Ubuntu
network-manager package

network-manager openvpn settings not being saved

Bug #1797236 reported by Mathieu Trudel-Lapierre
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Invalid
High
Unassigned
network-manager-openvpn (Ubuntu)
Fix Released
High
Unassigned

Bug Description

I'm seeing some weird issue with the new NM + openvpn; if I create a new VPN connection, and add certificate options (verify name exactly, plus TLS auth), these options are not saved, leading to the connection failing.

The following versions lead to an invalid connection:
ii network-manager 1.12.4-1ubuntu1 amd64 network management framework (daemon and userspace tools)
ii network-manager-openvpn 1.8.6-1 amd64 network management framework (OpenVPN plugin core)

Reverting to the following versions, things work again:
ii network-manager 1.12.2-0ubuntu4 amd64 network management framework (daemon and userspace tools)
ii network-manager-openvpn 1.8.4-1 amd64 network management framework (OpenVPN plugin core)

If I use an existing connection saved with a prior version of NM, the connection will be successful. If I go open the settings, hit Apply, all advanced TLS settings are wiped.

The connection then fails:

Oct 10 16:58:52 demeter nm-openvpn[6538]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 10 16:58:52 demeter nm-openvpn[6538]: TCP/UDP: Preserving recently used remote address: [AF_INET]91.189.91.19:443
Oct 10 16:58:52 demeter nm-openvpn[6538]: Attempting to establish TCP connection with [AF_INET]91.189.91.19:443 [nonblock]
Oct 10 16:58:53 demeter nm-openvpn[6538]: TCP connection established with [AF_INET]91.189.91.19:443
Oct 10 16:58:53 demeter nm-openvpn[6538]: TCP_CLIENT link local: (not bound)
Oct 10 16:58:53 demeter nm-openvpn[6538]: TCP_CLIENT link remote: [AF_INET]xx.xx.xx.xx:443
Oct 10 16:58:53 demeter nm-openvpn[6538]: Connection reset, restarting [0]
Oct 10 16:58:53 demeter nm-openvpn[6538]: SIGUSR1[soft,connection-reset] received, process restarting
Oct 10 16:58:58 demeter nm-openvpn[6538]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 10 16:58:58 demeter nm-openvpn[6538]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 10 16:58:58 demeter nm-openvpn[6538]: TCP/UDP: Preserving recently used remote address: [AF_INET6]2001:67c:1562:0:1::1:443
Oct 10 16:58:58 demeter nm-openvpn[6538]: Attempting to establish TCP connection with [AF_INET6]2001:67c:1562:0:1::1:443 [nonblock]
Oct 10 16:58:59 demeter nm-openvpn[6538]: TCP: connect to [AF_INET6]xxxx:xxx:xx:xx::xx:443 failed: Network is unreachable
Oct 10 16:58:59 demeter nm-openvpn[6538]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Oct 10 16:59:04 demeter nm-openvpn[6538]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

I'm unsure whether this is NM or n-m-openvpn. Looks more like NM, since downgrading n-m-openvpn alone didn't seem to change anything.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Hey Laney, Mathieu said you add an upstream bug/patch that works for you so assigning according

Changed in network-manager-openvpn (Ubuntu):
assignee: nobody → Iain Lane (laney)
importance: Undecided → High
Changed in network-manager (Ubuntu):
importance: Undecided → High
Revision history for this message
Iain Lane (laney) wrote :

I don't agree that I should be assigned to this bug. I simply tried a patch, but it didn't work for the person that initially reported the bug.

cyphermox, would you please try to debug further to see what your problem is? I'll help upload once we have a proper fix, if you like.

Changed in network-manager-openvpn (Ubuntu):
assignee: Iain Lane (laney) → nobody
Revision history for this message
Iain Lane (laney) wrote :

Actually, I can reproduce the fix in a live session so I'll just upload what we have.

Here's a screencast showing what I did - let me know if I'm not reproducing the same bug.

Revision history for this message
Iain Lane (laney) wrote :

It's been accepted, should make its way to cosmic soon.

Changed in network-manager (Ubuntu):
status: New → Invalid
Changed in network-manager-openvpn (Ubuntu):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager-openvpn - 1.8.6-1ubuntu1

---------------
network-manager-openvpn (1.8.6-1ubuntu1) cosmic; urgency=medium

  * debian/patches/editor-fix-memory-corruption-when-creating-advanced-.patch:
    Cherry-pick from upstream. Fix a missing unref when constructing the
    "advanced" dialog of the VPN connection editor. (LP: #1797236)

 -- Iain Lane <email address hidden> Thu, 11 Oct 2018 16:40:07 +0100

Changed in network-manager-openvpn (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.