After upgrade of vpn server, openvpn-clients of ubuntu 14.0 are refused

Bug #1732541 reported by Joost Ringoot
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Since openvpnserver upgrade to version 2.0.2(centos 6.8) the server log reports ssl authentication rejection for all ubuntu 14.04 clients (I can't find the error right now, I will add this when a new attempt is logged)
https://packages.ubuntu.com/trusty/net/openvpn (2.3.2-7ubuntu3.2)

My current Solution for ubuntu 14.04 is: install openvpn 2.4.4 from tarbal https://openvpn.net/index.php/download/community-downloads.html

Or update the ubuntu to version 16.04, since
Ubuntu 16.04 clients appear to have no issues with this.
Please put this client (openvpn 2.4.4) in the repository for ubuntu 14.04

Steve Beattie (sbeattie)
information type: Private Security → Public
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Joost,
putting 2.4.4 into Trusty would be a major change with too much of a regression risk for others.
See [1] for Details. We would need to find the actual issue you are hitting and then the fix that fixed it between 2.3.2-7ubuntu3.2 -> 2.4.4 to backport just the fix under the constraints of [1].

As you say, upgrading 16.04 is an option as there you opt-in to take the potential regressions of an upgrade (but you usually get way more improvements than regressions, but people see what causes work for them :-) ).

In general on authentication rejects due to version upgrades what I've seen in the past is that the list of supported encryptions bweteen server and client no more has a shared element that can be used. But it can very well be something completely different.

So we need to check what we can find once you have the error.
As much as possible use verbose logging and report the client and server logs of the same case.
That should make it easier to find the root cause.

[1]: https://wiki.ubuntu.com/StableReleaseUpdates

Changed in openvpn (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for openvpn (Ubuntu) because there has been no activity for 60 days.]

Changed in openvpn (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.