network-manager-openvpn: cannot import connection from ovpn file

Charlie Kravetz cjk at teamcharliesangels.com
Fri Nov 7 14:42:14 UTC 2008 

On Wed, 05 Nov 2008 21:12:45 +0200
Giorgos Pallas <gpall at ccf.auth.gr> wrote:

> Package: network-manager-openvpn
> Version: 0.7~~svn20081015t024626-0ubuntu1
> Severity: normal
> 
> 
> I was using successfully openvpn from command line using this config:
> 
> =====================================
> remote XXX.XXX.XXX.XXX
> dev tap0
> client
> 
> proto udp
> port 53
> 
> pkcs12 mycert.p12
> 
> comp-lzo
> verb 3
> cipher DESX-CBC
> 
> ns-cert-type server
> ======================================
> 
> I'm now trying to make this work from the gui and I fail to see how
> it must be adapted. I think that the correct authentication type is
> 'Certificates TLS', but then I do not understand what is the
> difference between 'User certificate' and 'Private key'. The one is
> the public and the other is the private key? I think that it is a bug
> that the above simple vpn config cannot be directly imported into the
> GUI.
> 
> I include also below a sample of openvpn connecting using the above
> config from the command line:
> 
> Wed Nov  5 21:06:21 2008 WARNING: this configuration may cache
> passwords in memory -- use the auth-nocache option to prevent this
> Wed Nov  5 21:06:21 2008 WARNING: file 'gpall-cert-2008.p12' is group
> or others accessible
> Wed Nov  5 21:06:21 2008 /usr/bin/openssl-vulnkey -q -b 2048 -m
> <modulus
> omitted>
> Wed Nov  5 21:06:21 2008 LZO compression initialized
> Wed Nov  5 21:06:21 2008 Control Channel MTU parms [ L:1574 D:138
> EF:38 EB:0 ET:0 EL:0 ]
> Wed Nov  5 21:06:21 2008 Data Channel MTU parms [ L:1574 D:1450 EF:42
> EB:135 ET:32 EL:0 AF:3/1 ]
> Wed Nov  5 21:06:21 2008 Local Options hash (VER=V4): 'aa93bac8'
> Wed Nov  5 21:06:21 2008 Expected Remote Options hash (VER=V4):
> 'ca4ff25f' Wed Nov  5 21:06:21 2008 Socket Buffers: R=[112640->131072]
> S=[112640->131072]
> Wed Nov  5 21:06:21 2008 UDPv4 link local (bound): [undef]:53
> Wed Nov  5 21:06:21 2008 UDPv4 link remote: XXX.XXX.XXX.XXX:53
> Wed Nov  5 21:06:21 2008 TLS: Initial packet from XXX.XXX.XXX.XXX:53,
> sid=c32b61b2 e6a48939
> Wed Nov  5 21:06:26 2008 VERIFY OK: depth=2,
> /C=GR/O=Aristotle_University_of_Thessaloniki/OU=Central_Communication_Facilities/CN=Root_Certification_Authority_2001
> Wed Nov  5 21:06:26 2008 VERIFY OK: depth=1,
> /C=GR/O=Aristotle_University_of_Thessaloniki/OU=Network_Operations_Center/CN=AUTH_Servers_Certification_Authority_2007/emailAddress=nocca2007 at ccf.auth.gr
> Wed Nov  5 21:06:26 2008 VERIFY OK: nsCertType=SERVER
> Wed Nov  5 21:06:26 2008 VERIFY OK: depth=0,
> /C=GR/O=Aristotle_University_of_Thessaloniki/OU=Network_Operations_Center/CN=argo.ccf.auth.gr/emailAddress=root at ccf.auth.gr
> Wed Nov  5 21:06:38 2008 Data Channel Encrypt: Cipher 'DESX-CBC'
> initialized with 192 bit key
> Wed Nov  5 21:06:38 2008 Data Channel Encrypt: Using 160 bit message
> hash 'SHA1' for HMAC authentication
> Wed Nov  5 21:06:38 2008 Data Channel Decrypt: Cipher 'DESX-CBC'
> initialized with 192 bit key
> Wed Nov  5 21:06:38 2008 Data Channel Decrypt: Using 160 bit message
> hash 'SHA1' for HMAC authentication
> Wed Nov  5 21:06:38 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3
> DHE-RSA-AES256-SHA, 1024 bit RSA
> Wed Nov  5 21:06:38 2008 [argo.ccf.auth.gr] Peer Connection Initiated
> with XXX.XXX.XXX.XXX:53
> Wed Nov  5 21:06:39 2008 SENT CONTROL [argo.ccf.auth.gr]:
> 'PUSH_REQUEST' (status=1)
> Wed Nov  5 21:06:39 2008 PUSH: Received control message:
> 'PUSH_REPLY,dhcp-option DNS 155.207.0.31,dhcp-option DNS
> 194.63.237.4,dhcp-option WINS
> 155.207.0.31,redirect-gateway,route-gateway XXX.XXX.XXX.XXX0,ping
> 10,ping-restart 120,ifconfig XXX.XXX.XXX.83 255.255.255.0'
> Wed Nov  5 21:06:39 2008 OPTIONS IMPORT: timers and/or timeouts
> modified Wed Nov  5 21:06:39 2008 OPTIONS IMPORT: --ifconfig/up
> options modified Wed Nov  5 21:06:39 2008 OPTIONS IMPORT: route
> options modified Wed Nov  5 21:06:39 2008 OPTIONS IMPORT:
> route-related options modified Wed Nov  5 21:06:39 2008 OPTIONS
> IMPORT: --ip-win32 and/or --dhcp-option options modified
> Wed Nov  5 21:06:39 2008 WARNING: --remote address [XXX.XXX.XXX.XXX]
> conflicts with --ifconfig subnet [XXX.XXX.XXX.83, 255.255.255.0] --
> local and remote addresses cannot be inside of the --ifconfig subnet.
> (silence this warning with --ifconfig-nowarn)
> Wed Nov  5 21:06:39 2008 ROUTE default_gateway=192.168.1.1
> Wed Nov  5 21:06:39 2008 TUN/TAP device tap0 opened
