Package: openvpn Version: 2.4.0-6+deb9u2 Severity: important Tags: patch This is a known openvpn 2.4 bug, and upstream has it fixed (https://github.com/OpenVPN/openvpn/commit/3322c558fa742cb823fa919f682486973abc4f8e and https://community.openvpn.net/openvpn/ticket/904). This fix has not been backported to Jessie backports or Stretch.
This effects anybody using 2-FA in their configuration, as value of --auth-token will never be used. The existence of this bug is especially bad in Network Manager OpenVPN, because it hard-codes using the --auth-nocache without possibility of not using it. -- System Information: Debian Release: 9.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.61 ii init-system-helpers 1.48 ii iproute2 4.9.0-1 ii libc6 2.24-11+deb9u1 ii liblz4-1 0.0~r131-2+b1 ii liblzo2-2 2.08-1.2+b2 ii libpam0g 1.1.8-3.6 ii libpkcs11-helper1 1.21-1 ii libssl1.0.2 1.0.2l-2+deb9u1 ii libsystemd0 232-25+deb9u1 ii lsb-base 9.20161125 Versions of packages openvpn recommends: ii easy-rsa 2.2.2-2 Versions of packages openvpn suggests: ii openssl 1.1.0f-3+deb9u1 pn resolvconf <none> -- debconf information excluded
