NetworkManager-openvpn mishandles the comp-lzo option, thereby breaking the ovpn config and causing AUTH_FAILED
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NetworkManager-OpenVPN |
Fix Released
|
High
|
|||
network-manager-openvpn (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Attempting to establish an OpenVPN session via network-
Feb 1 12:44:54 computer nm-openvpn[21582]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 1 12:44:54 computer nm-openvpn[21582]: UDPv4 link local: [undef]
Feb 1 12:44:54 computer nm-openvpn[21582]: UDPv4 link remote: [AF_INET]
Feb 1 12:44:54 computer nm-openvpn[21582]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Feb 1 12:44:54 computer nm-openvpn[21582]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Feb 1 12:44:54 computer nm-openvpn[21582]: [OpenVPN Server] Peer Connection Initiated with [AF_INET]
Feb 1 12:44:56 computer nm-openvpn[21582]: AUTH: Received control message: AUTH_FAILED
Feb 1 12:44:56 computer nm-openvpn[21582]: SIGUSR1[
Feb 1 12:44:56 computer NetworkManager[
I am able to establish the session by manually running openvpn from the command line, using the same username, password, and the ovpn file from which NetworkManager imported the setttings.
I'm running Xubuntu 16.10 (yakkety).
I did not have this problem in Ubuntu 16.04 (xenial).
Changed in network-manager-openvpn: | |
importance: | Unknown → High |
status: | Unknown → Confirmed |
Changed in network-manager-openvpn: | |
status: | Confirmed → Fix Released |
Changed in network-manager-openvpn (Ubuntu): | |
status: | New → Fix Committed |
importance: | Undecided → High |
Changed in network-manager-openvpn (Ubuntu): | |
status: | Fix Committed → Fix Released |
NetworkManager 1.2.4 openvpn 1.2.6 and 1.2.8 (same problem in both)
NetworkManager-
$ nmcli --version
nmcli tool, version 1.2.4
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.10
Release: 16.10
Codename: yakkety
$ openvpn --version crypto_ ofb_cfb= yes enable_debug=yes enable_def_auth=yes enable_ dependency_ tracking= no enable_ dlopen= unknown enable_ dlopen_ self=unknown enable_ dlopen_ self_static= unknown enable_ fast_install= yes enable_fragment=yes enable_ http_proxy= yes enable_iproute2=yes enable_ libtool_ lock=yes enable_lzo=yes enable_lzo_stub=no enable_ maintainer_ mode=no enable_ management= yes enable_multi=yes enable_ multihome= yes enable_ pam_dlopen= no enable_ password_ save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_ plugin_ auth_pam= yes enable_ plugin_ down_root= yes enable_plugins=yes enable_ port_share= yes enable_selinux=no enable_server=yes enable_shared=yes enable_ shared_ with_static_ runtimes= no enable_ silent_ rules=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_ strict_ options= no enable_systemd=yes enable_ win32_dll= yes enable_ x509_alt_ username= yes with_aix_soname=aix with_crypto_ library= openssl with_gnu_ld=yes with_mem_check=no with_plugindir= '${prefix} /lib/openvpn' with_sysroot=no
OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2016
library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <email address hidden>
Compile time defines: enable_crypto=yes enable_
$ tail -f /var/log/syslog 1329]: <info> [1486108141.0702] audit: op="connection- activate" uuid="XXXXXXXX- XXXX-XXXX- XXXX-XXXXXXXXXX XX" name="example" pid=3136 uid=1000 result="success" 1329]: <info> [1486108141.0741] vpn-connection[ 0x557d295f73c0, XXXXXXXX- XXXX-XXXX- XXXX-XXXXXXXXXX XX,"example" ,0]: Started the VPN service, PID 5074 1329]: <info> [1486108141.0828] vpn-connection[ 0x557d295f73c0, XXXXXXXX- XXXX-XXXX- XXXX-XXXXXXXXXX XX,"example" ,0]: Saw the service appear; activating connection 1329]: nm-openvpn[5074] <info> openvpn[5081] started 1329]: <info> [1486108141.1490] vpn-connection[ 0x557d295f73c0, XXXXXXXX- XXXX-XXXX- XXXX-XXXXXXXXXX XX,"example" ,0]: VPN plugin: state changed: starting (3) 1329]: <info> [1486108141.1491] vpn-connection[ 0x557d295f73c0, XXXXXXXX- XXXX-XXXX- XXXX-XXXXXXXXXX XX,"example" ,0]: VPN connection: (ConnectInterac tive) reply received
Feb 2 23:49:01 computer NetworkManager[
Feb 2 23:49:01 computer NetworkManager[
Feb 2 23:49:01 computer NetworkManager[
Feb 2 23:49:01 computer nm-openvpn[5081]: OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2016
Feb 2 23:49:01 computer nm-openvpn[5081]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Feb 2 23:49:01 computer NetworkManager[
Feb 2 23:49:01 computer NetworkManager[
Feb 2 23:49:01 computer NetworkManager[
Feb 2 23:49:01 computer nm-openvpn[5081]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 2 23:49:01 computer nm-openvpn[5081]: Control Channel Authentication: using '/...