FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 11-05-2008, 06:12 PM
Giorgos Pallas
 
Default network-manager-openvpn: cannot import connection from ovpn file

Package: network-manager-openvpn
Version: 0.7~~svn20081015t024626-0ubuntu1
Severity: normal


I was using successfully openvpn from command line using this config:

=====================================
remote XXX.XXX.XXX.XXX
dev tap0
client

proto udp
port 53

pkcs12 mycert.p12

comp-lzo
verb 3
cipher DESX-CBC

ns-cert-type server
======================================

I'm now trying to make this work from the gui and I fail to see how it must
be adapted. I think that the correct authentication type is 'Certificates
TLS', but then I do not understand what is the difference between 'User
certificate' and 'Private key'. The one is the public and the other is the
private key? I think that it is a bug that the above simple vpn config
cannot be directly imported into the GUI.

I include also below a sample of openvpn connecting using the above config
from the command line:

Wed Nov 5 21:06:21 2008 WARNING: this configuration may cache passwords
in memory -- use the auth-nocache option to prevent this
Wed Nov 5 21:06:21 2008 WARNING: file 'gpall-cert-2008.p12' is group or
others accessible
Wed Nov 5 21:06:21 2008 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus
omitted>
Wed Nov 5 21:06:21 2008 LZO compression initialized
Wed Nov 5 21:06:21 2008 Control Channel MTU parms [ L:1574 D:138 EF:38
EB:0 ET:0 EL:0 ]
Wed Nov 5 21:06:21 2008 Data Channel MTU parms [ L:1574 D:1450 EF:42
EB:135 ET:32 EL:0 AF:3/1 ]
Wed Nov 5 21:06:21 2008 Local Options hash (VER=V4): 'aa93bac8'
Wed Nov 5 21:06:21 2008 Expected Remote Options hash (VER=V4): 'ca4ff25f'
Wed Nov 5 21:06:21 2008 Socket Buffers: R=[112640->131072]
S=[112640->131072]
Wed Nov 5 21:06:21 2008 UDPv4 link local (bound): [undef]:53
Wed Nov 5 21:06:21 2008 UDPv4 link remote: XXX.XXX.XXX.XXX:53
Wed Nov 5 21:06:21 2008 TLS: Initial packet from XXX.XXX.XXX.XXX:53,
sid=c32b61b2 e6a48939
Wed Nov 5 21:06:26 2008 VERIFY OK: depth=2,
/C=GR/O=Aristotle_University_of_Thessaloniki/OU=Central_Communication_Facilities/CN=Root_Certification_Authority_2001
Wed Nov 5 21:06:26 2008 VERIFY OK: depth=1,
/C=GR/O=Aristotle_University_of_Thessaloniki/OU=Network_Operations_Center/CN=AUTH_Servers_Certification_Authority_2007/emailAddress=nocca2007@ccf.auth.gr
Wed Nov 5 21:06:26 2008 VERIFY OK: nsCertType=SERVER
Wed Nov 5 21:06:26 2008 VERIFY OK: depth=0,
/C=GR/O=Aristotle_University_of_Thessaloniki/OU=Network_Operations_Center/CN=argo.ccf.auth.gr/emailAddress=root@ccf.auth.gr
Wed Nov 5 21:06:38 2008 Data Channel Encrypt: Cipher 'DESX-CBC'
initialized with 192 bit key
Wed Nov 5 21:06:38 2008 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Wed Nov 5 21:06:38 2008 Data Channel Decrypt: Cipher 'DESX-CBC'
initialized with 192 bit key
Wed Nov 5 21:06:38 2008 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Wed Nov 5 21:06:38 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov 5 21:06:38 2008 [argo.ccf.auth.gr] Peer Connection Initiated
with XXX.XXX.XXX.XXX:53
Wed Nov 5 21:06:39 2008 SENT CONTROL [argo.ccf.auth.gr]: 'PUSH_REQUEST'
(status=1)
Wed Nov 5 21:06:39 2008 PUSH: Received control message:
'PUSH_REPLY,dhcp-option DNS 155.207.0.31,dhcp-option DNS
194.63.237.4,dhcp-option WINS
155.207.0.31,redirect-gateway,route-gateway XXX.XXX.XXX.XXX0,ping
10,ping-restart 120,ifconfig XXX.XXX.XXX.83 255.255.255.0'
Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: --ifconfig/up options modified
Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: route options modified
Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: route-related options modified
Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Wed Nov 5 21:06:39 2008 WARNING: --remote address [XXX.XXX.XXX.XXX]
conflicts with --ifconfig subnet [XXX.XXX.XXX.83, 255.255.255.0] --
local and remote addresses cannot be inside of the --ifconfig subnet.
(silence this warning with --ifconfig-nowarn)
Wed Nov 5 21:06:39 2008 ROUTE default_gateway=192.168.1.1
Wed Nov 5 21:06:39 2008 TUN/TAP device tap0 opened
Wed Nov 5 21:06:39 2008 TUN/TAP TX queue length set to 100
Wed Nov 5 21:06:39 2008 /sbin/ifconfig tap0 XXX.XXX.XXX.83 netmask
255.255.255.0 mtu 1500 broadcast XXX.XXX.XXX.255
Wed Nov 5 21:06:39 2008 /etc/openvpn/update-resolv-conf tap0 1500 1574
XXX.XXX.XXX.83 255.255.255.0 init
Wed Nov 5 21:06:39 2008 /sbin/route add -net XXX.XXX.XXX.XXX netmask
255.255.255.255 gw 192.168.1.1
Wed Nov 5 21:06:39 2008 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Wed Nov 5 21:06:39 2008 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw
XXX.XXX.XXX.XXX0
Wed Nov 5 21:06:40 2008 Initialization Sequence Completed