> Wed Nov  5 21:06:39 2008 TUN/TAP TX queue length set to 100
> Wed Nov  5 21:06:39 2008 /sbin/ifconfig tap0 XXX.XXX.XXX.83 netmask
> 255.255.255.0 mtu 1500 broadcast XXX.XXX.XXX.255
> Wed Nov  5 21:06:39 2008 /etc/openvpn/update-resolv-conf tap0 1500
> 1574 XXX.XXX.XXX.83 255.255.255.0 init
> Wed Nov  5 21:06:39 2008 /sbin/route add -net XXX.XXX.XXX.XXX netmask
> 255.255.255.255 gw 192.168.1.1
> Wed Nov  5 21:06:39 2008 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
> Wed Nov  5 21:06:39 2008 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0
> gw XXX.XXX.XXX.XXX0
> Wed Nov  5 21:06:40 2008 Initialization Sequence Completed
> 
> 
>  
> 
> -- System Information:
> Debian Release: lenny/sid
>   APT prefers intrepid-updates
>   APT policy: (500, 'intrepid-updates'), (500, 'intrepid-security'),
> (500, 'intrepid-proposed'), (500, 'intrepid')
> Architecture: i386 (i686)
> 
> Kernel: Linux 2.6.27-7-eeepc (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> 
> Versions of packages network-manager-openvpn depends on:
> ii  libart- 2.3.20-2                         Library of functions for
> 2D graphi
> ii  libatk1 1.24.0-0ubuntu1                  The ATK accessibility
> toolkit ii  libbono 2.24.0-0ubuntu1                  Bonobo CORBA
> interfaces library ii  libbono 2.24.0-0ubuntu1                  The
> Bonobo UI library ii  libc6   2.8~20080505-0ubuntu7            GNU C
> Library: Shared libraries ii  libcair
> 1.8.0-0ubuntu1                   The Cairo 2D vector graphics libra
> ii  libdbus 1.2.4-0ubuntu1                   simple interprocess
> messaging syst
> ii  libdbus 0.76-1                           simple interprocess
> messaging syst
> ii  libfont 2.6.0-1ubuntu4                   generic font
> configuration library
> ii  libfree 2.3.7-2ubuntu1                   FreeType 2 font engine,
> shared lib
> ii  libgcon 2.24.0-0ubuntu1                  GNOME configuration
> database syste
> ii  libglad 1:2.6.3-0ubuntu1                 library to load .glade
> files at ru
> ii  libglib 2.18.2-0ubuntu2                  The GLib library of C
> routines ii  libgnom 2.24.1-0ubuntu1                  GObject
> bindings for PKCS#11 ii  libgnom 2.24.1-0ubuntu4                  The
> GNOME 2 library - runtime file
> ii  libgnom 2.20.1.1-1ubuntu2                A powerful
> object-oriented display
> ii  libgnom 2.24.0-0ubuntu1                  The GNOME 2 libraries
> (User Interf
> ii  libgnom 1:2.24.0-0ubuntu1                GNOME Virtual File System
> (runtime
> ii  libgtk2 2.14.4-0ubuntu1                  The GTK+ graphical user
> interface
> ii  libice6 2:1.0.4-1                        X11 Inter-Client Exchange
> library
> ii  libnm-g 0.7~~svn20081018t105859-0ubuntu1 network management
> framework (GLib
> ii  libnm-u 0.7~~svn20081018t105859-0ubuntu1 network management
> framework (shar
> ii  liborbi 1:2.14.16-0ubuntu1               libraries for ORBit2 - a
> CORBA ORB
> ii  libpang 1.22.2-0ubuntu1                  Layout and rendering of
> internatio
> ii  libpixm 0.12.0-1                         pixel-manipulation
> library for X a
> ii  libpng1 1.2.27-1                         PNG library - runtime
> ii  libpopt 1.14-4                           lib for parsing cmdline
> parameters
> ii  libsm6  2:1.0.3-2                        X11 Session Management
> library ii  libx11- 2:1.1.5-2ubuntu1                 X11 client-side
> library ii  libxcb- 0.2+git36-1                      utility
> libraries for X C Binding
> ii  libxcb- 1.1-1.1                          X C Binding, render
> extension ii  libxcb1 1.1-1.1                          X C Binding
> ii  libxml2 2.6.32.dfsg-4ubuntu1             GNOME XML library
> ii  libxren 1:0.9.4-2                        X Rendering Extension
> client libra
> ii  openvpn 2.1~rc11-1ubuntu2                virtual private network
> daemon ii  zlib1g  1:1.2.3.3.dfsg-12ubuntu1         compression
> library - runtime
> 
> network-manager-openvpn recommends no packages.
> 
> -- no debconf information
> 

Can you file this on launchpad? I know the system sent it to the users
mailing list, but it never gets worked if it stays here. 

The right place to file bug reports is:
https://bugs.launchpad.net/ubuntu

That will give the developers a chance to see if they can fix it.

Thanks.

-- 
Charlie Kravetz 
Linux Registered User Number 425914          [http://counter.li.org/]
Never let anyone steal your DREAM.           [http://keepingdreams.com]

More information about the ubuntu-users mailing list