OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
Fix Released
|
High
|
Martin Pitt | ||
Feisty |
Fix Released
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
Martin Pitt | ||
Intrepid |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
After updating my System with the patch from USN-612-3, I deleted all my key files and regenerated them. But even after the recreation of the keys, openvpn always says:
May 14 10:42:18 localhost openvpn[13048]: ERROR: '/etc/openvpn/
# /usr/sbin/
indeed workes great! It returns Not blacklisted: .... and
# echo $?
says return value is 0.
I set verb to 10, and found out this in my syslog
May 14 10:42:18 localhost openvpn[13048]: SYSTEM return=256
Further investigation broght me the solutions... I found this _before_ the call of /usr/sbin/
May 14 10:42:17 localhost openvpn[13048]: GID set to nogroup
May 14 10:42:17 localhost openvpn[13048]: UID set to nobody
And my key has apparently no access rights for nobody...
-rw------- 1 root root 887 2008-05-14 09:10 secret.key
So after chmod-ing the key file it worked like a charm! Can the test be done before going to nobody user? Doesnt make sens this way in my opinion...
Changed in openvpn: | |
assignee: | nobody → pitti |
importance: | Undecided → Critical |
status: | New → In Progress |
Changed in openvpn: | |
assignee: | nobody → jdstrand |
assignee: | jdstrand → nobody |
Changed in openvpn (Ubuntu Intrepid): | |
status: | New → Fix Released |
For the record, the current version works correctly with TLS. I tested both static ifconfig and client/server mode.