-- System Information:
Debian Release: lenny/sid
APT prefers intrepid-updates
APT policy: (500, 'intrepid-updates'), (500, 'intrepid-security'),
(500, 'intrepid-proposed'), (500, 'intrepid')
Architecture: i386 (i686)

Kernel: Linux 2.6.27-7-eeepc (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages network-manager-openvpn depends on:
ii libart- 2.3.20-2 Library of functions for 2D
graphi
ii libatk1 1.24.0-0ubuntu1 The ATK accessibility toolkit
ii libbono 2.24.0-0ubuntu1 Bonobo CORBA interfaces library
ii libbono 2.24.0-0ubuntu1 The Bonobo UI library
ii libc6 2.8~20080505-0ubuntu7 GNU C Library: Shared libraries
ii libcair 1.8.0-0ubuntu1 The Cairo 2D vector
graphics libra
ii libdbus 1.2.4-0ubuntu1 simple interprocess
messaging syst
ii libdbus 0.76-1 simple interprocess
messaging syst
ii libfont 2.6.0-1ubuntu4 generic font configuration
library
ii libfree 2.3.7-2ubuntu1 FreeType 2 font engine,
shared lib
ii libgcon 2.24.0-0ubuntu1 GNOME configuration
database syste
ii libglad 1:2.6.3-0ubuntu1 library to load .glade
files at ru
ii libglib 2.18.2-0ubuntu2 The GLib library of C routines
ii libgnom 2.24.1-0ubuntu1 GObject bindings for PKCS#11
ii libgnom 2.24.1-0ubuntu4 The GNOME 2 library -
runtime file
ii libgnom 2.20.1.1-1ubuntu2 A powerful object-oriented
display
ii libgnom 2.24.0-0ubuntu1 The GNOME 2 libraries (User
Interf
ii libgnom 1:2.24.0-0ubuntu1 GNOME Virtual File System
(runtime
ii libgtk2 2.14.4-0ubuntu1 The GTK+ graphical user
interface
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange
library
ii libnm-g 0.7~~svn20081018t105859-0ubuntu1 network management
framework (GLib
ii libnm-u 0.7~~svn20081018t105859-0ubuntu1 network management
framework (shar
ii liborbi 1:2.14.16-0ubuntu1 libraries for ORBit2 - a
CORBA ORB
ii libpang 1.22.2-0ubuntu1 Layout and rendering of
internatio
ii libpixm 0.12.0-1 pixel-manipulation library
for X a
ii libpng1 1.2.27-1 PNG library - runtime
ii libpopt 1.14-4 lib for parsing cmdline
parameters
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libx11- 2:1.1.5-2ubuntu1 X11 client-side library
ii libxcb- 0.2+git36-1 utility libraries for X C
Binding
ii libxcb- 1.1-1.1 X C Binding, render extension
ii libxcb1 1.1-1.1 X C Binding
ii libxml2 2.6.32.dfsg-4ubuntu1 GNOME XML library
ii libxren 1:0.9.4-2 X Rendering Extension
client libra
ii openvpn 2.1~rc11-1ubuntu2 virtual private network daemon
ii zlib1g 1:1.2.3.3.dfsg-12ubuntu1 compression library - runtime

