Re: Problem importing OpenVPN profile in Linux Mint 18.3 x64 cinnamon

["David H. Durgee" <dhdurgee verizon net>]

Thomas Haller wrote:
> On Wed, 2018-02-21 at 12:03 -0500, David H. Durgee wrote:
> > Thomas Haller wrote:
> >
> > I will consider debug logging after you have a chance to inspect the
> > connection show and let me know if it looks sane or is missing a
> > crucial
> > element.
> Hi,
>
> the settings don't look wrong, but whether the settings  are correct
> depends very much on your server configuratoin. Enable debug logging
> and see why the connection failed.
>
> Since NM does not support the <extra-certs> argument, you should
> investigate whether that argument is required in your setup. For
> example, (as you said, plain openvpn works) by running openvpn with the
> ovpn without the <extra-certs> option.
>
>
> best,
> Thomas
Per your suggestion I tried using openvpn with the edited file and as 
expected it fails to connect.  So the <extra-certs> appears to be 
required to initialize the connection.  Now the question is how do I add 
them to the configuration?  I manually added the contents of that 
element to a file ~/.certs/nm-openvpn/Ashburn-edited-extra-certs.pem 
along with the other elements, but that appears to be insufficient.

I assume that I need to add the proper entry to 
/etc/NetworkManager/system-connections/Private Tunnel - Ashburn, but my 
question is what form does that entry take?  In the [vpn] section I see 
various entries referencing the certificates, specifically:

cert=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-cert.pem
key=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-key.pem
ca=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-ca.pem
ta=/home/dhdurgee/.cert/nm-openvpn/Ashburn-edited-tls-auth.pem

So I assume I need a similar line for this one, but should it be 
"extra-certs=" or "ec=" there?  I guess I could try both, but I would 
prefer to get it right the first time.  Or is it perhaps something else 
entirely?

Dave