Ubuntu
openssl-blacklist package

  1. Bug #230193
  2. Comment #8

Comment 8 for bug 230193

Revision history for this message
Roi a Torkilsheyggi (roi) wrote :

Hi,

Sorry for the late response - keeping busy :)

Permissions: Owner has read/write permissions, others have read (probably not smart).

I do *not* get any errors when running the "openssl rsa -text -in <filename>" command.

When running NetworkManager with --no-daemon I get the following when enabling the OpenVPN connection. The OpenVPN log does not show any activity.
-------------------
Enter pass phrase for /home/rto/xxxx/xxxxx/rto1key.pem:

** (process:8698): WARNING **: <WARNING> openvpn_watch_cb (): openvpn exited with error code 1

** (process:8698): WARNING **: <WARNING> nm_openvpn_socket_data_cb (): Password verification failed

NetworkManager: <WARN> nm_vpn_service_process_signal(): VPN failed for service 'org.freedesktop.NetworkManager.openvpn', signal 'ConnectFailed', with message 'The VPN login failed because the VPN program could not connect to the VPN server.'.
NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 3 -> 6.
NetworkManager: <WARN> nm_vpn_service_process_signal(): VPN failed for service 'org.freedesktop.NetworkManager.openvpn', signal 'LoginFailed', with message 'The VPN login failed because the user name and password were not accepted or the certificate password was wrong.'.
NetworkManager: <WARN> nm_vpn_service_stop_connection(): (VPN Service org.freedesktop.NetworkManager.openvpn): could not stop connection 'NeoConsult' because service was 6.
-------------------

The setup procedure was as follows. The admins hand out PKCS#12 certs which I have to "convert" to use with the NM-OVPN module.
-------------------
First you need to extract the CA, certificate and key from your .p12 file (replace user1 with your initials and number).

    openssl pkcs12 -nocerts -in user1.p12 -out user1key.pem
    Supply Import Password.
    Type new PEM pass phrase.
    openssl pkcs12 -nokeys -clcerts -in user1.p12 -out user1cert.pem
    Supply Import Password.
    openssl pkcs12 -nokeys -cacerts -in user1.p12 -out user1ca.pem

Copy the files to a suitable place on your hard drive.

Install network-manager-openvpn. This is the OpenVPN plugin for NetworkManager.

    sudo apt-get install network-manager-openvpn

Now left-click on the NetworkManager icon, select VPN Connections -> Configure VPN and click the Add button. Type in a connection name and paste in the following appropriately:

    Gateway Address: xxx.xxx.xxx.xxx
    Gateway Port: 1194 (this is the default)
    Connection Type: X.509 Certificates (also default)
    CA file: (point to your user1ca.pem file)
    Certificate: (point to your user1cert.pem file)
    Key: (point to your user1key.pem file)

Now click the Optional tab and check the following boxes:

    Use LZO compression
    Use cipher: (select cipher)
    Use TLS auth: (point to your ta.key file)
    Direction: (select 1)
-------------------

This setup worked up until the openvpn/openssl updates two weeks ago.

Again, sorry for the late response - and thanks for the good work.

Rói