[Touch-packages] [Bug 1752417] Re: Out of the box, Ubuntu Bionic offers only insecure VPN option
Thank you for filing this bug. I agree that it's worth asking the desktop team to consider the default set of VPN plugins available by default from time to time. > In fact, most major desktop OSes have removed PPTP altogether because it's insecure... I'm commenting because I'd like to point out that I don't think this is a reasonable justification. Ubuntu is *user focused*. Users don't usually have the option of choosing their VPN technology since the server end is normally configured by someone else. Ideally I think Ubuntu should make sure that the majority of users can connect most easily to the VPN they already have. We should keep Ubuntu useful to the majority of Ubuntu users by default. This should be our primary motivator for any decision. A secondary effect is that those in control of choosing VPN technologies might be influenced by the availability of clients in Ubuntu as default. It might be reasonable for us to change what we ship by default based on this effect, but it should only be secondary to the primary cause of shipping something useful to users. Inconveniencing users by removing the availability of a component by default because we think they should be using something different is not something I think is appropriate for the Ubuntu project. I don't think it's appropriate for us to be hostile to our users in this manner. Ubuntu has traditionally done the exact opposite - for example by taking the pragmatic stance in making available non-free codecs and drivers instead of deliberately making it difficult for users who have already made non-free hardware and codec choices such as some other distributions. If PPTP support is removed by default for policy (rather than technical or maintenance) reasons, I think it be done on the basis that Ubuntu VPN users don't need and won't miss PPTP support and not just because we think that the users are doing it wrong. I have no objection to bringing in other plugins for default (eg. openvpn sounds like a great idea) but of course that is subject to a team being prepared to commit the time to maintain that. (I'm just an unconnected Ubuntu developer and have no say in any final decision) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1752417 Title: Out of the box, Ubuntu Bionic offers only insecure VPN option Status in network-manager package in Ubuntu: Triaged Status in network-manager-openvpn package in Ubuntu: New Status in ubuntu-meta package in Ubuntu: New Bug description: network-manager lists only PPTP as an available VPN client connection type (and also offers to import a file). I'd expect L2TP-over-IPSec and IKEv1/IKEv2 options as well. In fact, most major desktop OSes have removed PPTP altogether because it's insecure, and Ubuntu should probably do so in 18.04 as well, at least from the GUI! $ apt list network-manager Llistant… Fet network-manager/bionic,now 1.10.4-1ubuntu2 amd64 [instal·lat] $ uname -a Linux machinename 4.15.0-10-generic #11-Ubuntu SMP Tue Feb 13 18:23:35 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 Codename: bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1752417/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752417] Re: Out of the box, Ubuntu Bionic offers only insecure VPN option
Desktop team, what do you think, can we add network-manager-openvpn- gnome to the seeds to give users a tolerable VPN choice? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1752417 Title: Out of the box, Ubuntu Bionic offers only insecure VPN option Status in network-manager package in Ubuntu: Triaged Status in network-manager-openvpn package in Ubuntu: New Status in ubuntu-meta package in Ubuntu: New Bug description: network-manager lists only PPTP as an available VPN client connection type (and also offers to import a file). I'd expect L2TP-over-IPSec and IKEv1/IKEv2 options as well. In fact, most major desktop OSes have removed PPTP altogether because it's insecure, and Ubuntu should probably do so in 18.04 as well, at least from the GUI! $ apt list network-manager Llistant… Fet network-manager/bionic,now 1.10.4-1ubuntu2 amd64 [instal·lat] $ uname -a Linux machinename 4.15.0-10-generic #11-Ubuntu SMP Tue Feb 13 18:23:35 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 Codename: bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1752417/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752417] Re: Out of the box, Ubuntu Bionic offers only insecure VPN option
