When importing config file, "key-direction" is ignored if it's after inline block.
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| network-manager-openvpn (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Affected software:
- lsb_release -rd: Ubuntu 16.04.4 LTS
- apt-cache policy network-manager: Installed: 1.2.6-0ubuntu0.
- apt-cache policy network-
Steps to reproduce:
1. Prepare an .ovpn config file of the form:
client
nobind
dev tun
remote-cert-tls server
remote 1.2.3.4 1194 udp
<key>
-----BEGIN PRIVATE KEY-----
[... some key here ...]
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
[... some key here ...]
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
[... some key here ...]
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[... some key here ...]
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
2. Use Ubuntu network manager to import the file, using "Edit Connections.." -> "Add" -> "Import a saved VPN configuration"
Result:
In resulting connection info window, in tab "VPN", after clicking on "Advanced..." -> "TLS Authentication", the field "Key Direction" is set to "None".
Expected result:
"Key Direction" is set to "1".
Notes:
- Moving the line "key-direction 1" above the inline <key>, <cert>, etc sections fixes the problem.
- Moving the line "remote 1.2.3.4 1194 udp" below the inline <key>, <cert>, etc sections still correctly sets the remote server address. So it seems that not all directives are affected by this problem.
- Using the file as written above in 'openvpn --config file.ovpn' works fine.
- This bug made me waste about 2 hours trying to figure out why I was getting "TLS handshake failed"...
Thank you very much for fixing.
