This is how you can take an openvpn .ovpn config file and extract the certificates/key required to import the profile into NetworkManager.

create-ovpn.sh

#!/bin/sh
./build-key client
touch client.ovpn
echo client >> client.ovpn
# replace the following with your external address
echo remote mysite.mydomain.com >> client.ovpn
echo port 1194 >> client.ovpn
echo proto udp >> client.ovpn
echo dev tun >> client.ovpn
echo dev-type tun >> client.ovpn
echo ns-cert-type server >> client.ovpn
echo reneg-sec 86400 >> client.ovpn
echo auth-nocache >> client.ovpn
echo auth-retry interact >> client.ovpn
echo comp-lzo yes >> client.ovpn
echo verb 3 >> client.ovpn
echo "<cert>" >> client.ovpn
cat client.crt >> client.ovpn
echo "</cert>" >> client.ovpn
echo "<key>" >> client.ovpn
cat client.key >> client.ovpn
echo "</key>" >> client.ovpn
echo "<ca>" >> client.ovpn
cat ca.crt >> client.ovpn
echo "</ca>" >> client.ovpn
echo "<tls-auth>"  >> client.ovpn
cat ta.key >> client.ovpn
echo "</tls-auth>"  >> client.ovpn

openvpn.md

OpenVPN .ovpn manipulation.

This is how you can take an OpenVPN .ovpn config file and extract the certificates/keys required to import the profile into NetworkManager.

• Download the .ovpn file. Save it somewhere you can store it permanently (I use ~/.vpn).
• Copy from between <ca> tags into ca.crt, remove <ca> tags.
• Copy from between <cert> tags into client.crt, remove <cert> tags.
• Copy from between <key> tags into client.key, remove <key> tags.
• Copy from between <tls-auth> tags into ta.key, remove <tls-auth> tags.
• Remove the line "key-direction 1"
• Above "# -----BEGIN RSA SIGNATURE-----" insert the following lines.
  • ca ca.crt
  • cert client.crt
  • key client.key
  • tls-auth ta.key 1
• Import the .ovpn file into NetworkManager and save the profile.