --key-direction with inline --tls-auth
Last edited by TinCanTech on Wed Jan 10, 2018 9:45 pm, edited 1 time in total.

fperloff
OpenVpn Newbie
Posts: 5
Joined: Sun Jul 23, 2017 1:45 am

Re: INLINE client file: not connecting to server

Post by fperloff » Wed Jan 10, 2018 9:43 pm

SOLVED
I regenerated the tls key on the server and copied it into the client config file. I can now connect using the INLINE ovpn file.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4196
Joined: Fri Jun 03, 2016 1:17 pm

Re: INLINE client file: not connecting to server

Post by TinCanTech » Wed Jan 10, 2018 9:44 pm

Thanks for letting us know you solved it 8-)

Post Reply