** Also affects: network-manager-openvpn (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1752417 Title: Out of the box, Ubuntu Bionic offers only insecure VPN option Status in network-manager package in Ubuntu: Triaged Status in network-manager-openvpn package in Ubuntu: New Status in ubuntu-meta package in Ubuntu: New Bug description: network-manager lists only PPTP as an available VPN client connection type (and also offers to import a file). I'd expect L2TP-over-IPSec and IKEv1/IKEv2 options as well. In fact, most major desktop OSes have removed PPTP altogether because it's insecure, and Ubuntu should probably do so in 18.04 as well, at least from the GUI! $ apt list network-manager Llistant… Fet network-manager/bionic,now 1.10.4-1ubuntu2 amd64 [instal·lat] $ uname -a Linux machinename 4.15.0-10-generic #11-Ubuntu SMP Tue Feb 13 18:23:35 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 Codename: bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1752417/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752417] Re: Out of the box, Ubuntu Bionic offers only insecure VPN option
Private Internet Access is a bit of a Trojan horse, but I'm glad you agree the suite of VPN types supported out of the box desperately needs to be brought up to date. ovpn is great, but if we're going to do that, let's also get L2TP, IKEv1, and IKEv2 added -- and PPTP either removed or saddled with a big warning about it being insecure and deprecated. (For example, network- manager-strongswan has a very short list of dependencies that aren't already in the image, so adding it won't inflate the image much.) Thanks for taking this seriously! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1752417 Title: Out of the box, Ubuntu Bionic offers only insecure VPN option Status in network-manager package in Ubuntu: Triaged Status in ubuntu-meta package in Ubuntu: New Bug description: network-manager lists only PPTP as an available VPN client connection type (and also offers to import a file). I'd expect L2TP-over-IPSec and IKEv1/IKEv2 options as well. In fact, most major desktop OSes have removed PPTP altogether because it's insecure, and Ubuntu should probably do so in 18.04 as well, at least from the GUI! $ apt list network-manager Llistant… Fet network-manager/bionic,now 1.10.4-1ubuntu2 amd64 [instal·lat] $ uname -a Linux machinename 4.15.0-10-generic #11-Ubuntu SMP Tue Feb 13 18:23:35 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 Codename: bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1752417/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752417] Re: Out of the box, Ubuntu Bionic offers only insecure VPN option
** Also affects: ubuntu-meta (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1752417 Title: Out of the box, Ubuntu Bionic offers only insecure VPN option Status in network-manager package in Ubuntu: Triaged Status in ubuntu-meta package in Ubuntu: New Bug description: network-manager lists only PPTP as an available VPN client connection type (and also offers to import a file). I'd expect L2TP-over-IPSec and IKEv1/IKEv2 options as well. In fact, most major desktop OSes have removed PPTP altogether because it's insecure, and Ubuntu should probably do so in 18.04 as well, at least from the GUI! $ apt list network-manager Llistant… Fet network-manager/bionic,now 1.10.4-1ubuntu2 amd64 [instal·lat] $ uname -a Linux machinename 4.15.0-10-generic #11-Ubuntu SMP Tue Feb 13 18:23:35 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 Codename: bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1752417/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752417] Re: Out of the box, Ubuntu Bionic offers only insecure VPN option
It looks like this seed is affected by virtue of including only network- manager-pptp-gnome: http://people.canonical.com/~ubuntu-archive/seeds/ubuntu.bionic/desktop -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1752417 Title: Out of the box, Ubuntu Bionic offers only insecure VPN option Status in network-manager package in Ubuntu: Triaged Bug description: network-manager lists only PPTP as an available VPN client connection type (and also offers to import a file). I'd expect L2TP-over-IPSec and IKEv1/IKEv2 options as well. In fact, most major desktop OSes have removed PPTP altogether because it's insecure, and Ubuntu should probably do so in 18.04 as well, at least from the GUI! $ apt list network-manager Llistant… Fet network-manager/bionic,now 1.10.4-1ubuntu2 amd64 [instal·lat] $ uname -a Linux machinename 4.15.0-10-generic #11-Ubuntu SMP Tue Feb 13 18:23:35 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 Codename: bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1752417/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752417] Re: Out of the box, Ubuntu Bionic offers only insecure VPN option
