Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#54530 - [networkmanager-openconnect] Cannot connect with AES 128 encryption

Attached to Project: Arch Linux
Opened by Ameya Thakur (indiandennis) - Wednesday, 21 June 2017, 18:10 GMT
Last edited by Doug Newgard (Scimmia) - Thursday, 22 June 2017, 17:45 GMT
Task Type Bug Report
Category Packages: Extra
Status Assigned
Assigned To Jan Steffens (heftig)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 2
Private No

Details

Description:
The latest version of networkmanager-openvpn cannot connect with AES 128 encryption due to what appears to be a case mismatch. You can also cross-reference the launchpad bug report at https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1699551.

Additional info:
* package version(s): OpenVPN 2.4.2, NetworkManager 1.8.0-1, networkmanager-openvpn 1.2.10-1
* config and/or log files etc. :

WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Jun 21 10:59:54 desktop nm-openvpn[3515]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Jun 21 10:59:54 desktop nm-openvpn[3515]: [*removed for privacy] Peer Connection Initiated with [AF_INET]*removed for privacy:1198
Jun 21 10:59:55 desktop nm-openvpn[3515]: Error: pushed cipher not allowed - aes-128-cbc not in AES-128-CBC or AES-256-GCM:AES-128-GCM
Jun 21 10:59:55 desktop nm-openvpn[3515]: OPTIONS ERROR: failed to import crypto options
Jun 21 10:59:55 desktop nm-openvpn[3515]: ERROR: Failed to apply push options
Jun 21 10:59:55 desktop nm-openvpn[3515]: Failed to open tun/tap interface
Jun 21 10:59:55 desktop nm-openvpn[3515]: SIGUSR1[soft,process-push-msg-failed] received, process restarting


Steps to reproduce: Update to latest versions of packages, add a VPN with AES encryption to networkmanager and attempt to connect. It will try to connect for a few minutes and then fail.
This task depends upon

Comment by Ameya Thakur (indiandennis) - Wednesday, 21 June 2017, 18:12 GMT
Sorry, this is my first bug report and I didn't notice that I left out the title summary until after I posted.
Comment by Nathan Chowning (yesimnathan) - Wednesday, 21 June 2017, 19:04 GMT
I experienced this same issue. A work-around is to edit your connection file in /etc/NetworkManager/system-connections & change the 'cipher' line from 'cipher=AES-128-CBC' to 'cipher=aes-128-cbc'. That worked for me.
Comment by Scott (firecat53) - Wednesday, 21 June 2017, 19:10 GMT
That fix worked for me as well (lowercasing the cipher line). Now that's an odd bug!
Comment by Ameya Thakur (indiandennis) - Wednesday, 21 June 2017, 20:18 GMT
Thanks, it worked for me too!
Comment by Dan Panzarella (pzl) - Wednesday, 21 June 2017, 20:40 GMT
If anyone has a lot of configs in that directory to change (like I did), or they're just lazy and want a script to do it: https://gist.github.com/pzl/6f4b4d34fe1937e8fb95f6041a2a6d8c

uses GNU grep & sed to lowercase the cipher algo. Depending on permissions you may have to sudo it.

Loading...