I have a working OpenVPN server with Windows and Android clients.
I want to develop an inline client config file for some Android and IOS clients. I took a working client config and pasted into it the ca.crt, client.cert, client.key and tls-auth.key. I received the error "Insufficient key material or header text not found in file '[[INLINE]]' (0/128/256 bytes found/min/max)"
I then copied out the ca.crt, client.crt, client.key and tls-auth.key to separate files and modified the client config file to refer to the files, rather than including them inline. I was able to connect the client to the server. So I'm quite confident that my key files are intact and correct.
Is there something wrong with my syntax in the inline .ovpn file?
Thanks!
SERVER
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh4096.pem
tls-auth /etc/openvpn/keys/ta.key 0 # This file should be kept secret
key-direction 0
cipher AES-128-CBC
auth SHA256
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4444
user nobody
group nogroup
INLINE client config
CLIENT
# inline keys & certs for iOS
#
remote www.xxx.yyy.zzz 1194
comp-lzo
client
dev tun
redirect-gateway def1
remote-cert-tls server
key-direction 1
cipher AES-128-CBC
auth SHA256
proto udp
resolv-retry infinite
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Set log file verbosity.
verb 4
mute 20
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
Client log file (INLINE configuration):
Code: Select all
Sun Jan 07 11:35:18 2018 us=428444 Current Parameter Settings:
Sun Jan 07 11:35:18 2018 us=428444 config = 'xxx-pixel.ovpn'
Sun Jan 07 11:35:18 2018 us=428444 mode = 0
Sun Jan 07 11:35:18 2018 us=428444 show_ciphers = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 show_digests = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 show_engines = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 genkey = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 key_pass_file = '[UNDEF]'
Sun Jan 07 11:35:18 2018 us=428444 show_tls_ciphers = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 connect_retry_max = 0
Sun Jan 07 11:35:18 2018 us=428444 Connection profiles [0]:
Sun Jan 07 11:35:18 2018 us=428444 proto = udp
Sun Jan 07 11:35:18 2018 us=428444 local = '[UNDEF]'
Sun Jan 07 11:35:18 2018 us=428444 local_port = '[UNDEF]'
Sun Jan 07 11:35:18 2018 us=428444 remote = 'www.xxx.yyy.zzz'
Sun Jan 07 11:35:18 2018 us=428444 remote_port = '1194'
Sun Jan 07 11:35:18 2018 us=428444 remote_float = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 bind_defined = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 bind_local = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 bind_ipv6_only = DISABLED
Sun Jan 07 11:35:18 2018 us=428444 NOTE: --mute triggered...
Sun Jan 07 11:35:18 2018 us=428444 272 variation(s) on previous 20 message(s) suppressed by --mute
Sun Jan 07 11:35:18 2018 us=428444 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Sun Jan 07 11:35:18 2018 us=428444 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Jan 07 11:35:18 2018 us=428444 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Sun Jan 07 11:35:18 2018 us=429447 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jan 07 11:35:18 2018 us=429447 Need hold release from management interface, waiting...
Sun Jan 07 11:35:18 2018 us=430449 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jan 07 11:35:18 2018 us=533726 MANAGEMENT: CMD 'state on'
Sun Jan 07 11:35:18 2018 us=533726 MANAGEMENT: CMD 'log all on'
Sun Jan 07 11:35:18 2018 us=552777 MANAGEMENT: CMD 'echo all on'
Sun Jan 07 11:35:18 2018 us=553781 MANAGEMENT: CMD 'hold off'
Sun Jan 07 11:35:18 2018 us=555285 MANAGEMENT: CMD 'hold release'
Sun Jan 07 11:35:18 2018 us=617952 MANAGEMENT: Client disconnected
Sun Jan 07 11:35:18 2018 us=617952 Insufficient key material or header text not found in file '[[INLINE]]' (0/128/256 bytes found/min/max)
Sun Jan 07 11:35:18 2018 us=617952 Exiting due to fatal error
CLIENT
ca keys/ca.crt
cert keys/pixel.crt
key keys/pixel.key
tls-auth keys/ta.key 1
remote www.xxx.yyy.zzz
comp-lzo
client
dev tun
redirect-gateway def1
remote-cert-tls server
cipher AES-128-CBC
auth SHA256
auth-nocache
proto udp
resolv-retry infinite
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Set log file verbosity.
