Public bug reported:
Hi,
if i try to connect to my openvpn 2.4 server i got this error on
serverside:
Feb 14 18:42:22 fenrir openvpn[58665]: tls-crypt unwrap error: packet too short
Feb 14 18:42:22 fenrir openvpn[58665]: TLS Error: tls-crypt unwrapping failed
from [AF_INET6]::ffff:91.33.41.15:51754 (via ::ffff:192.168.2.2%igb0)
my server conf:
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
multihome
engine cryptodev
tls-server
server 10.4.0.0 255.255.0.0
client-config-dir /var/etc/openvpn-csc/server1
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user ZmVucmly false
server1 1194" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'domain.local' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.4096
tls-crypt /var/etc/openvpn/server1.tls-crypt
ncp-ciphers AES-256-CBC
persist-remote-ip
float
topology subnet
my client config:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote tuxist.ddns.net 1194 udp
verify-x509-name "domain.local" name
auth-user-pass
remote-cert-tls server
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: network-manager 1.8.4-1ubuntu4
ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13
Uname: Linux 4.13.0-32-generic x86_64
NonfreeKernelModules: nvidia_uvm nvidia
ApportVersion: 2.20.8-0ubuntu8
Architecture: amd64
CurrentDesktop: KDE
Date: Wed Feb 14 18:46:29 2018
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
InstallationDate: Installed on 2016-08-13 (550 days ago)
InstallationMedia: Kubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
IpRoute:
default via 10.3.0.1 dev wlp3s0 proto static metric 600
10.3.0.0/16 dev wlp3s0 proto kernel scope link src 10.3.141.174 metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000
NetworkManager.state:
[main]
NetworkingEnabled=true
WirelessEnabled=true
WWANEnabled=false
SourcePackage: network-manager
UpgradeStatus: Upgraded to bionic on 2018-02-12 (1 days ago)
nmcli-dev:
DEVICE TYPE STATE DBUS-PATH
CONNECTION CON-UUID CON-PATH
wlp3s0 wifi connected /org/freedesktop/NetworkManager/Devices/3
gameofgods 404f7dfd-a05c-4271-9a7f-6e18bc31e0cf
/org/freedesktop/NetworkManager/ActiveConnection/2
eno1 ethernet unavailable /org/freedesktop/NetworkManager/Devices/2 --
-- --
lo loopback unmanaged /org/freedesktop/NetworkManager/Devices/1 --
-- --
nmcli-nm:
RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW WIFI
WWAN-HW WWAN
running 1.8.4 connected started full enabled enabled
enabled enabled disabled
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1749562
Title:
openvpn tls-crypt not working
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1749562/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
