ProtonVPN OpenVPN config imported wrongly
This is the OpenVPN config file for their German servers as provided by ProtonVPN:
client
dev tun
proto tcp
remote de.protonvpn.com 443
remote de.protonvpn.com 3389
remote de.protonvpn.com 465
remote de.protonvpn.com 21
remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
comp-lzo no
verb 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
reneg-sec 0
remote-cert-tls server
auth-user-pass
pull
fast-io
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
# 2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
[...]
-----END OpenVPN Static key V1-----
</tls-auth>
This is imported by Plasma NM 5.14.4, NetworkManager OpenVPN 1.8.8 and NetworkManager 1.12.6 on Fedora 29 as:
[vpn]
auth=SHA512
ca=[...]/.local/share/networkmanagement/certificates/de.protonvpn.com.tcp/ca.crt
cipher=AES-256-CBC
comp-lzo=yes
connection-type=password
mssfix=yes
password-flags=1
port=21
proto-tcp=yes
remote=de.protonvpn.com
reneg-seconds=0
ta=[...]/.local/share/networkmanagement/certificates/de.protonvpn.com.tcp/tls_auth.key
ta-dir=1
tunnel-mtu=1500
service-type=org.freedesktop.NetworkManager.openvpn
This seems to be wrong in several ways. Notice e.g. how comp-lzo no
was imported as comp-lzo=yes
or how mssfix 1450
was imported as mssfix=yes
, while other settings like remote-random
or remote-cert-tls
were not imported at all (and Plasma NM shows corresponding settings as disabled).
Since I assume that the import functionality is not specific to Plasma NM, I report this issue here.