Ubuntu
network-manager-openvpn package

VPN relies on nonexistent user/group "openvpn"

Bug #546442 reported by Erik Stambaugh
34
This bug affects 7 people
Affects Status Importance Assigned to Milestone
network-manager-openvpn (Debian)
Fix Released
Unknown
network-manager-openvpn (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: network-manager-openvpn-gnome

I imported a known working (in the old non-network-manager style) client config file into Network Manager's VPN settings, which could not connect. I then exported the config to another file and tried starting it on the command line. In my logs, I got the error:

Mar 24 14:37:46 localhost ovpn-client[8657]: failed to find GID for group openvpn

Upon examining the config files, the lines
user nobody
group nogroup

were changed to
user openvpn
group openvpn

but the package never created the user or group "openvpn"

There is no obvious place to work around the problem (other than by not using network manager) as I can't find a setting to change the user/group name.

ProblemType: Bug
Architecture: amd64
Date: Wed Mar 24 14:46:24 2010
DistroRelease: Ubuntu 10.04
NonfreeKernelModules: wl nvidia
Package: network-manager-openvpn-gnome 0.8-0ubuntu1
ProcEnviron:
 LC_COLLATE=C
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-17.26-generic 2.6.32.10+drm33.1
SourcePackage: network-manager-openvpn
Uname: Linux 2.6.32-17-generic x86_64

Revision history for this message
Erik Stambaugh (squinky) wrote :
Revision history for this message
abautu (abautu-gmail) wrote :

I can confirm this for Lucid, with Network manager and OpenVPN.

Revision history for this message
abautu (abautu-gmail) wrote :

I created the group, assigned the files to it and it worked without problems (details here: http://abautu.blogspot.com/2010/07/working-out-openvpn-with-network.html)

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
Simon Déziel (sdeziel)
Changed in network-manager-openvpn (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Simon Déziel (sdeziel) wrote :

A fix for this was included in Debian and is included in the development branch of Ubuntu (Saucy, 13.10). The chosen fix is to use the nobody/nogroup user/group by default.

For the affected users, a workaround is to create the "openvpn" user/group with this command:

  sudo adduser --system --no-create-home --home /nonexistent --disabled-login --group openvpn

Bug Watch Updater (bug-watch-updater)
Changed in network-manager-openvpn (Debian):
status: Unknown → Fix Released
Revision history for this message
Adojaan (adojaan) wrote :

a side notice which may help someone researching problem. While openvpn suggests to use user:nobody and group:nogroup it does not work with ASUS router. Although VPN server may have abovementioned definitions, you should change to group:nobody in your ovpn file.

Revision history for this message
Mathew Hodson (mhodson) wrote :

This was fixed in Saucy and later.

---
network-manager-openvpn (0.9.8.0-2ubuntu1) saucy; urgency=low

  * Sync with Debian. Remaining changes:
    - Recommends: network-manager-openvpn-gnome or
      plasma-widget-networkmanagement.
    - Drop Vcs-* fields.
    - debian/patches/gtk_table_to_gtk_grid.patch: port GtkTable uses in vpn
      password dialog to a GtkGrid.
    - debian/patches/auth_dialog_libexecdir.patch: specify libexecdir as
      /usr/lib/NetworkManager for the auth dialog to be able to spawn it
      properly in GNOME Shell
  * Dropped changes:
    - debian/patches/deprecated_g_type_init.patch: Applied in new version

network-manager-openvpn (0.9.8.0-2) unstable; urgency=low

  * Mark binary packages as linux-any.
  * Upload to unstable.
  * Bump Standards-Version to 3.9.4. No further changes.

network-manager-openvpn (0.9.8.0-1) experimental; urgency=low

  * New upstream release.
  * Use --list-missing to show uninstalled files.
  * Drop obsolete Breaks/Replaces.
  * 01-export-user-nobody.patch: When exporting an OpenVPN connection, use
    user nobody / group nogroup. Debian doesn't have a dedicated openvpn
    system account for this purpose. (Closes: #592527)

Changed in network-manager-openvpn (Ubuntu):
importance: Undecided → Medium
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.