network-manager-openvpn: cannot import connection from ovpn file

Giorgos Pallas gpall at ccf.auth.gr
Wed Nov 5 19:12:45 UTC 2008 

Package: network-manager-openvpn
Version: 0.7~~svn20081015t024626-0ubuntu1
Severity: normal


I was using successfully openvpn from command line using this config:

=====================================
remote XXX.XXX.XXX.XXX
dev tap0
client

proto udp
port 53

pkcs12 mycert.p12

comp-lzo
verb 3
cipher DESX-CBC

ns-cert-type server
======================================

I'm now trying to make this work from the gui and I fail to see how it must
be adapted. I think that the correct authentication type is 'Certificates
TLS', but then I do not understand what is the difference between 'User
certificate' and 'Private key'. The one is the public and the other is the
private key? I think that it is a bug that the above simple vpn config
cannot be directly imported into the GUI.

I include also below a sample of openvpn connecting using the above config
from the command line:

Wed Nov  5 21:06:21 2008 WARNING: this configuration may cache passwords
in memory -- use the auth-nocache option to prevent this
Wed Nov  5 21:06:21 2008 WARNING: file 'gpall-cert-2008.p12' is group or
others accessible
Wed Nov  5 21:06:21 2008 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus
omitted>
Wed Nov  5 21:06:21 2008 LZO compression initialized
Wed Nov  5 21:06:21 2008 Control Channel MTU parms [ L:1574 D:138 EF:38
EB:0 ET:0 EL:0 ]
Wed Nov  5 21:06:21 2008 Data Channel MTU parms [ L:1574 D:1450 EF:42
EB:135 ET:32 EL:0 AF:3/1 ]
Wed Nov  5 21:06:21 2008 Local Options hash (VER=V4): 'aa93bac8'
Wed Nov  5 21:06:21 2008 Expected Remote Options hash (VER=V4): 'ca4ff25f'
Wed Nov  5 21:06:21 2008 Socket Buffers: R=[112640->131072]
S=[112640->131072]
Wed Nov  5 21:06:21 2008 UDPv4 link local (bound): [undef]:53
Wed Nov  5 21:06:21 2008 UDPv4 link remote: XXX.XXX.XXX.XXX:53
Wed Nov  5 21:06:21 2008 TLS: Initial packet from XXX.XXX.XXX.XXX:53,
sid=c32b61b2 e6a48939
Wed Nov  5 21:06:26 2008 VERIFY OK: depth=2,
/C=GR/O=Aristotle_University_of_Thessaloniki/OU=Central_Communication_Facilities/CN=Root_Certification_Authority_2001
Wed Nov  5 21:06:26 2008 VERIFY OK: depth=1,
/C=GR/O=Aristotle_University_of_Thessaloniki/OU=Network_Operations_Center/CN=AUTH_Servers_Certification_Authority_2007/emailAddress=nocca2007 at ccf.auth.gr
Wed Nov  5 21:06:26 2008 VERIFY OK: nsCertType=SERVER
Wed Nov  5 21:06:26 2008 VERIFY OK: depth=0,
/C=GR/O=Aristotle_University_of_Thessaloniki/OU=Network_Operations_Center/CN=argo.ccf.auth.gr/emailAddress=root at ccf.auth.gr
Wed Nov  5 21:06:38 2008 Data Channel Encrypt: Cipher 'DESX-CBC'
initialized with 192 bit key
Wed Nov  5 21:06:38 2008 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Wed Nov  5 21:06:38 2008 Data Channel Decrypt: Cipher 'DESX-CBC'
initialized with 192 bit key
Wed Nov  5 21:06:38 2008 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Wed Nov  5 21:06:38 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov  5 21:06:38 2008 [argo.ccf.auth.gr] Peer Connection Initiated
with XXX.XXX.XXX.XXX:53
Wed Nov  5 21:06:39 2008 SENT CONTROL [argo.ccf.auth.gr]: 'PUSH_REQUEST'
(status=1)
Wed Nov  5 21:06:39 2008 PUSH: Received control message:
'PUSH_REPLY,dhcp-option DNS 155.207.0.31,dhcp-option DNS
194.63.237.4,dhcp-option WINS
155.207.0.31,redirect-gateway,route-gateway XXX.XXX.XXX.XXX0,ping
10,ping-restart 120,ifconfig XXX.XXX.XXX.83 255.255.255.0'
Wed Nov  5 21:06:39 2008 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov  5 21:06:39 2008 OPTIONS IMPORT: --ifconfig/up options modified
Wed Nov  5 21:06:39 2008 OPTIONS IMPORT: route options modified
Wed Nov  5 21:06:39 2008 OPTIONS IMPORT: route-related options modified
Wed Nov  5 21:06:39 2008 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Wed Nov  5 21:06:39 2008 WARNING: --remote address [XXX.XXX.XXX.XXX]
conflicts with --ifconfig subnet [XXX.XXX.XXX.83, 255.255.255.0] --
local and remote addresses cannot be inside of the --ifconfig subnet.
(silence this warning with --ifconfig-nowarn)
Wed Nov  5 21:06:39 2008 ROUTE default_gateway=192.168.1.1
Wed Nov  5 21:06:39 2008 TUN/TAP device tap0 opened
Wed Nov  5 21:06:39 2008 TUN/TAP TX queue length set to 100
Wed Nov  5 21:06:39 2008 /sbin/ifconfig tap0 XXX.XXX.XXX.83 netmask
255.255.255.0 mtu 1500 broadcast XXX.XXX.XXX.255
Wed Nov  5 21:06:39 2008 /etc/openvpn/update-resolv-conf tap0 1500 1574
XXX.XXX.XXX.83 255.255.255.0 init
Wed Nov  5 21:06:39 2008 /sbin/route add -net XXX.XXX.XXX.XXX netmask
255.255.255.255 gw 192.168.1.1
Wed Nov  5 21:06:39 2008 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Wed Nov  5 21:06:39 2008 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw
XXX.XXX.XXX.XXX0
Wed Nov  5 21:06:40 2008 Initialization Sequence Completed


