Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#78728 - [networkmanager-openvpn] Can't connect to VPN after 1.10.2-2

Attached to Project: Arch Linux
Opened by Alan Moore (lykwydchykyn) - Wednesday, 07 June 2023, 01:04 GMT
Last edited by Jan Alexander Steffens (heftig) - Thursday, 08 June 2023, 11:09 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

After upgrading networkmanager-openvpn from 1.10.2-1 to 1.10.2-2 I can no longer connect to my work VPN.

The error I get is:

nm-openvpn[95636]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:2: block-outside-dns (2.6.4)
nm-openvpn[95636]: OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
nm-openvpn[95636]: ERROR: Failed to apply push options
nm-openvpn[95636]: Failed to open tun/tap interface

I have no openvpn configuration files under /etc/openvpn or ~/.config, so it is not clear where I should add these values. These are not options listed in the GUI.
This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Thursday, 08 June 2023, 11:09 GMT
Reason for closing:  Fixed
Additional comments about closing:  1.10.2-3
Comment by Toolybird (Toolybird) - Thursday, 08 June 2023, 00:02 GMT
The only change in -2 was a fix cherrypicked from upstream to "unbreak mixed cipher deployments". See [1].

You should simply be able to: Edit connection details->Identity Tab->Advanced Button, then fiddle with cipher options in there?

[1] https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/112
Comment by Jan Alexander Steffens (heftig) - Thursday, 08 June 2023, 00:22 GMT
Try editing the .nmconnection file manually, adding `data-ciphers=AES-256-CBC` to the [vpn] section. Then `nmcli con reload`.
Comment by Federico Baldoni (aciko11) - Thursday, 08 June 2023, 04:47 GMT
I have the same problem too. Tried to change the cipher to 'AES-256-GCM' both in the connection details and by editing the '.nmconnection' file, but it did not work: strangely i still get the same error.
Also tried to add the 'data-ciphers' option but i receive this error 'GDBus.Error:org.freedesktop.NetworkManager.VPN.Error.BadArguments: property “data-cipher” invalid or not supported'
Comment by Jan Alexander Steffens (heftig) - Thursday, 08 June 2023, 11:01 GMT
It's `data-ciphers`, plural. The error says you used `data-cipher`.
Comment by Jan Alexander Steffens (heftig) - Thursday, 08 June 2023, 11:07 GMT
I'm going to remove the backport but please also file an issue upstream because this is just going to break again when they release 1.10.4 as-is.

Loading...