network-manager-openvpn recommends no packages.

-- no debconf information


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-07-2008, 01:42 PM
Charlie Kravetz
 
Default network-manager-openvpn: cannot import connection from ovpn file

On Wed, 05 Nov 2008 21:12:45 +0200
Giorgos Pallas <gpall@ccf.auth.gr> wrote:

> Package: network-manager-openvpn
> Version: 0.7~~svn20081015t024626-0ubuntu1
> Severity: normal
>
>
> I was using successfully openvpn from command line using this config:
>
> =====================================
> remote XXX.XXX.XXX.XXX
> dev tap0
> client
>
> proto udp
> port 53
>
> pkcs12 mycert.p12
>
> comp-lzo
> verb 3
> cipher DESX-CBC
>
> ns-cert-type server
> ======================================
>
> I'm now trying to make this work from the gui and I fail to see how
> it must be adapted. I think that the correct authentication type is
> 'Certificates TLS', but then I do not understand what is the
> difference between 'User certificate' and 'Private key'. The one is
> the public and the other is the private key? I think that it is a bug
> that the above simple vpn config cannot be directly imported into the
> GUI.
>
> I include also below a sample of openvpn connecting using the above
> config from the command line:
>
> Wed Nov 5 21:06:21 2008 WARNING: this configuration may cache
> passwords in memory -- use the auth-nocache option to prevent this
> Wed Nov 5 21:06:21 2008 WARNING: file 'gpall-cert-2008.p12' is group
> or others accessible
> Wed Nov 5 21:06:21 2008 /usr/bin/openssl-vulnkey -q -b 2048 -m
> <modulus
> omitted>
> Wed Nov 5 21:06:21 2008 LZO compression initialized
> Wed Nov 5 21:06:21 2008 Control Channel MTU parms [ L:1574 D:138
> EF:38 EB:0 ET:0 EL:0 ]
> Wed Nov 5 21:06:21 2008 Data Channel MTU parms [ L:1574 D:1450 EF:42
> EB:135 ET:32 EL:0 AF:3/1 ]
> Wed Nov 5 21:06:21 2008 Local Options hash (VER=V4): 'aa93bac8'
> Wed Nov 5 21:06:21 2008 Expected Remote Options hash (VER=V4):
> 'ca4ff25f' Wed Nov 5 21:06:21 2008 Socket Buffers: R=[112640->131072]
> S=[112640->131072]
> Wed Nov 5 21:06:21 2008 UDPv4 link local (bound): [undef]:53
> Wed Nov 5 21:06:21 2008 UDPv4 link remote: XXX.XXX.XXX.XXX:53
> Wed Nov 5 21:06:21 2008 TLS: Initial packet from XXX.XXX.XXX.XXX:53,
> sid=c32b61b2 e6a48939
> Wed Nov 5 21:06:26 2008 VERIFY OK: depth=2,
> /C=GR/O=Aristotle_University_of_Thessaloniki/OU=Central_Communication_Facilities/CN=Root_Certification_Authority_2001
> Wed Nov 5 21:06:26 2008 VERIFY OK: depth=1,
> /C=GR/O=Aristotle_University_of_Thessaloniki/OU=Network_Operations_Center/CN=AUTH_Servers_Certification_Authority_2007/emailAddress=nocca2007@ccf.auth.gr
> Wed Nov 5 21:06:26 2008 VERIFY OK: nsCertType=SERVER
> Wed Nov 5 21:06:26 2008 VERIFY OK: depth=0,
> /C=GR/O=Aristotle_University_of_Thessaloniki/OU=Network_Operations_Center/CN=argo.ccf.auth.gr/emailAddress=root@ccf.auth.gr
> Wed Nov 5 21:06:38 2008 Data Channel Encrypt: Cipher 'DESX-CBC'
> initialized with 192 bit key
> Wed Nov 5 21:06:38 2008 Data Channel Encrypt: Using 160 bit message
> hash 'SHA1' for HMAC authentication
> Wed Nov 5 21:06:38 2008 Data Channel Decrypt: Cipher 'DESX-CBC'
> initialized with 192 bit key
> Wed Nov 5 21:06:38 2008 Data Channel Decrypt: Using 160 bit message
> hash 'SHA1' for HMAC authentication
> Wed Nov 5 21:06:38 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3
> DHE-RSA-AES256-SHA, 1024 bit RSA
> Wed Nov 5 21:06:38 2008 [argo.ccf.auth.gr] Peer Connection Initiated
> with XXX.XXX.XXX.XXX:53
> Wed Nov 5 21:06:39 2008 SENT CONTROL [argo.ccf.auth.gr]:
> 'PUSH_REQUEST' (status=1)
> Wed Nov 5 21:06:39 2008 PUSH: Received control message:
> 'PUSH_REPLY,dhcp-option DNS 155.207.0.31,dhcp-option DNS
> 194.63.237.4,dhcp-option WINS
> 155.207.0.31,redirect-gateway,route-gateway XXX.XXX.XXX.XXX0,ping
> 10,ping-restart 120,ifconfig XXX.XXX.XXX.83 255.255.255.0'
> Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: timers and/or timeouts
> modified Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: --ifconfig/up
> options modified Wed Nov 5 21:06:39 2008 OPTIONS IMPORT: route
> options modified Wed Nov 5 21:06:39 2008 OPTIONS IMPORT:
> route-related options modified Wed Nov 5 21:06:39 2008 OPTIONS
> IMPORT: --ip-win32 and/or --dhcp-option options modified
> Wed Nov 5 21:06:39 2008 WARNING: --remote address [XXX.XXX.XXX.XXX]
> conflicts with --ifconfig subnet [XXX.XXX.XXX.83, 255.255.255.0] --
> local and remote addresses cannot be inside of the --ifconfig subnet.
> (silence this warning with --ifconfig-nowarn)
> Wed Nov 5 21:06:39 2008 ROUTE default_gateway=192.168.1.1
> Wed Nov 5 21:06:39 2008 TUN/TAP device tap0 opened
> Wed Nov 5 21:06:39 2008 TUN/TAP TX queue length set to 100
> Wed Nov 5 21:06:39 2008 /sbin/ifconfig tap0 XXX.XXX.XXX.83 netmask
> 255.255.255.0 mtu 1500 broadcast XXX.XXX.XXX.255
> Wed Nov 5 21:06:39 2008 /etc/openvpn/update-resolv-conf tap0 1500
> 1574 XXX.XXX.XXX.83 255.255.255.0 init
> Wed Nov 5 21:06:39 2008 /sbin/route add -net XXX.XXX.XXX.XXX netmask
> 255.255.255.255 gw 192.168.1.1
> Wed Nov 5 21:06:39 2008 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
> Wed Nov 5 21:06:39 2008 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0
> gw XXX.XXX.XXX.XXX0
> Wed Nov 5 21:06:40 2008 Initialization Sequence Completed
>
>
>
>
> -- System Information:
> Debian Release: lenny/sid
> APT prefers intrepid-updates
> APT policy: (500, 'intrepid-updates'), (500, 'intrepid-security'),
> (500, 'intrepid-proposed'), (500, 'intrepid')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.27-7-eeepc (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages network-manager-openvpn depends on:
