** Also affects: openvpn (Ubuntu Intrepid)
Importance: Undecided
Status: New
** Changed in: openvpn (Ubuntu Intrepid)
Status: New = Fix Released
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
https://bugs.launchpad.net/bugs/230208
You received
** Also affects: openvpn (Ubuntu Intrepid)
Importance: Undecided
Status: New
** Changed in: openvpn (Ubuntu Intrepid)
Status: New = Fix Released
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
https://bugs.launchpad.net/bugs/230208
You received
2008-05-15 05:59:28 INFOFROM: Primary Archive for Ubuntu: hardy-UPDATES
2008-05-15 05:59:28 INFOTO: Primary Archive for Ubuntu: intrepid-RELEASE
2008-05-15 05:59:28 INFOCopy candidates:
2008-05-15 05:59:28 INFOopenvpn 2.1~rc7-1ubuntu3.2 in hardy
2008-05-15 05:59:28 INFO
Thanks! This fix work for me!
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
https://bugs.launchpad.net/bugs/230208
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
I had the same issue, and can now confirm that it works with this fix.
Thanks!
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
https://bugs.launchpad.net/bugs/230208
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
For the record, the current version works correctly with TLS. I tested
both static ifconfig and client/server mode.
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
https://bugs.launchpad.net/bugs/230208
You received this bug notification because you are a member of
Could you please attach your configuration file? I tried this with PSKs,
and it works for me as well:
-rw--- 1 martin martin 636 2008-05-14 12:00 key
(not accessible to nobody/nogroup)
- vpn-tick-psk.conf -
remote tick.local
dev tun
ifconfig 10.99.0.1 10.99.0.2
user nobody
Oh, from the log it rather seems you use SSL certificates and TLS, not
pre-shared keys? So /etc/openvpn/secret.key is an SSL secret key, not a
pre-shared one?
That's the configuration I tested first (server, multi-client, TLS), and
it worked for me as well. I'll try some further variations until
Downgrading severity a bit, since it does not affect all systems.
** Changed in: openvpn (Ubuntu)
Importance: Critical = High
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
https://bugs.launchpad.net/bugs/230208
You received this bug notification because you
** Visibility changed to: Public
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
https://bugs.launchpad.net/bugs/230208
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Changed in: openvpn (Ubuntu)
Importance: Undecided = Critical
Assignee: (unassigned) = Martin Pitt (pitti)
Status: New = In Progress
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
https://bugs.launchpad.net/bugs/230208
You received this bug
Ah, I can reproduce it now with
---
dev tun
server 10.99.0.0 255.255.255.0
user nobody
group nogroup
dh /usr/share/doc/openvpn/examples/sample-keys/dh1024.pem
ca /etc/ssl/certs/piware-ca.pem
cert /etc/ssl/certs/piware-desktop.pem
key /etc/ssl/private/piware-desktop.pem
This patch fixes this bug. I tested it with all possible modes (PSK, TLS
with static IPs, TLS with client/server mode). They all
* produce a working VPN with a valid key
* check the secret key on startup
* fail on startup if the key is invalid (using
Now do the same check for the static case, too. Not actually required,
but in the spirit of defensiveness.
** Attachment added: updated debdiff
http://launchpadlibrarian.net/14512317/openvpn.230208.debdiff
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
Yes I use SSL certificates... Sorry for not writing back, was at
lunch... Thanks!
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
https://bugs.launchpad.net/bugs/230208
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Update for hardy uploaded.
** Changed in: openvpn (Ubuntu Hardy)
Importance: Undecided = High
Assignee: (unassigned) = Martin Pitt (pitti)
Status: New = Fix Committed
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
Feisty and Gutsy updates prepared, tested, uploaded.
** Changed in: openvpn (Ubuntu Gutsy)
Status: New = Fix Committed
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
https://bugs.launchpad.net/bugs/230208
You received this bug notification because you are a
I will copy hardy-security over to hardy-updates and intrepid once it is
published.
** Changed in: openvpn (Ubuntu Feisty)
Status: New = Fix Committed
** Changed in: openvpn (Ubuntu)
Status: In Progress = Fix Committed
--
OpenVPN doesn't start after USN-612-3: New key is accused
** Changed in: openvpn (Ubuntu Feisty)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
** Changed in: openvpn (Ubuntu Feisty)
Assignee: Jamie Strandboge (jdstrand) = (unassigned)
--
OpenVPN doesn't start after USN-612-3: New key is accused to be vulnerable
This bug was fixed in the package openvpn - 2.1~rc7-1ubuntu3.2
---
openvpn (2.1~rc7-1ubuntu3.2) hardy-security; urgency=low
* init.c: Do not attempt to verify the key file with openvpn-vulnkey if it
is not accessible (any more). This happens when using the 'user', 'group',
This bug was fixed in the package openvpn - 2.0.9-8ubuntu0.2
---
openvpn (2.0.9-8ubuntu0.2) gutsy-security; urgency=low
* init.c: Do not attempt to verify the key file with openvpn-vulnkey if it
is not accessible (any more). This happens when using the 'user', 'group',
or
This bug was fixed in the package openvpn - 2.0.9-5ubuntu0.2
---
openvpn (2.0.9-5ubuntu0.2) feisty-security; urgency=low
* init.c: Do not attempt to verify the key file with openvpn-vulnkey if it
is not accessible (any more). This happens when using the 'user', 'group',
or
22 matches
Mail list logo