Package: openvpn Version: 2.3.2-9 Severity: important Dear Maintainer,
When trying to use OpenVPN in CLI mode, I usually need to provide the
password to unlock my user certificate.
OpenVPN normally asks me for it when initialized:
-- 8< --
Tue May 6 22:36:20 2014 us=600190 OpenVPN 2.3.2 x86_64-pc-linux-gnu
[SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on
Mar 17 2014
Enter Private Key Password:
-- 8< --
But since the 2.3.2 update, trying to start OpenVPN gives this instead:
-- 8< --
Tue May 6 22:30:37 2014 us=712490 OpenVPN 2.3.2 x86_64-pc-linux-gnu
[SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on
Mar 17 2014
Tue May 6 22:30:37 2014 us=713476 ERROR: could not not read Private Key
password from stdin
Tue May 6 22:30:37 2014 us=713512 Exiting due to fatal error
-- 8< --
After a little strace session, I got a clue about what was wrong using
strace:
-- 8< --
lstat("/sys/fs/cgroup", {st_mode=S_IFDIR|0755, st_size=60, ...}) = 0
lstat("/sys/fs/cgroup/systemd", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
-- 8< --
It seems that due to a change in OpenVPN code, it now tries to detect if
systemd is installed and if yes (/sys/fs/cgroup/systemd is here), it
tries to use /bin/systemd-ask-password to ask for a passphrase.
See https://bugs.archlinux.org/task/33588 for details
I don't have systemd installed (I still use sysvinit), but still,
/sys/fs/cgroup/systemd is mounted on my machine. (Due to systemd-logind
maybe ?), thus breaking my OpenVPN installation.
Also, umounting /sys/fs/cgroup/systemd restores the previous behavior,
which is to ask for the password on stdin.
A fix seems to exist upstream, but has not been committed yet:
https://community.openvpn.net/openvpn/ticket/274
Is it possible to apply it on Debian's package so we prevent situations
like this?
Thanks in advance!
-- System Information:
Debian Release: jessie/sid
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openvpn depends on:
ii debconf [debconf-2.0] 1.5.53
ii initscripts 2.88dsf-53
ii iproute2 3.14.0-1
ii libc6 2.18-5
ii liblzo2-2 2.06-1.2
ii libpam0g 1.1.8-3
ii libpkcs11-helper1 1.11-1
ii libssl1.0.0 1.0.1g-3
Versions of packages openvpn recommends:
ii easy-rsa 2.2.2-1
Versions of packages openvpn suggests:
ii openssl 1.0.1g-3
pn resolvconf <none>
-- debconf information:
openvpn/create_tun: false
--
------------------------------------------------------------------------
*Matthieu CERDA*
/System / Network Engineer/
Normation <http://www.normation.com>
------------------------------------------------------------------------
*87, Rue de Turbigo, 75003 Paris, France*
Phone: +33 (0)1 84 16 06 01
------------------------------------------------------------------------
signature.asc
Description: OpenPGP digital signature
