Import *.ovpn ignores <tlscrypt-v2>

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
bmeirelles
OpenVpn Newbie
Posts: 3
Joined: Tue Jul 26, 2022 1:37 pm

Import *.ovpn ignores <tlscrypt-v2>

Post by bmeirelles » Tue Jul 26, 2022 1:40 pm

can you help me? Commenting out the "tlscrypt-v2" line on the server, the client works normally with this .ovpn profile file. My server is debian OpenVPN 2.6_git

Thanks a lot for the help

My log:

[Jul 25, 2022, 19:34:11] OpenVPN core 3.git::d3f8b18b win x86_64 64-bit built on Mar 17 2022 11:42:02
⏎[Jul 25, 2022, 19:34:11] Frame=512/2048/512 mssfix-ctrl=1250
⏎[Jul 25, 2022, 19:34:11] UNUSED OPTIONS
0 [tls-client]
2 [verify-client-cert] [require]
9 [resolv-retry] [infinite]
10 [nobind]
11 [persist-key]
12 [persist-tun]
13 [mute-replay-warnings]
18 [tlscrypt-v2] [-----BEGIN OpenVPN tls-crypt-v2 client key----- JV/lVob7sdGcPOIB...]
20 [auth-nocache]
22 [verb] [3]
23 [mute] [10]
⏎[Jul 25, 2022, 19:34:11] EVENT: RESOLVE ⏎[Jul 25, 2022, 19:34:11] Contacting xxx.xxx.xxx.xxx:1194 via UDP
⏎[Jul 25, 2022, 19:34:11] EVENT: WAIT ⏎[Jul 25, 2022, 19:34:11] WinCommandAgent: transmitting bypass route to xxx.xxx.xxx.xxx
{
"host" : "xxx.xxx.xxx.xxx",
"ipv6" : false
}

⏎[Jul 25, 2022, 19:34:11] Connecting to [lalalalala.com]:1194 (xxx.xxx.xxx.xxx) via UDPv4
⏎[Jul 25, 2022, 19:34:11] EVENT: CONNECTING ⏎[Jul 25, 2022, 19:34:12] Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client
⏎[Jul 25, 2022, 19:34:12] Creds: UsernameEmpty/PasswordEmpty
⏎[Jul 25, 2022, 19:34:12] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
IV_AUTO_SESS=1
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext

⏎[Jul 25, 2022, 19:34:12] SSL Handshake: peer certificate: CN=Server, 384 bit EC, curve:secp384r1, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Import *.ovpn ignores <tlscrypt-v2>

Post by openvpn_inc » Tue Jul 26, 2022 1:51 pm

Hello,

The OpenVPN Connect client v3.3 supports tls-crypt-v2 fully. We use it on our OpenVPN Access Server product as well. However you seem to have spelled it as tlscrypt-v2 which I am sure is not correct.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

bmeirelles
OpenVpn Newbie
Posts: 3
Joined: Tue Jul 26, 2022 1:37 pm

Re: Import *.ovpn ignores <tlscrypt-v2>

Post by bmeirelles » Tue Jul 26, 2022 3:30 pm

hi john, thanks for the help.
I wrote following the instruction in the documentation, at the end of this page

https://openvpn.net/vpn-server-resource ... ss-server/

In the .ovpn file it is the same as it is on the page

<tlscrypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 client key-----
XXXXXXXXXXXXXXXXXX
-----END OpenVPN tls-crypt-v2 client key-----
</tlscrypt-v2>

Key works in version 2.6 externally referenced

Server:
tls-crypt-v2 /etc/openvpn/keys/ta-server.key
Client:
tls-crypt-v2 /etc/openvpn/keys/ta-client.key

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Import *.ovpn ignores <tlscrypt-v2>

Post by Pippin » Tue Jul 26, 2022 3:40 pm

openvpn_inc wrote:
Tue Jul 26, 2022 1:51 pm
...
... you seem to have spelled it as tlscrypt-v2 which I am sure is not correct.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

bmeirelles
OpenVpn Newbie
Posts: 3
Joined: Tue Jul 26, 2022 1:37 pm

Re: Import *.ovpn ignores <tlscrypt-v2>

Post by bmeirelles » Tue Jul 26, 2022 4:04 pm

I changed it to tls-crypt-v2 and it worked. Thanks a lot for the help.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Import *.ovpn ignores <tlscrypt-v2>

Post by TinCanTech » Tue Jul 26, 2022 6:00 pm

I can confirm that the correct spelling of the tag is <tls-crypt-v2>

However, for convenience an alias could include <tlscrypt-v2> and others. eg <tlscryptv2>

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Import *.ovpn ignores <tlscrypt-v2>

Post by openvpn_inc » Tue Jul 26, 2022 6:36 pm

Hi there,

Thanks, we're going to be correcting that example on our site. That wasn't meant to be a guide on how to build a connection profile, but it's still wrong so we'll fix it.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply