FS#55785 - [networkmanager-openvpn] Can't connect to VPN on Gnome

Attached to Project: Arch Linux
Opened by treeshateorcs (budkin) - Thursday, 28 September 2017, 10:25 GMT
Last edited by Andreas Radke (AndyRTR) - Wednesday, 11 December 2019, 07:31 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
As the summary says I can't connect to VPN. All packages are most recent stable.

I was able to connect with the same config just a few days ago. Downgrading to openvpn 2.4.3 did not help

Additional info:
* package version(s)
networkmanager 1.8.4-1
networkmanager-openvpn 1.8.0-1
openvpn 2.4.4-1

* config and/or log files etc.
Sep 28 12:58:22 - NetworkManager[488]: <info> [1506592702.8633] vpn-connection[0x563747465100,e7991627-f65e-482c-827e-3ae514113d3e,"t450s",0]: VPN plugin: state changed: starting (3)
Sep 28 12:58:22 - NetworkManager[488]: <info> [1506592702.8638] vpn-connection[0x563747465100,e7991627-f65e-482c-827e-3ae514113d3e,"t450s",0]: VPN connection: (ConnectInteractive) reply received
Sep 28 12:58:22 - nm-openvpn[2657]: Options error: If you use one of --cert or --key, you must use them both
Sep 28 12:58:22 - nm-openvpn[2657]: Use --help for more information.
Sep 28 12:58:22 - NetworkManager[488]: <warn> [1506592702.8686] vpn-connection[0x563747465100,e7991627-f65e-482c-827e-3ae514113d3e,"t450s",0]: VPN plugin: failed: connect-failed (1)
Sep 28 12:58:22 - NetworkManager[488]: <warn> [1506592702.8690] vpn-connection[0x563747465100,e7991627-f65e-482c-827e-3ae514113d3e,"t450s",0]: VPN plugin: failed: connect-failed (1)
Sep 28 12:58:22 - NetworkManager[488]: <info> [1506592702.8690] vpn-connection[0x563747465100,e7991627-f65e-482c-827e-3ae514113d3e,"t450s",0]: VPN plugin: state changed: stopping (5)
Sep 28 12:58:22 - NetworkManager[488]: <info> [1506592702.8690] vpn-connection[0x563747465100,e7991627-f65e-482c-827e-3ae514113d3e,"t450s",0]: VPN plugin: state changed: stopped (6)
Sep 28 12:58:22 - NetworkManager[488]: <info> [1506592702.8711] vpn-connection[0x563747465100,e7991627-f65e-482c-827e-3ae514113d3e,"t450s",0]: VPN service disappeared

Steps to reproduce:
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Wednesday, 11 December 2019, 07:31 GMT
Reason for closing:  Fixed
Comment by treeshateorcs (budkin) - Thursday, 28 September 2017, 11:08 GMT
If I manually add "key" in /etc/NetworkManager/system-connections/vpn with my key path

Sep 28 14:04:57 - nm-openvpn[4556]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 28 14:04:57 - nm-openvpn[4556]: OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Sep 28 14:04:57 - nm-openvpn[4556]: Cannot load private key file /home/budkin/.cert/nm-openvpn/vpn-key.pem
Sep 28 14:04:57 - nm-openvpn[4556]: SIGUSR1[soft,private-key-password-failure] received, process restarting
Comment by r2w (r2w) - Thursday, 28 September 2017, 23:57 GMT
I also am having similar issues. When I add a new VPN configuration, I select the location for the CA Cert, and User Cert and Key. When I save this in Gnome, and reopen the User Cert gets mapped to the CA cert and the User private key gets set to (None).

If I manually change the file in /etc/NetworkManager/system-connections to:

...
[vpn]
auth=SHA1
ca=/path/to/ca-cert.pem
cert=/path/to/user-cert.pem
key=/path/to/user-key.key
...

It won't connect (Even after reboot).

If I open the connection to be edited in Gnome, don't change any thing and hit save it changes the file to:

...
[vpn]
auth=SHA1
ca=/path/to/ca-cert.pem
cert=/path/to/ca-cert.pem
...

And the 'key' key is completely gone.
Comment by alexandre derumier (aderumier) - Tuesday, 03 October 2017, 11:27 GMT
I confirm, same bug here since upgrade to gnome 3.26 from testing.

gnome write config like

[vpn]
auth=SHA1
ca=/path/to/ca-cert.pem
cert=/path/to/ca-cert.pem


even if I filled ca && cert correctly.

(and my old config have been altered too)
Comment by alexandre derumier (aderumier) - Tuesday, 03 October 2017, 11:38 GMT
downgrading networkmanager-openvpn to 1.2.10-1 fix the problem for me
Comment by Eli Schwartz (eschwartz) - Tuesday, 03 October 2017, 22:20 GMT
The issue with modifying your configuration is described in  FS#55832  -- this bug as initially reported is about networkmanager-openvpn being unable to connect using connection profiles that used to work and have not been modified from that working state.
Comment by Torus (T0t0) - Monday, 16 October 2017, 21:13 GMT
I confirm downgrade to 1.2.10-1 fix that.
Comment by Torus (T0t0) - Saturday, 25 November 2017, 02:51 GMT
No problem with testing version 1.8.1dev+10+ge4d8cda-2.
you can upgrade :)

Loading...