[Bug 2020893] [NEW] Changing path for the certificates and keys doesn't work

Fri May 26 13:29:46 UTC 2023

You have been subscribed to a private bug by mastier1 (mastier1):

If you modify existing OpenVPN connection NetworkManager does not
reflect them without restart

I changed path for files (other directory), yet it still tries to load
the old path

mastier at drakkar:~$ nmcli con up 'Canonical UK'
Error: Connection activation failed: Unknown reason
Hint: use 'journalctl -xe NM_CONNECTION=9328632c-dcb0-4414-8609-20285bf0acb8 + NM_DEVICE=eno1' to get more details.

mastier at drakkar:~$ grep -iHR openvpn /var/log/syslog|tail
/var/log/syslog:May 26 15:16:43 drakkar nm-openvpn[726598]: Cannot pre-load keyfile (/home/mastier/Documents/vpn/canonical_ta.key)
/var/log/syslog:May 26 15:16:43 drakkar nm-openvpn[726598]: Exiting due to fatal error
/var/log/syslog:May 26 15:16:55 drakkar NetworkManager[5372]: <info>  [1685107015.3225] vpn[0x555f6a6a6750,9328632c-dcb0-4414-8609-20285bf0acb8,"Canonical UK"]: starting openvpn
/var/log/syslog:May 26 15:16:55 drakkar nm-openvpn[727045]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
/var/log/syslog:May 26 15:16:55 drakkar nm-openvpn[727045]: Cannot pre-load keyfile (/home/mastier/Documents/vpn/canonical_ta.key)
/var/log/syslog:May 26 15:16:55 drakkar nm-openvpn[727045]: Exiting due to fatal error
/var/log/syslog:May 26 15:19:40 drakkar NetworkManager[5372]: <info>  [1685107180.3388] vpn[0x555f6a6a69d0,9328632c-dcb0-4414-8609-20285bf0acb8,"Canonical UK"]: starting openvpn
/var/log/syslog:May 26 15:19:40 drakkar nm-openvpn[731307]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
/var/log/syslog:May 26 15:19:40 drakkar nm-openvpn[731307]: Cannot pre-load keyfile (/home/mastier/Documents/vpn/canonical_ta.key)
/var/log/syslog:May 26 15:19:40 drakkar nm-openvpn[731307]: Exiting due to fatal error

$ nmcli con show 'Canonical UK' |grep Docum
vpn.data:                               ca = /home/mastier/Documents/canonical-vpn/canonical_ca.crt, cert = /home/mastier/Documents/canonical-vpn/canonical-mastier.crt, cert-pass-flags = 0, cipher = AES-128-CBC, comp-lzo = adaptive, connection-type = tls, dev = tun, dev-type = tun, key = /home/mastier/Documents/canonical-vpn/canonical-mastier.key, ping = 10, ping-restart = 60, remote = uk.sesame.canonical.com:29419, remote-cert-tls = server, ta = /home/mastier/Documents/vpn/canonical_ta.key, ta-dir = 1, verify-x509-name = name:access.is

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: network-manager-openvpn 1.8.18-1
ProcVersionSignature: Ubuntu 6.1.0-1012.12-oem 6.1.25
Uname: Linux 6.1.0-1012-oem x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu82.4
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Fri May 26 15:21:21 2023
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: network-manager-openvpn
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: network-manager (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: network-manager-openvpn (Ubuntu)
     Importance: Undecided
         Status: New

** Tags: amd64 apport-bug jammy wayland-session
-- 
Changing path for the certificates and keys doesn't work
https://bugs.launchpad.net/bugs/2020893
You received this bug notification because you are a member of Network-manager, which is subscribed to the bug report.