Bug#848024: Fails to connect after upgrade to openvpn 2.4

Thu, 24 Aug 2017 06:33:43 -0700 

Package: network-manager-openvpn
Version: 1.2.8-2
Followup-For: Bug #848024

The bug is still there in the version 1.2.8-2, because the g|UI for the editing
of connection properties still generates the invalid option "tls-remote" always
if you want to specify the X509 properties.

The problem is concretely in the openvpn configuration, tab VPN (openvpn), then
click on "Advanced", then switch to the tab TLS settings.
As a first control on this tab is the edit field, where you can put the
identification for X509 validation
(somethng like "C=cz, L=Praha, O=Some Org, CN=someserver.somedomain.cz,
emailAddress=somaeddr...@somedomain.cz")

But now, instead of the generating openvpn configuration with the option
"verify-X509-name" - on the ovpn configuration should be the line with
something like

verify-x509-name "C=cz, L=Praha, O=Some Org, CN=someserver.somedomain.cz,
emailAddress=someaddr...@somedomain.cz"

it still generates the old obsolete form

tls-remote "C=cz, L=Praha, O=Some Org, CN=someserver.somedomain.cz,
emailAddress=someaddr...@somedomain.cz"

The only workaround for this I have found is to let the validation field empty,
but then you lose the validation possibility.

This should be fixed, there should be generated the correct settings
verify-x509-name
to the generated ovpn configuration instead of todays
tls-remote

Possibly there should be also extended the edit dialogue, where should be
specified the type parameter behind the name parameter of the tag
verify-x509-name - according to the openvpn manual, there can be also specified
the type of the X509 name, if omitted, then default is used.



-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-0.bpo.3-amd64 (SMP w/2 CPU cores)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8), 
LANGUAGE=cs:en_US:de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages network-manager-openvpn depends on:
ii  adduser          3.115
ii  libc6            2.24-11+deb9u1
ii  libglib2.0-0     2.50.3-2
ii  libnm0           1.6.2-3
ii  network-manager  1.6.2-3
ii  openvpn          2.4.0-6+deb9u1

network-manager-openvpn recommends no packages.

network-manager-openvpn suggests no packages.

-- no debconf information

Reply via email to