I am hitting the issue described at https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1993634 after updating to openvpn-2.6 when using the stable tree

Comment 2 Sam James 2023-07-19 09:33:02 UTC

(In reply to Zdenek Sojka from comment #1)
> I am hitting the issue described at
> https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/
> 1993634 after updating to openvpn-2.6 when using the stable tree

I thought that was handled w/ bug 909361 and the subsequent stablereq for it?

Thank you for the reply!
Maybe it's a different issue then:

Jul 19 11:47:20 [nm-openvpn] DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
Jul 19 11:47:20 [nm-openvpn] OpenVPN 2.6.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Jul 19 11:47:20 [nm-openvpn] library versions: OpenSSL 1.1.1u  30 May 2023, LZO 2.10
Jul 19 11:47:20 [nm-openvpn] WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jul 19 11:47:20 [nm-openvpn] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 19 11:47:20 [nm-openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]XXXX
Jul 19 11:47:20 [nm-openvpn] UDPv4 link local: (not bound)
Jul 19 11:47:20 [nm-openvpn] UDPv4 link remote: [AF_INET]XXXX
Jul 19 11:47:20 [nm-openvpn] NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jul 19 11:47:20 [nm-openvpn] [vpn-gw] Peer Connection Initiated with [AF_INET]XXXX
Jul 19 11:47:20 [nm-openvpn] AUTH: Received control message: AUTH_FAILED,Data channel cipher negotiation failed (no shared cipher)
Jul 19 11:47:20 [nm-openvpn] SIGUSR1[soft,auth-failure] received, process restarting

I have the latest packages installed:

[ebuild   R    ] net-vpn/openvpn-2.6.4::gentoo  USE="lz4 lzo openssl pam plugins -dco -down-root -examples -inotify -iproute2 -mbedtls -pkcs11 (-selinux) -systemd -test" 0 KiB
[ebuild   R    ] net-vpn/networkmanager-openvpn-1.10.2-r1::gentoo  USE="gtk -test" 0 KiB

(I am using openssl-1.1* for now due to other problems)

I checked the patch gets applied when building net-vpn/networkmanager-openvpn
Downgrading to net-vpn/openvpn-2.5* prevents the problem for me.
I will try to research this problem later today.
Hopefully someone finds this useful.

Comment 4 Larry the Git Cow 2023-11-14 17:29:40 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=630de2aacf3afee6021cc99d9652ae61cfbd0046

commit 630de2aacf3afee6021cc99d9652ae61cfbd0046
Author:     Patrick McLean <chutzpah@gentoo.org>
AuthorDate: 2023-11-14 17:29:19 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2023-11-14 17:29:36 +0000

    net-vpn/openvpn: add 2.6.7
    
    Closes: https://bugs.gentoo.org/909376
    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

 net-vpn/openvpn/Manifest             |   1 +
 net-vpn/openvpn/openvpn-2.6.7.ebuild | 199 +++++++++++++++++++++++++++++++++++
 2 files changed, 200 insertions(+)