Strong HMAC authentication (SHA256, SHA512) that is supported by OpenVPN cannot be selected

Bug #1217094 reported by Sander Bosma on 2013-08-26
24
This bug affects 5 people
Affects Status Importance Assigned to Milestone
NetworkManager-OpenVPN
Expired
Medium
network-manager-openvpn (Ubuntu)
Wishlist
Unassigned

Bug Description

OpenVPN currently supports more HMAC authentication options than can be chosen in network-manager-openvpn, like:
- SHA256;
- SHA384;
- SHA512.

I would like to use network-manager-openvpn with a stronger authentication option than MD-5 and SHA-1, but this is currently not possible, as these options cannot be selected in the OpenVPN Advanced Options window.

Ubuntu release: 10.04.4 LTS
Version of network-manager-openvpn package: 0.8-0ubuntu3
Version of network-manager-openvpn-gnome package: 0.8-0ubuntu3

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed

Even though the higher crypto hash options are now selectable, the connection does not appear to complete successfully. Let me see if I can find more evidence of why that it...

The problem is that NetworkManager builds a bad command line script. To fix this specific issue, it is really as simple as updating NM to pass the additional CLI option: --auth <hash>

For example, for sha512, just pass: --auth sha512 to the built parameter via /usr/sbin/openvpn ...

A bigger problem though is that Networkmanager should support .ovpn (openvpn conf files). Currently, NM does not allow users to import them, but this would fix MANY other issues where users complain that NM is not accepting their parameters. If NM wants to work properly with existing .ovpn files, all that needs to be done is to accept a config file from the user in the GUI and then build the CLI parameters to include the --config <ovpn-file>.

Eg: /usr/sbin/openvpn ... --config myconfig.ovpn ...

@ Kristian Erik Hernansen

You have subscribed me to this report, but that's unnecessary. I set priority to all confirmed bugs, usually in less than a day.

Changed in network-manager-openvpn (Ubuntu):
importance: Undecided → Wishlist

Well, except those not tagged.

Please:
- Report to <https://bugzilla.gnome.org/>
- Paste the new report URL here.
- Set this bug status back to confirmed.

Thank you.

Changed in network-manager-openvpn (Ubuntu):
status: Confirmed → Incomplete
tags: added: asked-to-upstream
tags: added: lucid precise trusty utopic vivid

OK, reason I did so is because this bug appears to have been neglected for
~18 months, since 2013-08-26. More and more people are reporting similar
issues online, although not necessary via the Ubuntu bug tracker. I will
try to push upstream...thanks

On Wed, Mar 18, 2015 at 6:40 PM Alberto Salvia Novella <
<email address hidden>> wrote:

> Please:
> - Report to <https://bugzilla.gnome.org/>
> - Paste the new report URL here.
> - Set this bug status back to confirmed.
>
> Thank you.
>
> ** Changed in: network-manager-openvpn (Ubuntu)
> Status: Confirmed => Incomplete
>
> ** Tags added: asked-to-upstream
>
> ** Tags added: lucid precise trusty utopic vivid
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1217094
>
> Title:
> Strong HMAC authentication (SHA256, SHA512) that is supported by
> OpenVPN cannot be selected
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/network-manager-openvpn/+bug/
> 1217094/+subscriptions
>

Changed in network-manager-openvpn (Ubuntu):
status: Incomplete → Confirmed
Changed in network-manager-openvpn:
status: New → Confirmed
importance: Undecided → Unknown
status: Confirmed → Unknown
Changed in network-manager-openvpn:
importance: Unknown → Medium
status: Unknown → Confirmed

Thank you.

Changed in network-manager-openvpn (Ubuntu):
status: Confirmed → Triaged
Changed in network-manager-openvpn:
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.