connection fails with non-"server" server cert (w/patch)

Bug #94788 reported by Martin Emrich
2
Affects Status Importance Assigned to Milestone
NetworkManager-OpenVPN
New
Undecided
Unassigned
network-manager-openvpn (Ubuntu)
Fix Released
Low
Philipp Kern

Bug Description

Binary package hint: network-manager-openvpn

When I try to connect to my OpenVPN server at home via Network-Manager (with a self-signed certificate), the connection fails. With openvpn from the command line it works. While tracking down the Bug, I found this:

http://mail.gnome.org/archives/networkmanager-list/2006-April/msg00132.html

Then I tried to generate a certificate with this obscure "server extension", but my OpenSSL (on Ubuntu Dapper) does not have this extension. So I added a checkbox to network-manager-openvpn to disable this "--ns-cert-type" option. (Patch coming right up...)

Revision history for this message
Martin Emrich (emme) wrote :

Here is the patch against 0.3.2svn2342-0ubuntu3 via apt-get source. I tried hard to think of a shorter description for the new checkbox, but could not find one...

Revision history for this message
David Parker (dparker) wrote :

Here's another option that I used before I found the above patch. My patch just removes the "--ns-cert-type server" parameters from the openvpn command line entirely.

Philipp Kern (pkern)
Changed in network-manager-openvpn:
assignee: nobody → pkern
status: New → In Progress
Philipp Kern (pkern)
Changed in network-manager-openvpn:
importance: Undecided → Low
Revision history for this message
Philipp Kern (pkern) wrote : Fix in network-manager-openvpn (0.3.2svn2342-1ubuntu3)

A new version of network-manager-openvpn was uploaded to fix this bug.

To review the current version, please run

  dget -x http://ppa.launchpad.net/pkern/ubuntu/pool/main/n/network-manager-openvpn/network-manager-openvpn_0.3.2svn2342-1ubuntu3.dsc

Changed in network-manager-openvpn:
status: In Progress → Fix Committed
Revision history for this message
Philipp Kern (pkern) wrote :

network-manager-openvpn (0.3.2svn2342-1ubuntu3) gutsy; urgency=low

  [ Cleanup ]
  * Switched to quilt for patch management.
  * Properly activated the awk patch.

  [ Bug fixes ]
  * Increased the timeout by 5s to 15s before openvpn gets killed
    forcefully. (LP: #117992)
  * Corrected the path to `nm-vpn-properties' in the desktop file.
    (LP: #123772)
  * Pull DNS domain setting from remote OpenVPN server.
    (LP: #138181)
  * Introduced a new configuration option enabling users to turn off the
    check for a proper `nsCertType=server' extension bit set in the
    server's certificate. (LP: #94788)

  [ Philipp Kern ]
  * Fixes (LP: #145884)

 -- Philipp Kern <email address hidden> Fri, 28 Sep 2007 02:05:51 +0200

Changed in network-manager-openvpn:
status: Fix Committed → Fix Released
Revision history for this message
Martin Emrich (emme) wrote :

Hi!

Thanks for including the patch!
But I get this message in my syslog after trying it out:

Oct 2 11:05:24 localhost nm-openvpn[12712]: TUN/TAP device tun0 opened
Oct 2 11:05:24 localhost nm-openvpn[12712]: ifconfig tun0 192.168.3.134 pointopoint 192.168.3.133 mtu 1500
Oct 2 11:05:24 localhost kernel: [ 4952.024000] tun0: Disabled Privacy Extensions
Oct 2 11:05:24 localhost nm-openvpn[12712]: /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper tun0 1500 1544 192.168.3.134 192.168.3.133 init
Oct 2 11:05:25 localhost nm-openvpn[12712]: script failed: shell command did not exit normally
Oct 2 11:05:25 localhost nm-openvpn[12712]: Exiting

Any Ideas?

Ciao

Martin

Revision history for this message
Philipp Kern (pkern) wrote :

This is #147941 for which I am desperately waiting for backtraces, so if you have apport crash reports for this, which you could send, then please do so. (Or follow the informations in the mentioned report to get a crashdump which does not include a coredump.

Revision history for this message
Martin Emrich (emme) wrote :

Hi!

After 147941 has been fixed, this works now great, too. Thanks!

Ciao

Martin

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.