Connect to VPN with only username and password, no certificate, is this possible?

Yanick Rochon

6/8/24, 3:30 AM

I need to upload files to a remote server at a client site through SSH, so I ask the client's IT firm to setup a VPN for me to connect. He comes back to me with the host, the username, and a password, but no CA certificate.

I have been trying to connect to that VPN, but all of Ubuntu's Network Manager's VPN providers require a certificate.

I sent a message to the IT firm, asking them to provide me with the missing certificate, but they answer that their OpenVPN client (Windows) connects just fine. They won't provide me with anything more.

Why does Ubuntu's OpenVPN require a certificate if Windows' client does not? What are my options beside physically going to the client (not possible)? Using Windows is also not an option.

Edit

This is what I see from the Network Manager (built-in) VPN creation dialog:

Note that the "Add" button is disabled, presumably because there are no certificate provided.

228

0 + 7

vpn

openvpn

Marco

6/8/24, 4:23 AM

"OpenVPN" is not installed by default, but some other VPNs are. Make sure you have installed and use "OpenVPN". Have you change the "Authentication Type" from "Certificate" to "Password" ?

Yanick Rochon

6/8/24, 4:39 AM

@Marco question updated, thank you.

Marco

6/8/24, 5:48 AM

Okay, now I see, WHICH certificate you mean. On windows, did you get a config file for OpentVPN Client to import ?

Marco

6/8/24, 5:58 AM

If not a self create CA is used by the company, the standard CA certificate should do it `/etc/ssl/certs/ca-certificates.crt`.

Marco

6/8/24, 6:03 AM

But there are many other config options you need to know to get a connection. Usually all these are in the provided openvpn config file, which can be imported in Ubuntu Network manager.

Yanick Rochon

6/8/24, 10:49 AM

Using the standard CA cert finally enables the "Apply" button, however I cannot connect to the VPN still. Meanwhile, the firm blames the client for not paying for a certificate. I had to deal with this firm in the past, and this is typical for them to provide as little information as they can on the jobs they do; the client pays premium for very little from them.

Marco

6/8/24, 12:07 PM

Ask for the openvpn client config file. It is the same for all OS (Windows,Linux,Mac). As it is a simple text file you can check which CA they use. Usually the CA is delivered together with the config. It's no problem to use an own CA, but you need the CA File at the client.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Connect to VPN with only username and password, no certificate, is this possible?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.