Ubuntu
network-manager package

openvpn tls-crypt not working

Bug #1749562 reported by Tuxist on 2018-02-14

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	network-manager (Ubuntu)	Confirmed	Low	Unassigned

Bug Description

Hi,

if i try to connect to my openvpn 2.4 server i got this error on serverside:

Feb 14 18:42:22 fenrir openvpn[58665]: tls-crypt unwrap error: packet too short
Feb 14 18:42:22 fenrir openvpn[58665]: TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:91.33.41.15:51754 (via ::ffff:192.168.2.2%igb0)

my server conf:
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
multihome
engine cryptodev
tls-server
server 10.4.0.0 255.255.0.0
client-config-dir /var/etc/openvpn-csc/server1
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user ZmVucmly false server1 1194" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'domain.local' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.4096
tls-crypt /var/etc/openvpn/server1.tls-crypt
ncp-ciphers AES-256-CBC
persist-remote-ip
float
topology subnet

my client config:

dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote tuxist.ddns.net 1194 udp
verify-x509-name "domain.local" name
auth-user-pass
remote-cert-tls server

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: network-manager 1.8.4-1ubuntu4
ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13
Uname: Linux 4.13.0-32-generic x86_64
NonfreeKernelModules: nvidia_uvm nvidia
ApportVersion: 2.20.8-0ubuntu8
Architecture: amd64
CurrentDesktop: KDE
Date: Wed Feb 14 18:46:29 2018
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
InstallationDate: Installed on 2016-08-13 (550 days ago)
InstallationMedia: Kubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
IpRoute:
default via 10.3.0.1 dev wlp3s0 proto static metric 600
10.3.0.0/16 dev wlp3s0 proto kernel scope link src 10.3.141.174 metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000
NetworkManager.state:
[main]
NetworkingEnabled=true
WirelessEnabled=true
WWANEnabled=false
SourcePackage: network-manager
UpgradeStatus: Upgraded to bionic on 2018-02-12 (1 days ago)
nmcli-dev:
DEVICE TYPE STATE DBUS-PATH CONNECTION CON-UUID CON-PATH
wlp3s0 wifi connected /org/freedesktop/NetworkManager/Devices/3 gameofgods 404f7dfd-a05c-4271-9a7f-6e18bc31e0cf /org/freedesktop/NetworkManager/ActiveConnection/2
eno1 ethernet unavailable /org/freedesktop/NetworkManager/Devices/2 -- -- --
lo loopback unmanaged /org/freedesktop/NetworkManager/Devices/1 -- -- --
nmcli-nm:
RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW WIFI WWAN-HW WWAN
running 1.8.4 connected started full enabled enabled enabled enabled disabled

Tags: