network-manager-openvpn: cannot import connection from ovpn file
Charlie Kravetz
cjk at teamcharliesangels.com
Fri Nov 7 14:42:14 UTC 2008
On Wed, 05 Nov 2008 21:12:45 +0200
Giorgos Pallas <gpall at ccf.auth.gr> wrote:
> Package: network-manager-openvpn
> Version: 0.7~~svn20081015t024626-0ubuntu1
> Severity: normal
>
>
> I was using successfully openvpn from command line using this config:
>
> =====================================
> remote XXX.XXX.XXX.XXX
> dev tap0
> client
>
> proto udp
> port 53
>
> pkcs12 mycert.p12
>
> comp-lzo
> verb 3
> cipher DESX-CBC
>
> ns-cert-type server
> ======================================
>
> I'm now trying to make this work from the gui and I fail to see how
> it must be adapted. I think that the correct authentication type is
> 'Certificates TLS', but then I do not understand what is the
> difference between 'User certificate' and 'Private key'. The one is
> the public and the other is the private key? I think that it is a bug
> that the above simple vpn config cannot be directly imported into the
> GUI.
>
> I include also below a sample of openvpn connecting using the above
> config from the command line:
>
> Wed Nov 5 21:06:21 2008 WARNING: this configuration may cache
> passwords in memory -- use the auth-nocache option to prevent this
> Wed Nov 5 21:06:21 2008 WARNING: file 'gpall-cert-2008.p12' is group
> or others accessible
> Wed Nov 5 21:06:21 2008 /usr/bin/openssl-vulnkey -q -b 2048 -m
> <modulus
> omitted>
> Wed Nov 5 21:06:21 2008 LZO compression initialized
> Wed Nov 5 21:06:21 2008 Control Channel MTU parms [ L:1574 D:138
> EF:38 EB:0 ET:0 EL:0 ]
> Wed Nov 5 21:06:21 2008 Data Channel MTU parms [ L:1574 D:1450 EF:42
> EB:135 ET:32 EL:0 AF:3/1 ]
> Wed Nov 5 21:06:21 2008 Local Options hash (VER=V4): 'aa93bac8'
> Wed Nov 5 21:06:21 2008 Expected Remote Options hash (VER=V4):
> 'ca4ff25f' Wed Nov 5 21:06:21 2008 Socket Buffers: R=[112640->131072]
> S=[112640->131072]
> Wed Nov 5 21:06:21 2008 UDPv4 link local (bound): [undef]:53
> Wed Nov 5 21:06:21 2008 UDPv4 link remote: XXX.XXX.XXX.XXX:53
> Wed Nov 5 21:06:21 2008 TLS: Initial packet from XXX.XXX.XXX.XXX:53,
> sid=c32b61b2 e6a48939
> Wed Nov 5 21:06:26 2008 VERIFY OK: depth=2,
> /C=GR/O=Aristotle_University_of_Thessaloniki/OU=Central_Communication_Facilities/CN=Root_Certification_Authority_2001
> Wed Nov 5 21:06:26 2008 VERIFY OK: depth=1,
> /C=GR/O=Aristotle_University_of_Thessaloniki/OU=Network_Operations_Center/CN=AUTH_Servers_Certification_Authority_2007/emailAddress=nocca2007 at ccf.auth.gr
> Wed Nov 5 21:06:26 2008 VERIFY OK: nsCertType=SERVER
> Wed Nov 5 21:06:26 2008 VERIFY OK: depth=0,
> /C=GR/O=Aristotle_University_of_Thessaloniki/OU=Network_Operations_Center/CN=argo.ccf.auth.gr/emailAddress=root at ccf.auth.gr
> Wed Nov 5 21:06:38 2008 Data Channel Encrypt: Cipher 'DESX-CBC'
> initialized with 192 bit key
> Wed Nov 5 21:06:38 2008 Data Channel Encrypt: Using 160 bit message
> hash 'SHA1' for HMAC authentication
> Wed Nov 5 21:06:38 2008 Data Channel Decrypt: Cipher 'DESX-CBC'
> initialized with 192 bit key
> Wed Nov 5 21:06:38 2008 Data Channel Decrypt: Using 160 bit message
> hash 'SHA1' for HMAC authentication
> Wed Nov 5 21:06:38 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3
> DHE-RSA-AES256-SHA, 1024 bit RSA
> Wed Nov 5 21:06:38 2008 [argo.ccf.auth.gr] Peer Connection Initiated
> with XXX.XXX.XXX.XXX:53
> Wed Nov 5 21:06:39 2008 SENT CONTROL [argo.ccf.auth.gr]:
> 'PUSH_REQUEST' (status=1)
> Wed Nov 5 21:06:39 2008 PUSH: Received control message:
> 'PUSH_REPLY,dhcp-option DNS 155.207.0.31,dhcp-option DNS
> 194.63.237.4,dhcp-option WINS
> 155.207.0.31,redirect-gateway,route-gateway XXX.XXX.XXX.XXX0,ping
> 10,ping-restart 120,ifconfig XXX.XXX.XXX.83 255.255.255.0'
> Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: timers and/or timeouts
> modified Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: --ifconfig/up
> options modified Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: route
> options modified Wed Nov 5 21:06:39 2008 OPTIONS IMPORT:
> route-related options modified Wed Nov 5 21:06:39 2008 OPTIONS
> IMPORT: --ip-win32 and/or --dhcp-option options modified
> Wed Nov 5 21:06:39 2008 WARNING: --remote address [XXX.XXX.XXX.XXX]
> conflicts with --ifconfig subnet [XXX.XXX.XXX.83, 255.255.255.0] --
> local and remote addresses cannot be inside of the --ifconfig subnet.
> (silence this warning with --ifconfig-nowarn)
> Wed Nov 5 21:06:39 2008 ROUTE default_gateway=192.168.1.1
> Wed Nov 5 21:06:39 2008 TUN/TAP device tap0 opened
> Wed Nov 5 21:06:39 2008 TUN/TAP TX queue length set to 100
> Wed Nov 5 21:06:39 2008 /sbin/ifconfig tap0 XXX.XXX.XXX.83 netmask
> 255.255.255.0 mtu 1500 broadcast XXX.XXX.XXX.255
> Wed Nov 5 21:06:39 2008 /etc/openvpn/update-resolv-conf tap0 1500
> 1574 XXX.XXX.XXX.83 255.255.255.0 init
> Wed Nov 5 21:06:39 2008 /sbin/route add -net XXX.XXX.XXX.XXX netmask
> 255.255.255.255 gw 192.168.1.1
> Wed Nov 5 21:06:39 2008 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
> Wed Nov 5 21:06:39 2008 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0
> gw XXX.XXX.XXX.XXX0
> Wed Nov 5 21:06:40 2008 Initialization Sequence Completed
>
>
>
>
> -- System Information:
> Debian Release: lenny/sid
> APT prefers intrepid-updates
> APT policy: (500, 'intrepid-updates'), (500, 'intrepid-security'),
> (500, 'intrepid-proposed'), (500, 'intrepid')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.27-7-eeepc (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages network-manager-openvpn depends on:
> ii libart- 2.3.20-2 Library of functions for
> 2D graphi
> ii libatk1 1.24.0-0ubuntu1 The ATK accessibility
> toolkit ii libbono 2.24.0-0ubuntu1 Bonobo CORBA
> interfaces library ii libbono 2.24.0-0ubuntu1 The
> Bonobo UI library ii libc6 2.8~20080505-0ubuntu7 GNU C
> Library: Shared libraries ii libcair
> 1.8.0-0ubuntu1 The Cairo 2D vector graphics libra
> ii libdbus 1.2.4-0ubuntu1 simple interprocess
> messaging syst
> ii libdbus 0.76-1 simple interprocess
> messaging syst
> ii libfont 2.6.0-1ubuntu4 generic font
> configuration library
> ii libfree 2.3.7-2ubuntu1 FreeType 2 font engine,
> shared lib
> ii libgcon 2.24.0-0ubuntu1 GNOME configuration
> database syste
> ii libglad 1:2.6.3-0ubuntu1 library to load .glade
> files at ru
> ii libglib 2.18.2-0ubuntu2 The GLib library of C
> routines ii libgnom 2.24.1-0ubuntu1 GObject
> bindings for PKCS#11 ii libgnom 2.24.1-0ubuntu4 The
> GNOME 2 library - runtime file
> ii libgnom 2.20.1.1-1ubuntu2 A powerful
> object-oriented display
> ii libgnom 2.24.0-0ubuntu1 The GNOME 2 libraries
> (User Interf
> ii libgnom 1:2.24.0-0ubuntu1 GNOME Virtual File System
> (runtime
> ii libgtk2 2.14.4-0ubuntu1 The GTK+ graphical user
> interface
> ii libice6 2:1.0.4-1 X11 Inter-Client Exchange
> library
> ii libnm-g 0.7~~svn20081018t105859-0ubuntu1 network management
> framework (GLib
> ii libnm-u 0.7~~svn20081018t105859-0ubuntu1 network management
> framework (shar
> ii liborbi 1:2.14.16-0ubuntu1 libraries for ORBit2 - a
> CORBA ORB
> ii libpang 1.22.2-0ubuntu1 Layout and rendering of
> internatio
> ii libpixm 0.12.0-1 pixel-manipulation
> library for X a
> ii libpng1 1.2.27-1 PNG library - runtime
> ii libpopt 1.14-4 lib for parsing cmdline
> parameters
> ii libsm6 2:1.0.3-2 X11 Session Management
> library ii libx11- 2:1.1.5-2ubuntu1 X11 client-side
> library ii libxcb- 0.2+git36-1 utility
> libraries for X C Binding
> ii libxcb- 1.1-1.1 X C Binding, render
> extension ii libxcb1 1.1-1.1 X C Binding
> ii libxml2 2.6.32.dfsg-4ubuntu1 GNOME XML library
> ii libxren 1:0.9.4-2 X Rendering Extension
> client libra
> ii openvpn 2.1~rc11-1ubuntu2 virtual private network
> daemon ii zlib1g 1:1.2.3.3.dfsg-12ubuntu1 compression
> library - runtime
>
> network-manager-openvpn recommends no packages.
>
> -- no debconf information
>
Can you file this on launchpad? I know the system sent it to the users
mailing list, but it never gets worked if it stays here.
The right place to file bug reports is:
https://bugs.launchpad.net/ubuntu
That will give the developers a chance to see if they can fix it.
Thanks.
--
Charlie Kravetz
Linux Registered User Number 425914 [http://counter.li.org/]
Never let anyone steal your DREAM. [http://keepingdreams.com]
More information about the ubuntu-users
mailing list