Ubuntu
network-manager-openvpn package

network-manager-openvpn: --cipher option deprecated in OpenVPN 2.6, no option to set suggested --data-ciphers flag instead

Bug #1993634 reported by Franck
66
This bug affects 17 people
Affects Status Importance Assigned to Milestone
NetworkManager-OpenVPN
New
Unknown
network-manager-openvpn (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Latest network-manager-openvpn still uses the deprecated --cipher option, and offers no way to set the new --data-ciphers option.

nm-openvpn[257279]: OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
nm-openvpn[257279]: ERROR: Failed to apply push options
nm-openvpn[257279]: Failed to open tun/tap interface

Using the command line and passing --data-ciphers option works.

ProblemType: Bug
DistroRelease: Ubuntu 22.10
Package: network-manager-openvpn 1.10.0-1ubuntu2
ProcVersionSignature: Ubuntu 5.19.0-21.21-generic 5.19.7
Uname: Linux 5.19.0-21-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: KDE
Date: Thu Oct 20 09:50:10 2022
InstallationDate: Installed on 2022-02-05 (256 days ago)
InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220119)
SourcePackage: network-manager-openvpn
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Franck (alci) wrote :
Revision history for this message
Franck (alci) wrote :

This bug is found for Debian here :

https://groups.google.com/g/linux.debian.bugs.dist/c/IlCHDJxBets

and upstream here :

https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/97

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your bug report. It should have been fixed in https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/1.10.0-1ubuntu1 which is a cherrypick of https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/963b71a8

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

Detail from one of the other reports

'It has been fixed in 1.10.0-1ubuntu2. However, GUI settings does not process .ovpn correctly, so data-ciphers=AES-256-CBC has to be added to your connection in /etc/NetworkManager/system-connections.'

Revision history for this message
Sebastien Bacher (seb128) wrote :

which is reported upstream as https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/110

Bug Watch Updater (bug-watch-updater)
Changed in network-manager-openvpn:
status: Unknown → New
Revision history for this message
Drew N (n1xim-email) wrote :

Will this be fixed on Ubuntu 22.04 LTS as well? The ticket marked as a duplicate of this one for 22.04 doesn't actually include the updated software as a fix, so it is broken (again).

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.