Translate OpenVPN config file

Hi everyone,

I need some help with the translation of the following OpenVPN Client config:

proto tcp-client
http-proxy 8885
remote server.local 1194
resolv-retry infinite
dev tun
ca ca.crt
ping 10
verb 3
tls-cipher DEFAULT
cipher AES-256-CBC
auth SHA256
auth-user-pass pass.txt

I allready translated it to this VyOS settings:

openvpn vtun10 {
authentication {
password ppppppp
username uuuuuu
encryption {
cipher aes256
hash sha256
mode client
openvpn-option “http-proxy 8885”
openvpn-option “resolv-retry infinite”
openvpn-option “auth-user-pass /config/auth/pass.txt”
protocol tcp-active
remote-host server.local
remote-port 1194
tls {
ca-cert-file /config/auth/ca.crt

But if I try to commit I get the error “Missing tls cert-file” but the original configuration doesn’t have/need one.

Thanks in advance.

In your original configuration

Hi Viacheslav, the ca crt is included in my vyos config:

tls {
ca-cert-file /config/auth/ca.crt

You need move/add the file “ca.crt” to that directory.
Re-check directory and file on your original config/dir

I have moved the ca file to that directory and the ca crt file is not the problem. The error message demands the tls cert file not the ca cert file.


The client’s cert and key are must specify fields in VyOS and without these fields, the commit would fail.

vyos@vyos# commit
[ interfaces openvpn vtun0 ]
OpenVPN configuration error: Must specify "tls cert-file".

Possible completions:
       ca-cert-file File containing certificate for Certificate Authority (CA)
       cert-file    File containing certificate for this host
       crl-file     File containing certificate revocation list (CRL) for this host
       dh-file      File containing Diffie Hellman parameters (server only)
       key-file     File containing this host's private key
       role         Role in TLS negotiation