Ubuntu
network-manager-openvpn package

connection fails with non-"server" server cert (w/patch)

Bug #94788 reported by Martin Emrich on 2007-03-22

Affects		Status	Importance	Assigned to	Milestone
	NetworkManager-OpenVPN	New	Undecided	Unassigned
	network-manager-openvpn (Ubuntu)	Fix Released	Low	Philipp Kern

Bug Description

Binary package hint: network-manager-openvpn

When I try to connect to my OpenVPN server at home via Network-Manager (with a self-signed certificate), the connection fails. With openvpn from the command line it works. While tracking down the Bug, I found this:

http://mail.gnome.org/archives/networkmanager-list/2006-April/msg00132.html

Then I tried to generate a certificate with this obscure "server extension", but my OpenSSL (on Ubuntu Dapper) does not have this extension. So I added a checkbox to network-manager-openvpn to disable this "--ns-cert-type" option. (Patch coming right up...)

Related branches

lp:~pkern/+junk/network-manager-openvpn (Merged)

lp:ubuntu/lucid/network-manager-openvpn

Revision history for this message

Martin Emrich (emme) wrote on 2007-03-22:

Adds option to disable check for certificate type "server". Edit (13.7 KiB, text/plain)

Here is the patch against 0.3.2svn2342-0ubuntu3 via apt-get source. I tried hard to think of a shorter description for the new checkbox, but could not find one...

Revision history for this message

David Parker (dparker) wrote on 2007-05-22:

Remove command line addition of --ns-cert-type server Edit (1.2 KiB, text/plain)

Here's another option that I used before I found the above patch. My patch just removes the "--ns-cert-type server" parameters from the openvpn command line entirely.

Philipp Kern (pkern) on 2007-09-24

Changed in network-manager-openvpn:
assignee:	nobody → pkern
status:	New → In Progress

Philipp Kern (pkern) on 2007-09-24

Changed in network-manager-openvpn:
importance:	Undecided → Low

Revision history for this message

Philipp Kern (pkern) wrote on 2007-09-28: Fix in network-manager-openvpn (0.3.2svn2342-1ubuntu3)

A new version of network-manager-openvpn was uploaded to fix this bug.

To review the current version, please run

dget -x http://ppa.launchpad.net/pkern/ubuntu/pool/main/n/network-manager-openvpn/network-manager-openvpn_0.3.2svn2342-1ubuntu3.dsc

Changed in network-manager-openvpn:
status:	In Progress → Fix Committed

Revision history for this message

Philipp Kern (pkern) wrote on 2007-10-01:

network-manager-openvpn (0.3.2svn2342-1ubuntu3) gutsy; urgency=low

  [ Cleanup ]
  * Switched to quilt for patch management.
  * Properly activated the awk patch.

  [ Bug fixes ]
  * Increased the timeout by 5s to 15s before openvpn gets killed
    forcefully. (LP: #117992)
  * Corrected the path to `nm-vpn-properties' in the desktop file.
    (LP: #123772)
  * Pull DNS domain setting from remote OpenVPN server.
    (LP: #138181)
  * Introduced a new configuration option enabling users to turn off the
    check for a proper `nsCertType=server' extension bit set in the
    server's certificate. (LP: #94788)

[ Philipp Kern ]
* Fixes (LP: #145884)

-- Philipp Kern <email address hidden> Fri, 28 Sep 2007 02:05:51 +0200

Changed in network-manager-openvpn:
status:	Fix Committed → Fix Released

Revision history for this message

Martin Emrich (emme) wrote on 2007-10-02:

Hi!

Thanks for including the patch!
But I get this message in my syslog after trying it out:

Oct 2 11:05:24 localhost nm-openvpn[12712]: TUN/TAP device tun0 opened
Oct 2 11:05:24 localhost nm-openvpn[12712]: ifconfig tun0 192.168.3.134 pointopoint 192.168.3.133 mtu 1500
Oct 2 11:05:24 localhost kernel: [ 4952.024000] tun0: Disabled Privacy Extensions
Oct 2 11:05:24 localhost nm-openvpn[12712]: /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper tun0 1500 1544 192.168.3.134 192.168.3.133 init
Oct 2 11:05:25 localhost nm-openvpn[12712]: script failed: shell command did not exit normally
Oct 2 11:05:25 localhost nm-openvpn[12712]: Exiting

Any Ideas?

Ciao

Martin

Revision history for this message

Philipp Kern (pkern) wrote on 2007-10-02:

This is #147941 for which I am desperately waiting for backtraces, so if you have apport crash reports for this, which you could send, then please do so. (Or follow the informations in the mentioned report to get a crashdump which does not include a coredump.

Revision history for this message

Martin Emrich (emme) wrote on 2007-10-03:

Hi!

After 147941 has been fixed, this works now great, too. Thanks!

Ciao

Martin

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntunetwork-manager-openvpn package

connection fails with non-"server" server cert (w/patch)

Bug Description

Related branches

Other bug subscribers

Patches

Remote bug watches

Ubuntu
network-manager-openvpn package