Imported OpenVPN connection fails when launched
Closed, ResolvedPublic

Description

Steps to reproduce:

  • Install OpenVPN plugin for NetworkManager (sudo apt install network-manager-openvpn-gnome)
  • Download an OVPN file
  • Open the Network tool
  • Click the "+" button
  • Select "Import from file..."
  • Navigate to OVPN file, select it and click "Open" (an "Add VPN" window will appear)
  • Fill in VPN credentials:
    • Type (Automatic: "Password with certificates")
    • User name
    • Password
    • Certificates and key (Automatic: files imported from OVPN file)
    • Do not fill in "User key password" (not required)
  • Click "Add"
  • Activate VPN connection 1: Activate from GNOME desktop
  • Activate VPN connection 2: Activate with nmcli: sudo nmcli connection up CONNECTION_NAME
  • Activate VPN connection 3: Activate with openvpn: sudo openvpn --config FILENAME.ovpn

What should happen:

  • VPN connection succeeds all three times.

What happens instead:

  • Activate VPN connection 1: Immediately fails. No error message.
  • Activate VPN connection 2: Fails with "Error: Connection activation failed: Unknown reason"
  • Activate VPN connection 3: Succeeds. (correct)

Notes:

  • Since the OpenVPN connection succeeds, we know there isn't a problem with the OVPN file.
  • nmcli --version returns nmcli tool, version 1.10.2 on my up-to-date PureOS installation.

Installed packages:

  • libc6: 2.26-4
  • libglib2.0-0: 2.54.3-2
  • libglib2.0-data: 2.54.3-2
  • libgtk-3-0: 3.22.26-2
  • libnm0: 1.10.2-4
  • libnma0: 1.8.10-2
  • libsecret-1-0: 0.18.5-5
  • libsecret-common: 0.18.5-5
  • network-manager: 1.10.2-4
  • network-manager-openvpn: 1.8.0-2
  • network-manager-openvpn-gnome: 1.8.0-2
  • openvpn: 2.4.4-2

Related issues:

d3vid created this task.Feb 8 2018, 1:25 PM
d3vid added a comment.EditedFeb 8 2018, 1:28 PM

Still looking for an upstream bug reference. https://bugs.archlinux.org/task/55785 suggests that it may be fixed upstream, in which case we need to get the fix into Debian Testing and then PureOS.

This affects Purist OVPN certificates as reported here https://code.puri.sm/purist/services/issues/12

Linked to related issues in description.

d3vid edited the task description. (Show Details)Feb 8 2018, 2:18 PM
d3vid edited the task description. (Show Details)Feb 9 2018, 1:17 PM
d3vid edited the task description. (Show Details)Feb 9 2018, 1:38 PM
mladen triaged this task as "High" priority.
mladen added a subscriber: mladen.
zlatan.todoric raised the priority of this task from "High" to "Unbreak Now!".
zlatan.todoric added subscribers: chris.lamb, mak.

Hi @chris.lamb,
can you fast-track if this fix is in Debian yet and if not package quick fix for PureOS (and also ping Debian maintainers about it). Coordinate with @mak to get this fix in ASAP as it affects our users a lot.

d3vid added a comment.Mar 6 2018, 11:53 AM

Error persists with network-manager 1.10.4-1+b1 (same version of network-manager-openvpn)

d3vid added a comment.Mar 6 2018, 1:30 PM

Updated upstream bug with a debug log.

d3vid added a comment.Mar 8 2018, 11:04 AM

Upstream confirmed this is a duplicate of https://bugzilla.gnome.org/show_bug.cgi?id=788226 which has been resolved (but not released?)

d3vid edited the task description. (Show Details)Mar 8 2018, 11:05 AM

In the meantime, found a better workaround using nmcli (recorded downstream in Purist ticket). Still not suitable for an everyday user.

Can we rebuild this package with this patch applied:

On it...

chris.lamb closed this task as "Resolved".Mar 8 2018, 6:29 PM

This should be fixed in network-manager-openvpn version 1.8.0-2pureos1.

Previous upload rejected, re-uploaded which was accepted.

David Seaward wrote:

I assume this will go (Debian? > ) landing > green. Where can I watch
to get a deb file for testing asap?

*The fix was uploaded directly to pureos; I am not the Debian maintainer of this package.

  • Matthias bumps urgency of the package

Thanks for pushing this through. Updated to network-manager-openvpn v1.8.0-2pureos1 and network-manager-openvpn-gnome v1.8.0-2pureos1. Unfortunately the problem persists. Reporting the details upstream in https://bugzilla.gnome.org/show_bug.cgi?id=788226

d3vid added a comment.Mar 12 2018, 2:44 PM

Apparently v1.8.2 was just released, could @chris.lamb look at packaging and releasing that?

d3vid added a comment.Mar 12 2018, 2:55 PM

Alternatively (from #nm IRC):

davidseaward[m], you probably need https://git.gnome.org/browse/network-manager-openvpn/commit/?id=fcf4b58fe0da5994687469ebb0c6eac3cf083e83 as well

...but the latest stable release (which includes this) probably makes more sense?

d3vid reopened this task as "Open".Mar 12 2018, 2:56 PM

@d3vid Thank you for the update. I'm a little hesitant to package the latest upstream as Debian have not done it yet and we might be introducing *other* problems to our users. I will go ahead and add and push though. Stay tuned.

chris.lamb closed this task as "Resolved".Mar 12 2018, 4:43 PM

Should be resolved in network-manager-openvpn_1.8.0-2pureos2 uploaded with urgency=high.

Confirmed. Thanks!

Add Comment