verb 4
mute 20
Client log where keys are in separate files (i.e. not INLINE):
Code: Select all
Sun Jan 07 12:08:48 2018 us=419084 Current Parameter Settings:
Sun Jan 07 12:08:48 2018 us=419084 config = 'xxx.ovpn'
Sun Jan 07 12:08:48 2018 us=419084 mode = 0
Sun Jan 07 12:08:48 2018 us=419084 show_ciphers = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 show_digests = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 show_engines = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 genkey = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 key_pass_file = '[UNDEF]'
Sun Jan 07 12:08:48 2018 us=419084 show_tls_ciphers = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 connect_retry_max = 0
Sun Jan 07 12:08:48 2018 us=419084 Connection profiles [0]:
Sun Jan 07 12:08:48 2018 us=419084 proto = udp
Sun Jan 07 12:08:48 2018 us=419084 local = '[UNDEF]'
Sun Jan 07 12:08:48 2018 us=419084 local_port = '[UNDEF]'
Sun Jan 07 12:08:48 2018 us=419084 remote = 'www.xxx.yyy.zzz''
Sun Jan 07 12:08:48 2018 us=419084 remote_port = '1194'
Sun Jan 07 12:08:48 2018 us=419084 remote_float = DISABLED
Sun Jan 07 12:08:48 2018 us=419084 bind_defined = DISABLED
Sun Jan 07 12:08:48 2018 us=420087 bind_local = DISABLED
Sun Jan 07 12:08:48 2018 us=420087 bind_ipv6_only = DISABLED
Sun Jan 07 12:08:48 2018 us=420087 NOTE: --mute triggered...
Sun Jan 07 12:08:48 2018 us=420087 272 variation(s) on previous 20 message(s) suppressed by --mute
Sun Jan 07 12:08:48 2018 us=420087 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Sun Jan 07 12:08:48 2018 us=420087 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Jan 07 12:08:48 2018 us=420087 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Sun Jan 07 12:08:48 2018 us=420087 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Sun Jan 07 12:08:48 2018 us=420087 Need hold release from management interface, waiting...
Sun Jan 07 12:08:48 2018 us=421090 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Sun Jan 07 12:08:48 2018 us=524367 MANAGEMENT: CMD 'state on'
Sun Jan 07 12:08:48 2018 us=524367 MANAGEMENT: CMD 'log all on'
Sun Jan 07 12:08:48 2018 us=546928 MANAGEMENT: CMD 'echo all on'
Sun Jan 07 12:08:48 2018 us=548933 MANAGEMENT: CMD 'hold off'
Sun Jan 07 12:08:48 2018 us=549936 MANAGEMENT: CMD 'hold release'
Sun Jan 07 12:08:48 2018 us=615612 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:48 2018 us=615612 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:48 2018 us=615612 LZO compression initializing
Sun Jan 07 12:08:48 2018 us=615612 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sun Jan 07 12:08:48 2018 us=615612 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Sun Jan 07 12:08:48 2018 us=615612 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Sun Jan 07 12:08:48 2018 us=615612 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Sun Jan 07 12:08:48 2018 us=615612 TCP/UDP: Preserving recently used remote address: [AF_INET]www.xxx.yyy.zzz:1194
Sun Jan 07 12:08:48 2018 us=615612 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 07 12:08:48 2018 us=615612 UDP link local: (not bound)
Sun Jan 07 12:08:48 2018 us=615612 UDP link remote: [AF_INET]www.xxx.yyy.zzz:1194
Sun Jan 07 12:08:48 2018 us=615612 MANAGEMENT: >STATE:1515355728,WAIT,,,,,,
Sun Jan 07 12:08:48 2018 us=655719 MANAGEMENT: >STATE:1515355728,AUTH,,,,,,
Sun Jan 07 12:08:48 2018 us=655719 TLS: Initial packet from [AF_INET]www.xxx.yyy.zzz:1194, sid=b9ee9c5b 185d7d9f
Sun Jan 07 12:08:48 2018 us=742953 VERIFY OK: depth=1, C=US, ST=XX, ...
