How to convert OVPN file to VyOS OpenVPN Client Config

fegauthier · August 18, 2020, 3:02pm

Hi Guys!

I have a .ovpn file that is working well on every computer that I have the OpenVPN Client. I’m not able to get it working on VyOS. Does anyone can help me to convert the ovpn file to VyOS configuration commands?

I’m using the latest rolling relases of VyOS.

This is my ovpn file

client
dev tun
proto udp
remote {{ hostname }} {{ port }}
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
auth SHA256
key-direction 1
verb 3
<ca>
CA CERT
</ca>
<cert>
CERT
</cert>
<key>
KEY
</key>
<tls-auth>
TLS AUTH
</tls-auth>

Thanks!

a.srividya · August 18, 2020, 4:16pm

Following are the commands needed to configure the vyos in client mode:

set interfaces openvpn vtunN encryption cipher ‘aes256’
set interfaces openvpn vtunN hash ‘sha256’
set interfaces openvpn vtunN mode ‘client’
set interfaces openvpn vtunN remote-host ‘x.x.x.x’
set interfaces openvpn vtunN remote-port ‘x’
set interfaces openvpn vtunN persistent-tunnel
set interfaces openvpn vtunN protocol ‘udp’
set interfaces openvpn vtun0 tls auth-file ‘/config/auth/ovpn/ta.key’
set interfaces openvpn vtunN tls ca-cert-file ‘/config/auth/ovpn/ca.crt’
set interfaces openvpn vtunN tls cert-file ‘/config/auth/ovpn/client.crt’
set interfaces openvpn vtunN tls key-file ‘/config/auth/ovpn/client.key’
set interfaces openvpn vtunN use-lzo-compression

where vtunN is OpenVPN interface name

Create the directory ‘ovpn’ and copy the cert and key files to that path.

$ sudo mkdir /config/auth/ovpn/

You can also refer to the following document:

https://docs.vyos.io/en/latest/configuration/interfaces/openvpn.html#client

fegauthier · August 19, 2020, 5:54pm

I have an error

OpenVPN: RESOLVE: Cannot resolve host address: HOSTNAME:14386 (No address associated with hostname)

but If I ping the hostname, it returns me the good IP. Is there something that I forgot in the configuration?

phasma · August 19, 2020, 7:57pm

I had the same issue and it seems there is a bug in the way vyos adds openvpn connections. If you add a hostname it adds it as a IPv6 openvpn host.

I verified this by looking at my DNS logs and there was entries for hostname.domain.com AAAA records.

I fixed it by adding the following

set interfaces openvpn vtunx openvpn-option ‘–proto udp4’
I expect tcp4 to have the same fix should you be connecting to a TCP host.

There should be a configuration option to set ipv4 or ipv6.

Hope this helps.

fegauthier · August 19, 2020, 10:44pm

Thanks! It’s working now!

erangaj · October 7, 2020, 6:56am

Anybody using NordVPN with VyOS?

NordVPN’s .ovpn files don’t have and tags. I see only and i9n their ovpn files. But I think VyOS requires those 2 items. Can I still use NordVPN with VyOS?

fegauthier · October 7, 2020, 12:36pm

Can you post the content of the NordVPN OVPN file?

erangaj · October 7, 2020, 1:34pm

Here is the opvn file:

client
dev tun
proto udp
remote 155.94.183.4 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

remote-cert-tls server

auth-user-pass
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512

<ca>
bla bla bla
</ca>
key-direction 1
<tls-auth>
bla bla bla
</tls-auth>

(All OVPN files: https://downloads.cn-accelerator.site/configs/archives/servers/ovpn.zip)

Viacheslav · February 10, 2022, 3:58pm

There is an example of the configuration T3591