network-manager openvpn settings not being saved

Bug #1797236 reported by Mathieu Trudel-Lapierre on 2018-10-10
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
High
Unassigned
network-manager-openvpn (Ubuntu)
High
Unassigned

Bug Description

I'm seeing some weird issue with the new NM + openvpn; if I create a new VPN connection, and add certificate options (verify name exactly, plus TLS auth), these options are not saved, leading to the connection failing.

The following versions lead to an invalid connection:
ii network-manager 1.12.4-1ubuntu1 amd64 network management framework (daemon and userspace tools)
ii network-manager-openvpn 1.8.6-1 amd64 network management framework (OpenVPN plugin core)

Reverting to the following versions, things work again:
ii network-manager 1.12.2-0ubuntu4 amd64 network management framework (daemon and userspace tools)
ii network-manager-openvpn 1.8.4-1 amd64 network management framework (OpenVPN plugin core)

If I use an existing connection saved with a prior version of NM, the connection will be successful. If I go open the settings, hit Apply, all advanced TLS settings are wiped.

The connection then fails:

Oct 10 16:58:52 demeter nm-openvpn[6538]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 10 16:58:52 demeter nm-openvpn[6538]: TCP/UDP: Preserving recently used remote address: [AF_INET]91.189.91.19:443
Oct 10 16:58:52 demeter nm-openvpn[6538]: Attempting to establish TCP connection with [AF_INET]91.189.91.19:443 [nonblock]
Oct 10 16:58:53 demeter nm-openvpn[6538]: TCP connection established with [AF_INET]91.189.91.19:443
Oct 10 16:58:53 demeter nm-openvpn[6538]: TCP_CLIENT link local: (not bound)
Oct 10 16:58:53 demeter nm-openvpn[6538]: TCP_CLIENT link remote: [AF_INET]xx.xx.xx.xx:443
Oct 10 16:58:53 demeter nm-openvpn[6538]: Connection reset, restarting [0]
Oct 10 16:58:53 demeter nm-openvpn[6538]: SIGUSR1[soft,connection-reset] received, process restarting
Oct 10 16:58:58 demeter nm-openvpn[6538]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 10 16:58:58 demeter nm-openvpn[6538]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 10 16:58:58 demeter nm-openvpn[6538]: TCP/UDP: Preserving recently used remote address: [AF_INET6]2001:67c:1562:0:1::1:443
Oct 10 16:58:58 demeter nm-openvpn[6538]: Attempting to establish TCP connection with [AF_INET6]2001:67c:1562:0:1::1:443 [nonblock]
Oct 10 16:58:59 demeter nm-openvpn[6538]: TCP: connect to [AF_INET6]xxxx:xxx:xx:xx::xx:443 failed: Network is unreachable
Oct 10 16:58:59 demeter nm-openvpn[6538]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Oct 10 16:59:04 demeter nm-openvpn[6538]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

I'm unsure whether this is NM or n-m-openvpn. Looks more like NM, since downgrading n-m-openvpn alone didn't seem to change anything.

Sebastien Bacher (seb128) wrote :

Hey Laney, Mathieu said you add an upstream bug/patch that works for you so assigning according

Changed in network-manager-openvpn (Ubuntu):
assignee: nobody → Iain Lane (laney)
importance: Undecided → High
Changed in network-manager (Ubuntu):
importance: Undecided → High
Iain Lane (laney) wrote :

I don't agree that I should be assigned to this bug. I simply tried a patch, but it didn't work for the person that initially reported the bug.

cyphermox, would you please try to debug further to see what your problem is? I'll help upload once we have a proper fix, if you like.

Changed in network-manager-openvpn (Ubuntu):
assignee: Iain Lane (laney) → nobody
Iain Lane (laney) wrote :

Actually, I can reproduce the fix in a live session so I'll just upload what we have.

Here's a screencast showing what I did - let me know if I'm not reproducing the same bug.

Iain Lane (laney) wrote :

It's been accepted, should make its way to cosmic soon.

Changed in network-manager (Ubuntu):
status: New → Invalid
Changed in network-manager-openvpn (Ubuntu):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager-openvpn - 1.8.6-1ubuntu1

---------------
network-manager-openvpn (1.8.6-1ubuntu1) cosmic; urgency=medium

  * debian/patches/editor-fix-memory-corruption-when-creating-advanced-.patch:
    Cherry-pick from upstream. Fix a missing unref when constructing the
    "advanced" dialog of the VPN connection editor. (LP: #1797236)

 -- Iain Lane <email address hidden> Thu, 11 Oct 2018 16:40:07 +0100

Changed in network-manager-openvpn (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers