Here are some basic pointers for importing .ovpn files:
- When you import a .ovpn file, make sure that all files referenced by the .ovpn file such as ca, cert, and key files are in the same directory on the device as the .ovpn file.
- Profiles must be UTF-8 (or ASCII) and under 256 KB in size.
- Consider using the unified format for OpenVPN profiles which allows all certs and keys to be embedded into the .ovpn file. This eases management of the OpenVPN configuration because it integrates all elements of the configuration into a single file.For example, a traditional OpenVPN profile might specify certs and keys as follows:
ca ca.crt cert client.crt key client.key tls-auth ta.key 1
You can convert this usage to unified form by pasting the content of the certificate and key files directly into the OpenVPN profile as follows using an XML-like syntax:
<ca> -----BEGIN CERTIFICATE----- MIIBszCCARygAwIBAgIE... . . . /NygscQs1bxBSZ0X3KRk... Lq9iNBNgWg== -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- . . . </cert> <key> -----BEGIN RSA PRIVATE KEY----- . . . </key> key-direction 1 <tls-auth> -----BEGIN OpenVPN Static key V1----- . . . </tls-auth>
Another approach to eliminate certificates and keys from the OpenVPN profile is to use the Android Keychain as described below.
NOTE: when converting tls-auth to unified format, check if there is a second parameter after the filename (usually a 0 or 1). This parameter is known as the key-direction parameter and must be specified as a standalone directive when tls-auth is converted to unified format. For example if the parameter is 1, add this line to the profile:
If there is no second parameter to tls-auth, you must add this line to the profile: