Re: [tunnelblick-discuss] No inline configuration accepted since r2170

[Jonathan K. Bullard]

Can you give more details about what "a lot of trouble" means? Can't connect? Can't make a .tblk? Can't convert an OpenVPN configuration that has inline options to a .tblk? Or what?

Please post a configuration file that causes problems and describe the problems? (Obfuscate the actual private keys, of course.)

On Mon, May 13, 2013 at 7:52 PM, <philippe....@googlemail.com> wrote:

Hi,

with commit r2170 there was a new function 'fileReferencesInConfigAreOk' added, that checks the existens of configuration file e.g ca, cert.

Since this commit, i have a lot of trouble with the use of keyword inline.

How can this be fixed? Is there an solution for use inline keyword?

Last known correct working version is '3.3beta21b 2013-01-08'.

Best regards

Phil

--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
Visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Philippe Landsberg]

Hi,

this is the error message, if i try to add a configuration from tblk.

Tunnelblick VPN Configuration Installation Error

The configuration file in <Config>.tblk has a 'ca' option with file '[inline]' which cannot be found.

I think the Problem is the new function fileReferencesInConfigAreOk, that was added to ConfigurationManager.m with commit r2170

This is my configuration that works for me till '3.3beta21b 2013-01-08'.

dev tun

persist-tun

persist-key

proto udp

cipher <cipher>

tls-client

client

resolv-retry infinite

remote <Host><Port>

tls-remote <tlsremote>

auth-user-pass

auth-retry interact

ca [inline]

cert [inline]

key [inline]

tls-auth [inline] 1

comp-lzo

<ca>

-----BEGIN CERTIFICATE-----

….

-----END CERTIFICATE-----

</ca>

<key>

-----BEGIN RSA PRIVATE KEY-----

…..

-----END RSA PRIVATE KEY-----

</key>

<tls-auth>

#

# 2048 bit OpenVPN static key

#

-----BEGIN OpenVPN Static key V1-----

….

-----END OpenVPN Static key V1-----

</tls-auth>

 key-direction 1

[Jonathan K. Bullard]

A private email from the original poster included a listing of a configuration that causes a failure when attempting to install a .tblk. The configuration file included the following lines:

ca [inline]

<ca>

-----BEGIN CERTIFICATE-----

….

-----END CERTIFICATE-----

</ca>

The syntax that is being used, "ca [inline]", does not appear on the OpenVPN man page. But it does appear on http://www.packtpub.com/article/new-features-of-openvpn-2-1-and-2-2, which is by one of the OpenVPN developers.

It seems to be optional. You can apparently (https://community.openvpn.net/openvpn/wiki/IOSinline) leave it out and have only <ca>...</ca>.

(The same would be true for any options with "[inline]".)

So the workaround is to just remove the lines containing [inline].

I will fix Tunnelblick to ignore such lines, but it won't appear until the next release. (It isn't only the fileReferencesInConfigAreOk method that is involved; that's one of several places that options that accept files are processed.)

Thank you very much for bringing this to my attention.

[jkbull...gmail.com]

I have committed changes to the source code to fix this problem as r2324. They will be in the next release.