OpenVPN setup does not offer what i need for my vpn server....

jagdtigger

@arubislander said in OpenVPN setup does not offer what i need for my vpn server....:

@jagdtigger Do you have an Ubuntu Desktop PC you could configure your VPN on and see if it works? Preferably one running the very same base version as the UT you have on your device. So 20.04 or 24.04.

Once you get that set-up in a satisfactory manner, you could then export the configuration to a .ovpn file, which you could then install with nmcli on UT.

Sorry for the long radio silence, i was practically zombie the whole week. ATM i do not have any machines that run ubuntu, but my router does have a ovpn export. Here is a redacted version:

dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:CHACHA20-POLY1305
data-ciphers-fallback AES-256-GCM
auth SHA512
tls-client
client
resolv-retry infinite
remote domain port udp4
setenv opt block-outside-dns
nobind
verify-x509-name "some-name" name
auth-user-pass
remote-cert-tls server
explicit-exit-notify
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN EC PRIVATE KEY-----
<snip>
-----END EC PRIVATE KEY-----
</key>
<tls-crypt>
#
# <snip> bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
<snip>
-----END OpenVPN Static key V1-----
</tls-crypt>

/EDIT
Nope, it wont connect. Errors in vpn server log:

TLS Error: tls-crypt unwrapping failed from [AF_INET]<phone_ip>
tls-crypt unwrap error: packet too short

(And yes im trying to connect over cellular not local wifi.)

arubislander

@jagdtigger What version of UT are you on? And what channel?

Vlad Nirky

@jagdtigger
I'm testing the VPN as well.
If I get better results, I'll let you know...

jagdtigger

@arubislander said in OpenVPN setup does not offer what i need for my vpn server....:

@jagdtigger What version of UT are you on? And what channel?

24.04-1.x/arm64/android9plus/stable, the phone is a Fairphone 4.

@Vlad-Nirky said in OpenVPN setup does not offer what i need for my vpn server....:

@jagdtigger
I'm testing the VPN as well.
If I get better results, I'll let you know...

Thanks. Im installing ubuntu 24.04.3 on a minipc i have lying around for messing around.

jagdtigger

Sorry for doubleposting, couldnt edit previous.

Ubuntu 24.04 finished installing. Set up vpn and works, but no export button (or im blind again(......

arubislander

@jagdtigger Indeed, there is no export function in NetworkManager. Also it seems that Ubuntu has transitioned to using netplan at some point.

In any case, you can find your VPN config either in /etc/NetworkManager/system-connections/ or else in /etc/netplan/.

Both locations are writeable by root on UT, so you could try copying over the correct file(s).

Vlad Nirky

@jagdtigger
So i'm here at the moment...

root@ubuntu-phablet:/home/phablet# systemctl status openvpn
● openvpn.service - OpenVPN service
     Loaded: loaded (/usr/lib/systemd/system/openvpn.service; enabled; preset: enabled)
     Active: active (exited) since Fri 2025-10-24 01:18:32 CEST; 7h ago
       Docs: man:openvpn(8)
   Main PID: 2661 (code=exited, status=0/SUCCESS)

oct. 24 01:18:32 ubuntu-phablet systemd[1]: Starting openvpn.service - OpenVPN service...
oct. 24 01:18:32 ubuntu-phablet systemd[1]: Finished openvpn.service - OpenVPN service.
root@ubuntu-phablet:/home/phablet# systemctl status NetworkManager
● NetworkManager.service - Network Manager
     Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: enabled)
     Active: active (running) since Fri 2025-10-24 01:18:32 CEST; 7h ago
       Docs: man:NetworkManager(8)
   Main PID: 1827 (NetworkManager)
     Memory: 18.3M ()
     CGroup: /system.slice/NetworkManager.service
             ├─1827 /usr/sbin/NetworkManager --no-daemon
             └─4263 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/NetworkManager/dnsmasq.pid --listen-address=127.0.1.1 --cache-size=0 --clear-on-reload --conf-f>

oct. 24 08:15:32 ubuntu-phablet nm-openvpn[17986]: TCP/UDP: Preserving recently used remote address: [AF_INET]81.240.167.171:1194
oct. 24 08:15:32 ubuntu-phablet nm-openvpn[17986]: UDPv4 link local: (not bound)
oct. 24 08:15:32 ubuntu-phablet nm-openvpn[17986]: UDPv4 link remote: [AF_INET]81.240.167.171:1194
oct. 24 08:15:32 ubuntu-phablet nm-openvpn[17986]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
oct. 24 08:16:32 ubuntu-phablet nm-openvpn[17986]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
oct. 24 08:16:32 ubuntu-phablet nm-openvpn[17986]: TLS Error: TLS handshake failed
oct. 24 08:16:32 ubuntu-phablet nm-openvpn[17986]: SIGUSR1[soft,tls-error] received, process restarting
oct. 24 08:16:33 ubuntu-phablet NetworkManager[1827]: <warn>  [1761286593.0199] vpn[0x55b74dbb70,4bab2c8f-7db8-4723-ac46-e0f3bd1de606,"sarbacane.test.be"]: connect timeout exceeded
oct. 24 08:16:33 ubuntu-phablet nm-openvpn-serv[17980]: Connect timer expired, disconnecting.
oct. 24 08:16:33 ubuntu-phablet nm-openvpn[17986]: SIGTERM[hard,init_instance] received, process exiting

Vlad Nirky

root@ubuntu-phablet:/etc/netplan# cat 90-NM-911859dd-e65a-42d2-9ac7-3c5641807798.yaml 
network:
  version: 2
  nm-devices:
    NM-911859dd-e65a-42d2-9ac7-3c5641807798:
      renderer: NetworkManager
      networkmanager:
        uuid: "911859dd-e65a-42d2-9ac7-3c5641807798"
        name: "sarbacane.ddns.net"
        passthrough:
          connection.type: "vpn"
          connection.autoconnect: "false"
          connection.permissions: "user:jll:;"
          vpn.auth: "SHA256"
          vpn.ca: "/home/phablet/.cert/nm-openvpn/jll-ca.pem"
          vpn.cert: "/home/phablet/.cert/nm-openvpn/jll-cert.pem"
          vpn.cert-pass-flags: "0"
          vpn.cipher: "AES-256-CBC"
          vpn.connection-type: "tls"
          vpn.dev: "tun"
          vpn.key: "/home/phablet/.cert/nm-openvpn/jll-key.pem"
          vpn.remote: "sarbacane.test.be:1194"
          vpn.remote-cert-tls: "server"
          vpn.tls-crypt: "/home/jll/.cert/nm-openvpn/jll-tls-crypt.pem"
          vpn.tls-version-min: "1.2"
          vpn.verify-x509-name: "name:rpi3_9b0ae2d9-f297-4706-ab24-8a9d63b3a51f"
          vpn.ta: "/home/phablet/.cert/nm-openvpn/jll-tls-crypt.pem"
          vpn.service-type: "org.freedesktop.NetworkManager.openvpn"
          ipv4.method: "auto"
          ipv6.addr-gen-mode: "default"
          ipv6.method: "auto"
          proxy._: ""

Vlad Nirky

Hmm, I see an error in my file, I left /home/jll for the TLS...
I'll change it to /home/phablet and test again.

Vlad Nirky

Well, the VPN seems to be connected, but only when my Wi-Fi is active...
As soon as I have access to Wi-Fi elsewhere, I will continue my tests.
Fingers crossed.