https://bugs.kde.org/show_bug.cgi?id=461055
Stefan Neufeind <k...@stefan-neufeind.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |k...@stefan-neufeind.de
--- Comment #2 from Stefan Neufeind <k...@stefan-neufeind.de> ---
Just stumbled across this again on Fedora 42 which has OpenVPN 2.6.14. Newer
openvpn-versions don't have the "cipher"-option anymore but need "data-ciphers"
to be set. syslog reports something like:
nm-openvpn[41191]: OPTIONS ERROR: failed to negotiate cipher with server. Add
the server's cipher ('AES-128-CBC') to --data-ciphers (currently
'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this
server.
Workaround: Manually editing the vpn-connection below /etc/NetworkManager makes
it work.
https://discourse.gnome.org/t/gnome-settings-openvpn-data-ciphers-field-missing/11590
Gnome added it when writing the vpn-connection, in 2022:
merge:
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/46
patch-details:
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/020ab0c4b872fa5415ed1a5e682acb3343c7b9f3
Maybe we could add a similar solution when writing the connection. Should we
keep the current dropdown for cipher and export that as data-ciphers? Or have
it as a new input-field (to support a list of ciphers)? Automatically add it to
the list of ciphers then as a compat-solution? Or assume that newer
distributions ("since ever") use openvpn 2.6+ and simply switch from "cipher"
to "data-ciphers" completely in the source?
https://github.com/KDE/plasma-nm/blob/master/vpn/openvpn/openvpn.cpp
--
You are receiving this mail because:
You are watching all bug changes.
