Translate OpenVPN config file

Hi everyone,

I need some help with the translation of the following OpenVPN Client config:

proto tcp-client
http-proxy server.com 8885
remote server.local 1194
resolv-retry infinite
dev tun
nobind
persist-key
ca ca.crt
tls-client
ping 10
verb 3
tls-cipher DEFAULT
cipher AES-256-CBC
auth SHA256
pull
auth-user-pass pass.txt

I allready translated it to this VyOS settings:

openvpn vtun10 {
authentication {
password ppppppp
username uuuuuu
}
encryption {
cipher aes256
}
hash sha256
mode client
openvpn-option “http-proxy server.com 8885”
openvpn-option “resolv-retry infinite”
openvpn-option “auth-user-pass /config/auth/pass.txt”
persistent-tunnel
protocol tcp-active
remote-host server.local
remote-port 1194
tls {
ca-cert-file /config/auth/ca.crt
}
}

But if I try to commit I get the error “Missing tls cert-file” but the original configuration doesn’t have/need one.

Thanks in advance.

In your original configuration

Hi Viacheslav, the ca crt is included in my vyos config:

tls {
ca-cert-file /config/auth/ca.crt
}

You need move/add the file “ca.crt” to that directory.
Re-check directory and file on your original config/dir

I have moved the ca file to that directory and the ca crt file is not the problem. The error message demands the tls cert file not the ca cert file.

Hi,

The client’s cert and key are must specify fields in VyOS and without these fields, the commit would fail.

vyos@vyos# commit
[ interfaces openvpn vtun0 ]
OpenVPN configuration error: Must specify "tls cert-file".

Possible completions:
       ca-cert-file File containing certificate for Certificate Authority (CA)
       cert-file    File containing certificate for this host
       crl-file     File containing certificate revocation list (CRL) for this host
       dh-file      File containing Diffie Hellman parameters (server only)
       key-file     File containing this host's private key
       role         Role in TLS negotiation