> ii libart- 2.3.20-2 Library of functions for
> 2D graphi
> ii libatk1 1.24.0-0ubuntu1 The ATK accessibility
> toolkit ii libbono 2.24.0-0ubuntu1 Bonobo CORBA
> interfaces library ii libbono 2.24.0-0ubuntu1 The
> Bonobo UI library ii libc6 2.8~20080505-0ubuntu7 GNU C
> Library: Shared libraries ii libcair
> 1.8.0-0ubuntu1 The Cairo 2D vector graphics libra
> ii libdbus 1.2.4-0ubuntu1 simple interprocess
> messaging syst
> ii libdbus 0.76-1 simple interprocess
> messaging syst
> ii libfont 2.6.0-1ubuntu4 generic font
> configuration library
> ii libfree 2.3.7-2ubuntu1 FreeType 2 font engine,
> shared lib
> ii libgcon 2.24.0-0ubuntu1 GNOME configuration
> database syste
> ii libglad 1:2.6.3-0ubuntu1 library to load .glade
> files at ru
> ii libglib 2.18.2-0ubuntu2 The GLib library of C
> routines ii libgnom 2.24.1-0ubuntu1 GObject
> bindings for PKCS#11 ii libgnom 2.24.1-0ubuntu4 The
> GNOME 2 library - runtime file
> ii libgnom 2.20.1.1-1ubuntu2 A powerful
> object-oriented display
> ii libgnom 2.24.0-0ubuntu1 The GNOME 2 libraries
> (User Interf
> ii libgnom 1:2.24.0-0ubuntu1 GNOME Virtual File System
> (runtime
> ii libgtk2 2.14.4-0ubuntu1 The GTK+ graphical user
> interface
> ii libice6 2:1.0.4-1 X11 Inter-Client Exchange
> library
> ii libnm-g 0.7~~svn20081018t105859-0ubuntu1 network management
> framework (GLib
> ii libnm-u 0.7~~svn20081018t105859-0ubuntu1 network management
> framework (shar
> ii liborbi 1:2.14.16-0ubuntu1 libraries for ORBit2 - a
> CORBA ORB
> ii libpang 1.22.2-0ubuntu1 Layout and rendering of
> internatio
> ii libpixm 0.12.0-1 pixel-manipulation
> library for X a
> ii libpng1 1.2.27-1 PNG library - runtime
> ii libpopt 1.14-4 lib for parsing cmdline
> parameters
> ii libsm6 2:1.0.3-2 X11 Session Management
> library ii libx11- 2:1.1.5-2ubuntu1 X11 client-side
> library ii libxcb- 0.2+git36-1 utility
> libraries for X C Binding
> ii libxcb- 1.1-1.1 X C Binding, render
> extension ii libxcb1 1.1-1.1 X C Binding
> ii libxml2 2.6.32.dfsg-4ubuntu1 GNOME XML library
> ii libxren 1:0.9.4-2 X Rendering Extension
> client libra
> ii openvpn 2.1~rc11-1ubuntu2 virtual private network
> daemon ii zlib1g 1:1.2.3.3.dfsg-12ubuntu1 compression
> library - runtime
>
> network-manager-openvpn recommends no packages.
>
> -- no debconf information
>

Can you file this on launchpad? I know the system sent it to the users
mailing list, but it never gets worked if it stays here.

The right place to file bug reports is:
https://bugs.launchpad.net/ubuntu

That will give the developers a chance to see if they can fix it.

Thanks.

--
Charlie Kravetz
Linux Registered User Number 425914 [http://counter.li.org/]
Never let anyone steal your DREAM. [http://keepingdreams.com]

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 04:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org