I'd concur and suggest that as so many people use openvpn for 'Private Internet Access' that would be a far more appropriate out-of-the-box VPN add-on to ship. That obviously has implications because it would require adding openvpn to the seed. PPTP is, I think, a hold over from the dial-up ISP days. I think it is also used by some cellular modem type connections but have not seen such in a long time. Mine are all CDC-Ethernet devices. ** Changed in: network-manager (Ubuntu) Importance: Undecided => Medium ** Changed in: network-manager (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1752417 Title: Out of the box, Ubuntu Bionic offers only insecure VPN option Status in network-manager package in Ubuntu: Triaged Bug description: network-manager lists only PPTP as an available VPN client connection type (and also offers to import a file). I'd expect L2TP-over-IPSec and IKEv1/IKEv2 options as well. In fact, most major desktop OSes have removed PPTP altogether because it's insecure, and Ubuntu should probably do so in 18.04 as well, at least from the GUI! $ apt list network-manager Llistant… Fet network-manager/bionic,now 1.10.4-1ubuntu2 amd64 [instal·lat] $ uname -a Linux machinename 4.15.0-10-generic #11-Ubuntu SMP Tue Feb 13 18:23:35 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 Codename: bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1752417/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752417] Re: Out of the box, Ubuntu Bionic offers only insecure VPN option
@seth-arnold: This bug was filed against 18.04 prerelease. The only option provided to me by Bionic is PPTP, which is insecure and its use is dangerous. - At the minimum, L2TP-over-IPsec, IKEv1, and IKEv2 should be supported by default without installation of any other packages. These are modern and robust technologies. - PPTP should not be offered by default; if the user must use it, they should have to install an additional package (or, at the very least, be presented with a warning). The insecurity of PPTP has been known since 1998. Further information justifying the complete removal of PPTP support from Ubuntu Bionic: - https://www.schneier.com/academic/pptp/ - https://en.wikipedia.org/wiki/Point-to- Point_Tunneling_Protocol#Security - https://derflounder.wordpress.com/2016/06/25/pptp-vpns-no-longer- supported-by-apples-built-in-vpn-client-on-macos-sierra-and-ios-10/ - https://support.apple.com/en-us/HT206844 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1752417 Title: Out of the box, Ubuntu Bionic offers only insecure VPN option Status in network-manager package in Ubuntu: Confirmed Bug description: network-manager lists only PPTP as an available VPN client connection type (and also offers to import a file). I'd expect L2TP-over-IPSec and IKEv1/IKEv2 options as well. In fact, most major desktop OSes have removed PPTP altogether because it's insecure, and Ubuntu should probably do so in 18.04 as well, at least from the GUI! $ apt list network-manager Llistant… Fet network-manager/bionic,now 1.10.4-1ubuntu2 amd64 [instal·lat] $ uname -a Linux machinename 4.15.0-10-generic #11-Ubuntu SMP Tue Feb 13 18:23:35 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 Codename: bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1752417/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752417] Re: Out of the box, Ubuntu Bionic offers only insecure VPN option
** Summary changed: - Ubuntu Bionic offers only insecure VPN out of the box + Out of the box, Ubuntu Bionic offers only insecure VPN option -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1752417 Title: Out of the box, Ubuntu Bionic offers only insecure VPN option Status in network-manager package in Ubuntu: Confirmed Bug description: network-manager lists only PPTP as an available VPN client connection type (and also offers to import a file). I'd expect L2TP-over-IPSec and IKEv1/IKEv2 options as well. In fact, most major desktop OSes have removed PPTP altogether because it's insecure, and Ubuntu should probably do so in 18.04 as well, at least from the GUI! $ apt list network-manager Llistant… Fet network-manager/bionic,now 1.10.4-1ubuntu2 amd64 [instal·lat] $ uname -a Linux machinename 4.15.0-10-generic #11-Ubuntu SMP Tue Feb 13 18:23:35 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 Codename: bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1752417/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp