openvpn tls-crypt not working
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
Hi,
if i try to connect to my openvpn 2.4 server i got this error on serverside:
Feb 14 18:42:22 fenrir openvpn[58665]: tls-crypt unwrap error: packet too short
Feb 14 18:42:22 fenrir openvpn[58665]: TLS Error: tls-crypt unwrapping failed from [AF_INET6]
my server conf:
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/
down /usr/local/
client-connect /usr/local/
client-disconnect /usr/local/
multihome
engine cryptodev
tls-server
server 10.4.0.0 255.255.0.0
client-config-dir /var/etc/
username-
auth-user-
tls-verify "/usr/local/
lport 1194
management /var/etc/
ca /var/etc/
cert /var/etc/
key /var/etc/
dh /etc/dh-
tls-crypt /var/etc/
ncp-ciphers AES-256-CBC
persist-remote-ip
float
topology subnet
my client config:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote tuxist.ddns.net 1194 udp
verify-x509-name "domain.local" name
auth-user-pass
remote-cert-tls server
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: network-manager 1.8.4-1ubuntu4
ProcVersionSign
Uname: Linux 4.13.0-32-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.8-0ubuntu8
Architecture: amd64
CurrentDesktop: KDE
Date: Wed Feb 14 18:46:29 2018
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
InstallationDate: Installed on 2016-08-13 (550 days ago)
InstallationMedia: Kubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
IpRoute:
default via 10.3.0.1 dev wlp3s0 proto static metric 600
10.3.0.0/16 dev wlp3s0 proto kernel scope link src 10.3.141.174 metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000
NetworkManager.
[main]
NetworkingEnab
WirelessEnable
WWANEnabled=false
SourcePackage: network-manager
UpgradeStatus: Upgraded to bionic on 2018-02-12 (1 days ago)
nmcli-dev:
DEVICE TYPE STATE DBUS-PATH CONNECTION CON-UUID CON-PATH
wlp3s0 wifi connected /org/freedeskto
eno1 ethernet unavailable /org/freedeskto
lo loopback unmanaged /org/freedeskto
nmcli-nm:
RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW WIFI WWAN-HW WWAN
running 1.8.4 connected started full enabled enabled enabled enabled disabled
seems upstream already fixed /git.gnome. org/browse/ network- manager- openvpn/ commit/ ?id=d90cf9105e3 3fd4f646adf4f1e f8b9f95afc737b
https:/