Your message dated Tue, 13 Dec 2016 23:04:46 +0100
with message-id <89d184b8-8f4f-9bee-2070-674285125...@debian.org>
and subject line Re: [Pkg-utopia-maintainers] Bug#848024: Bug#848024: Fails to
connect after upgrade to openvpn 2.4
has caused the Debian Bug report #848024,
regarding Fails to connect after upgrade to openvpn 2.4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
848024: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848024
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: network-manager-openvpn
Version: 1.2.6-2
Severity: normal
After upgrading to openvpn 2.4~rc1-2, my VPN connection began to fail:
Dec 13 09:49:37 xps13 NetworkManager[738]: Options error: Unrecognized option
or missing or extra parameter(s) in [CMD-LINE]:1: tls-remote (2.4_rc1)
(Options error: Unrecognized option or missing or extra parameter(s) in
[CMD-LINE]:1: tls-remote (2.4_rc1)
I'm working around this by reverting to openvpn 2.3.11-2.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-rc7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages network-manager-openvpn depends on:
ii adduser 3.115
ii libc6 2.24-8
ii libglib2.0-0 2.50.2-2
ii libnm0 1.4.2-3
ii network-manager 1.4.2-3
ii openvpn 2.3.11-2
network-manager-openvpn recommends no packages.
network-manager-openvpn suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Am 13.12.2016 um 18:22 schrieb Michael Biebl:
> I've blocked the two bugs accordingly and forwarded the issue to
> upstream.
This is upstream's response
Thomas Haller:
> I don't think there is anything to do.
>
> nm-openvpn already supports the verify-x509-name option, which should
> be used.
>
>
> The problem is for users who have existing connections with
> tls-remote setting.
>
> For example, when you look at your NetworkManager ovpn connection
> (for example, named "MyOVPN"):
>
> $ nmcli connection show "MyVPN" | grep tls-remote
>
>
> openvpn 2.4 breaks backward compatibility by removing the option.
> There is nothing that nm-openvpn can do about it except requiring
> users to fix their configuration.
>
> E.g. the Gnome plugin of nm-openvpn for nm-connection-editor has a
> "Server Certificate Check" combobox. Affected users have to move away
> from the "Verify subject partially (legacy mode)" setting.
In light of that, I'll close this bug report.
I suggest, openvpn either patches tls-remote support back in (for
stretch) or it adds a NEWS file, telling users to check their VPN
configuration files (including the NetworkManager config) and fix them
up manually.
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
--- End Message ---
