Public bug reported:
Network Manager Import VPN configuration does not work correctly if a
file contains a lowercase cipher.
Worst is, the import appears to work (no errors). The connection fails
with "Invalid HMAC signature" and no other errors.
I only figured out what the problem was by going to the advanced
settings and opening the cipher dropdown.
Perhaps the easiest fix to this would be to convert the "cipher" value
to upper case when importing.
Using the `openvpn` command directly does work with lowercase "cipher"
value, it's only when importing it via the Network Manager where there
is a problem.
Example .ovpn file contents (the lowercase cipher value here is
"aes-128-cbc"):
client
dev tun
proto udp
remote austria.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
** Tags: vpn
** Description changed:
Network Manager Import VPN configuration does not work correctly if a
file contains a lowercase cipher.
Worst is, the import appears to work (no errors). The connection fails
with "Invalid HMAC signature" and no other errors.
I only figured out what the problem was by going to the advanced
settings and opening the cipher dropdown.
Perhaps the easiest fix to this would be to convert the "cipher" value
to upper case when importing.
- Example .ovpn file contents:
+ Using the `openvpn` command directly does work with lowercase "cipher"
+ value, it's only when importing it via the Network Manager where there
+ is a problem.
+
+ Example .ovpn file contents (the lowercase cipher value here is
+ "aes-128-cbc"):
client
dev tun
proto udp
remote austria.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1746245
Title:
.ovpn file "cipher" does not work if it is lowercase
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1746245/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
