Created attachment 864797 [details] nm-applet configuration page Involved packages (currently stable): openvpn--2.5.7-r1 networkmanager-openvpn-1.10.2 Configured VPN connection with TLS key (passwordless) under plasma mn-applet. Set option "Password not required" Connection attempt timed out. Exported the config to an external file and tried to establish the connection manually: # openvpn --config <config file> and get this output: --------------- cut --------------------- 2023-06-29 07:55:28 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning. 2023-06-29 07:55:28 OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 28 2023 2023-06-29 07:55:28 library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10 Enter Auth Username: --------------- cut --------------------- As seen it requests a password even if i said there is none. The config (redacted - removed personal data): --------------- cut --------------------- client remote <ip> <port> ca "<ca.crt>" cert "<crt>" key "<pem>" auth-user-pass tls-auth "<ta.key>" 1 cipher AES-128-CBC dev tun proto udp nobind auth-nocache script-security 2 persist-key persist-tun user nobody group nobody --------------- cut --------------------- If i remove the option "auth-user-pass" everything works well. For now establishing the VPN connection via nm-applet does not work because it waits for a - not provided - username/password. This seems to be a bug in networkmanager-openvpn. The file in /etc/NetworkManager/system-connections has following contents (redacted): --------------- cut --------------------- [connection] id=test (OpenVPN) uuid=<uuid> type=vpn [vpn] ca=<ca.crt> cert=<crt> cert-pass-flags=4 cipher=AES-128-CBC connection-type=tls float=no key=<pem> mssfix=no port=<port> proto-tcp=no remote=<ip> remote-random=no ta=<ta.key> ta-dir=1 tun-ipv6=no service-type=org.freedesktop.NetworkManager.openvpn [ipv4] may-fail=false method=auto never-default=true [ipv6] addr-gen-mode=stable-privacy method=auto --------------- cut --------------------- Any hints ?
Does https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/a790374f4c2e9e1657cbb8470357d72d4bd87916 help at all if you apply it in /etc/portage/patches to networkmanager-openvpn?
No, it does not fix it. Reverting back to openvpn-2.5.6-r1 makes it working again. It seems a change in openvpn triggers this bug. I had to remove "auth-user-pass" from the exported config file to make it running at the command line. Otherwise it still requests a userid/password which is not required in my setup.
Sorry - spoke too early. Patch was not applied at rebuild. I can confirm - it works now.
(In reply to Petric Frank from comment #3) > Sorry - spoke too early. Patch was not applied at rebuild. > > I can confirm - it works now. Many thanks for confirming!
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09c97e4e902abe3b3094134d5f267e363ef4138a commit 09c97e4e902abe3b3094134d5f267e363ef4138a Author: Sam James <sam@gentoo.org> AuthorDate: 2023-06-29 10:58:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-29 10:58:10 +0000 net-vpn/networkmanager-openvpn: backpot openvpn-2.6 fix Closes: https://bugs.gentoo.org/909361 Signed-off-by: Sam James <sam@gentoo.org> ...manager-openvpn-1.10.2-openvpn-2.6-compat.patch | 43 ++++++++++++++++ .../networkmanager-openvpn-1.10.2-r1.ebuild | 58 ++++++++++++++++++++++ 2 files changed, 101 insertions(+)
