Ubuntu
network-manager-openvpn package

NetworkManager breaks OpenVPN configuration on connection

Bug #1754172 reported by Michał Sawicz
34
This bug affects 6 people
Affects Status Importance Assigned to Milestone
network-manager-openvpn (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

A previously working OpenVPN configuration stopped connecting, with nm-openvpn complaining about wrong options:

mar 07 22:35:45 michal-laptop NetworkManager[3172]: <info> [1520458545.8258] audit: op="connection-activate" uuid="e3553582-0f39-404f-bd71-4dc6b92992de" name="Router.Michal" pid=6735 uid=1000 result="success"
mar 07 22:35:45 michal-laptop NetworkManager[3172]: <info> [1520458545.8337] vpn-connection[0x55e59e3be750,e3553582-0f39-404f-bd71-4dc6b92992de,"Router.Michal",0]: Started the VPN service, PID 26187
mar 07 22:35:45 michal-laptop NetworkManager[3172]: <info> [1520458545.8421] vpn-connection[0x55e59e3be750,e3553582-0f39-404f-bd71-4dc6b92992de,"Router.Michal",0]: Saw the service appear; activating connection
mar 07 22:35:45 michal-laptop NetworkManager[3172]: <info> [1520458545.8611] vpn-connection[0x55e59e3be750,e3553582-0f39-404f-bd71-4dc6b92992de,"Router.Michal",0]: VPN plugin: state changed: starting (3)
mar 07 22:35:45 michal-laptop NetworkManager[3172]: <info> [1520458545.8615] vpn-connection[0x55e59e3be750,e3553582-0f39-404f-bd71-4dc6b92992de,"Router.Michal",0]: VPN connection: (ConnectInteractive) reply received
mar 07 22:35:45 michal-laptop nm-openvpn[26190]: Options error: If you use one of --cert or --key, you must use them both
mar 07 22:35:45 michal-laptop nm-openvpn[26190]: Use --help for more information.
mar 07 22:35:45 michal-laptop NetworkManager[3172]: <warn> [1520458545.8648] vpn-connection[0x55e59e3be750,e3553582-0f39-404f-bd71-4dc6b92992de,"Router.Michal",0]: VPN plugin: failed: connect-failed (1)
mar 07 22:35:45 michal-laptop NetworkManager[3172]: <warn> [1520458545.8651] vpn-connection[0x55e59e3be750,e3553582-0f39-404f-bd71-4dc6b92992de,"Router.Michal",0]: VPN plugin: failed: connect-failed (1)
mar 07 22:35:45 michal-laptop NetworkManager[3172]: <info> [1520458545.8658] vpn-connection[0x55e59e3be750,e3553582-0f39-404f-bd71-4dc6b92992de,"Router.Michal",0]: VPN plugin: state changed: stopping (5)
mar 07 22:35:45 michal-laptop NetworkManager[3172]: <info> [1520458545.8660] vpn-connection[0x55e59e3be750,e3553582-0f39-404f-bd71-4dc6b92992de,"Router.Michal",0]: VPN plugin: state changed: stopped (6)
mar 07 22:35:45 michal-laptop NetworkManager[3172]: <info> [1520458545.8680] vpn-connection[0x55e59e3be750,e3553582-0f39-404f-bd71-4dc6b92992de,"Router.Michal",0]: VPN service disappeared

The config, however, includes correct ca/cert/key stanzas:

ca=<redacted>ca.crt
cert=<redacted>michal.crt
key=<redacted>michal.key

The attached screenshot shows a related breakage in the GUI, after making the correct certificate/key file selections, and saving the config, the config file gets broken indeed:

ca=<redacted>ca.crt
cert=<redacted>ca.crt
# no key entry at all

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: network-manager-openvpn 1.8.0-2
ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3
Uname: Linux 4.15.0-10-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.8-0ubuntu10
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Wed Mar 7 22:32:57 2018
SourcePackage: network-manager-openvpn
UpgradeStatus: Upgraded to bionic on 2018-02-07 (28 days ago)

Revision history for this message
Michał Sawicz (saviq) wrote :
Revision history for this message
Michał Sawicz (saviq) wrote :
Revision history for this message
Michał Sawicz (saviq) wrote :

Downgrading to the previous version fixes this issue:

 LANG=C apt policy network-manager-openvpn*
network-manager-openvpn:
  Installed: 1.2.10-0ubuntu2
  Candidate: 1.8.0-2
  Version table:
     1.8.0-2 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
 *** 1.2.10-0ubuntu2 100
        100 /var/lib/dpkg/status
network-manager-openvpn-gnome:
  Installed: 1.2.10-0ubuntu2
  Candidate: 1.8.0-2
  Version table:
     1.8.0-2 500
        500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
 *** 1.2.10-0ubuntu2 100
        100 /var/lib/dpkg/status

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
Revision history for this message
Jeremy Bícha (jbicha) wrote :

Please check if 1.8.0-3 fixes this issue for you.

Revision history for this message
kailoran (kailoran) wrote :

I was having the same problem ("If you use one of --cert or --key, you must use them both" in syslog). Upgrading to 1.8.0-3 fixed the issue for me.

As a minor caveat, simply pointing to the private key file in the UI was not enough and I was getting:
nm-openvpn[5972]: OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
nm-openvpn[5972]: Cannot load private key file /home/tsniatowski/.cert/nm-openvpn/vpn-key.pem

Possibly something else needed tweaking, I fixed this by re-importing the .openvpn file I got and then the connection worked.

Revision history for this message
Jeremy Bícha (jbicha) wrote :

Thanks for the follow up. I'm marking this as fixed now.

Please feel free to report any other bug you find.

Changed in network-manager-openvpn (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.