 

-- System Information:
Debian Release: lenny/sid
  APT prefers intrepid-updates
  APT policy: (500, 'intrepid-updates'), (500, 'intrepid-security'),
(500, 'intrepid-proposed'), (500, 'intrepid')
Architecture: i386 (i686)

Kernel: Linux 2.6.27-7-eeepc (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages network-manager-openvpn depends on:
ii  libart- 2.3.20-2                         Library of functions for 2D
graphi
ii  libatk1 1.24.0-0ubuntu1                  The ATK accessibility toolkit
ii  libbono 2.24.0-0ubuntu1                  Bonobo CORBA interfaces library
ii  libbono 2.24.0-0ubuntu1                  The Bonobo UI library
ii  libc6   2.8~20080505-0ubuntu7            GNU C Library: Shared libraries
ii  libcair 1.8.0-0ubuntu1                   The Cairo 2D vector
graphics libra
ii  libdbus 1.2.4-0ubuntu1                   simple interprocess
messaging syst
ii  libdbus 0.76-1                           simple interprocess
messaging syst
ii  libfont 2.6.0-1ubuntu4                   generic font configuration
library
ii  libfree 2.3.7-2ubuntu1                   FreeType 2 font engine,
shared lib
ii  libgcon 2.24.0-0ubuntu1                  GNOME configuration
database syste
ii  libglad 1:2.6.3-0ubuntu1                 library to load .glade
files at ru
ii  libglib 2.18.2-0ubuntu2                  The GLib library of C routines
ii  libgnom 2.24.1-0ubuntu1                  GObject bindings for PKCS#11
ii  libgnom 2.24.1-0ubuntu4                  The GNOME 2 library -
runtime file
ii  libgnom 2.20.1.1-1ubuntu2                A powerful object-oriented
display
ii  libgnom 2.24.0-0ubuntu1                  The GNOME 2 libraries (User
Interf
ii  libgnom 1:2.24.0-0ubuntu1                GNOME Virtual File System
(runtime
ii  libgtk2 2.14.4-0ubuntu1                  The GTK+ graphical user
interface
ii  libice6 2:1.0.4-1                        X11 Inter-Client Exchange
library
ii  libnm-g 0.7~~svn20081018t105859-0ubuntu1 network management
framework (GLib
ii  libnm-u 0.7~~svn20081018t105859-0ubuntu1 network management
framework (shar
ii  liborbi 1:2.14.16-0ubuntu1               libraries for ORBit2 - a
CORBA ORB
ii  libpang 1.22.2-0ubuntu1                  Layout and rendering of
internatio
ii  libpixm 0.12.0-1                         pixel-manipulation library
for X a
ii  libpng1 1.2.27-1                         PNG library - runtime
ii  libpopt 1.14-4                           lib for parsing cmdline
parameters
ii  libsm6  2:1.0.3-2                        X11 Session Management library
ii  libx11- 2:1.1.5-2ubuntu1                 X11 client-side library
ii  libxcb- 0.2+git36-1                      utility libraries for X C
Binding
ii  libxcb- 1.1-1.1                          X C Binding, render extension
ii  libxcb1 1.1-1.1                          X C Binding
ii  libxml2 2.6.32.dfsg-4ubuntu1             GNOME XML library
ii  libxren 1:0.9.4-2                        X Rendering Extension
client libra
ii  openvpn 2.1~rc11-1ubuntu2                virtual private network daemon
ii  zlib1g  1:1.2.3.3.dfsg-12ubuntu1         compression library - runtime

network-manager-openvpn recommends no packages.

-- no debconf information

More information about the ubuntu-users mailing list