Sun Jan 07 12:08:48 2018 us=743456 VERIFY KU OK
Sun Jan 07 12:08:48 2018 us=743456 Validating certificate extended key usage
Sun Jan 07 12:08:48 2018 us=743456 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Jan 07 12:08:48 2018 us=743456 VERIFY EKU OK
Sun Jan 07 12:08:48 2018 us=743456 VERIFY OK: depth=0, C=US, ST=XX, ...
Sun Jan 07 12:08:48 2018 us=931460 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sun Jan 07 12:08:48 2018 us=932463 [server] Peer Connection Initiated with [AF_INET]www.xxx.yyy.zzz:1194
Sun Jan 07 12:08:50 2018 us=69558 MANAGEMENT: >STATE:1515355730,GET_CONFIG,,,,,,
Sun Jan 07 12:08:50 2018 us=69558 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jan 07 12:08:50 2018 us=106658 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.34 10.8.0.33'
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: route options modified
Sun Jan 07 12:08:50 2018 us=106658 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan 07 12:08:50 2018 us=106658 Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:406 ET:0 EL:3 ]
Sun Jan 07 12:08:50 2018 us=106658 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 07 12:08:50 2018 us=106658 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:50 2018 us=106658 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 07 12:08:50 2018 us=106658 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 07 12:08:50 2018 us=106658 interactive service msg_channel=0
Sun Jan 07 12:08:50 2018 us=110669 ROUTE_GATEWAY 10.10.10.1/255.255.255.0 I=2 HWADDR=b0:6e:bf:84:7e:43
Sun Jan 07 12:08:50 2018 us=115681 open_tun
Sun Jan 07 12:08:50 2018 us=115681 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{499BAD2B-5964-4951-817A-724F82FD29B1}.tap
Sun Jan 07 12:08:50 2018 us=115681 TAP-Windows Driver Version 9.21
Sun Jan 07 12:08:50 2018 us=115681 TAP-Windows MTU=1500
Sun Jan 07 12:08:50 2018 us=116684 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.34/255.255.255.252 on interface {499BAD2B-5964-4951-817A-724F82FD29B1} [DHCP-serv: 10.8.0.33, lease-time: 31536000]
Sun Jan 07 12:08:50 2018 us=116684 DHCP option string: 06080808 08080808 0404
Sun Jan 07 12:08:50 2018 us=116684 Successful ARP Flush on interface [8] {499BAD2B-5964-4951-817A-724F82FD29B1}
Sun Jan 07 12:08:50 2018 us=118689 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Jan 07 12:08:50 2018 us=118689 MANAGEMENT: >STATE:1515355730,ASSIGN_IP,,10.8.0.34,,,,
Sun Jan 07 12:08:55 2018 us=807177 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Jan 07 12:08:55 2018 us=807177 C:\WINDOWS\system32\route.exe ADD www.xxx.yyy.zzz MASK 255.255.255.255 10.10.10.1
Sun Jan 07 12:08:55 2018 us=809181 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=809181 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=809181 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.33
Sun Jan 07 12:08:55 2018 us=810183 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=810183 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=810183 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.33
Sun Jan 07 12:08:55 2018 us=811186 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=811186 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=811186 MANAGEMENT: >STATE:1515355735,ADD_ROUTES,,,,,,
Sun Jan 07 12:08:55 2018 us=811186 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.33
Sun Jan 07 12:08:55 2018 us=812189 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sun Jan 07 12:08:55 2018 us=812189 Route addition via IPAPI succeeded [adaptive]
Sun Jan 07 12:08:55 2018 us=812189 Initialization Sequence Completed
Sun Jan 07 12:08:55 2018 us=812189 MANAGEMENT: >STATE:1515355735,CONNECTED,SUCCESS,10.8.0.34,www.xxx.yyy.zzz,,