[Bug 1661098] Re: auth_failed when attempting openvpn via networkmanager

[Bug Watch Updater]

** Changed in: network-manager-openvpn
   Status: Unknown => Confirmed

** Changed in: network-manager-openvpn
   Importance: Unknown => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1661098

Title:
  auth_failed when attempting openvpn via networkmanager

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager-openvpn/+bug/1661098/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1661098] Re: auth_failed when attempting openvpn via networkmanager

[Forest]

NetworkManager 1.2.4
NetworkManager-openvpn 1.2.6 and 1.2.8 (same problem in both)

$ nmcli --version
nmcli tool, version 1.2.4

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 16.10
Release:16.10
Codename:   yakkety

$ openvpn --version
OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] 
[IPv6] built on Jun 22 2016
library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. 
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes 
enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no 
enable_dlopen=unknown enable_dlopen_self=unknown 
enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes 
enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes 
enable_lzo=yes enable_lzo_stub=no enable_maintainer_mode=no 
enable_management=yes enable_multi=yes enable_multihome=yes 
enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes 
enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes 
enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes 
enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no 
enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes 
enable_strict=no enable_strict_options=no enable_systemd=yes 
enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix 
with_crypto_library=openssl with_gnu_ld=yes wit
 h_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_sysroot=no

$ tail -f /var/log/syslog
Feb  2 23:49:01 computer NetworkManager[1329]:   [1486108141.0702] audit: 
op="connection-activate" uuid="----" 
name="example" pid=3136 uid=1000 result="success"
Feb  2 23:49:01 computer NetworkManager[1329]:   [1486108141.0741] 
vpn-connection[0x557d295f73c0,----,"example",0]:
 Started the VPN service, PID 5074
Feb  2 23:49:01 computer NetworkManager[1329]:   [1486108141.0828] 
vpn-connection[0x557d295f73c0,----,"example",0]:
 Saw the service appear; activating connection
Feb  2 23:49:01 computer nm-openvpn[5081]: OpenVPN 2.3.11 x86_64-pc-linux-gnu 
[SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2016
Feb  2 23:49:01 computer nm-openvpn[5081]: library versions: OpenSSL 1.0.2g  1 
Mar 2016, LZO 2.08
Feb  2 23:49:01 computer NetworkManager[1329]: nm-openvpn[5074]   
openvpn[5081] started
Feb  2 23:49:01 computer NetworkManager[1329]:   [1486108141.1490] 
vpn-connection[0x557d295f73c0,----,"example",0]:
 VPN plugin: state changed: starting (3)
Feb  2 23:49:01 computer NetworkManager[1329]:   [1486108141.1491] 
vpn-connection[0x557d295f73c0,----,"example",0]:
 VPN connection: (ConnectInteractive) reply received
Feb  2 23:49:01 computer nm-openvpn[5081]: NOTE: the current --script-security 
setting may allow this configuration to call user-defined scripts
Feb  2 23:49:01 computer nm-openvpn[5081]: Control Channel Authentication: 
using '/home/ubuntu/vpn/ovpn.example.net/networkmanager/example.ovpn.tls-auth' 
as a OpenVPN static key file
Feb  2 23:49:01 computer nm-openvpn[5081]: NOTE: chroot will be delayed because 
of --client, --pull, or --up-delay
Feb  2 23:49:01 computer nm-openvpn[5081]: NOTE: UID/GID downgrade will be 
delayed because of --client, --pull, or --up-delay
Feb  2 23:49:01 computer nm-openvpn[5081]: UDPv4 link local: [undef]
Feb  2 23:49:01 computer nm-openvpn[5081]: UDPv4 link remote: 
[AF_INET]10.10.10.10:1194
Feb  2 23:49:01 computer nm-openvpn[5081]: WARNING: 'link-mtu' is used 
inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Feb  2 23:49:01 computer nm-openvpn[5081]: WARNING: 'comp-lzo' is present in 
remote config but missing in local config, remote='comp-lzo'
Feb  2 23:49:01 computer nm-openvpn[5081]: [OpenVPN Server] Peer Connection 
Initiated with [AF_INET]10.10.10.10:1194
Feb  2 23:49:04 computer nm-openvpn[5081]: AUTH: Received control message: 
AUTH_FAILED
Feb  2 23:49:04 computer nm-openvpn[5081]: SIGUSR1[soft,auth-failure] received, 
process restarting
Feb  2 23:49:04 computer NetworkManager[1329]: nm-openvpn[5074]   
Password verification failed
Feb  2 23:49:06 computer NetworkManager[1329]:   [1486108146.0884] 
vpn-connection[0x557d295f73c0,----,"example",0]:
 VPN plugin: requested secrets; state connect (4)
Feb  2 23:49:06 computer nm-openvpn[5081]: NOTE: the current --script-security 
setting may allow this configuration to call user-defined scripts
Feb  2 23:49:06 computer nm-openvpn[5081]: UDPv4 link local: [undef]
Feb  2 23:49:06 computer nm-openvpn[5081]: UDPv4 link remote: 
[AF_INET]10.10.10.10:1194
Feb  2 23:49:06 computer nm-openvpn[5081]: WARNING: 'link-mtu' is used 
inconsistently, local='link-mtu 1557', remote='link-mt