[Bug 1746245] [NEW] .ovpn file "cipher" does not work if it is lowercase

[Gleb Mazovetskiy]

Public bug reported:

Network Manager Import VPN configuration does not work correctly if a
file contains a lowercase cipher.

Worst is, the import appears to work (no errors). The connection fails
with "Invalid HMAC signature" and no other errors.

I only figured out what the problem was by going to the advanced
settings and opening the cipher dropdown.

Perhaps the easiest fix to this would be to convert the "cipher" value
to upper case when importing.

Using the `openvpn` command directly does work with lowercase "cipher"
value, it's only when importing it via the Network Manager where there
is a problem.

Example .ovpn file contents (the lowercase cipher value here is
"aes-128-cbc"):

client
dev tun
proto udp
remote austria.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ

** Affects: network-manager (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: vpn

** Description changed:

  Network Manager Import VPN configuration does not work correctly if a
  file contains a lowercase cipher.
  
  Worst is, the import appears to work (no errors). The connection fails
  with "Invalid HMAC signature" and no other errors.
  
  I only figured out what the problem was by going to the advanced
  settings and opening the cipher dropdown.
  
  Perhaps the easiest fix to this would be to convert the "cipher" value
  to upper case when importing.
  
- Example .ovpn file contents:
+ Using the `openvpn` command directly does work with lowercase "cipher"
+ value, it's only when importing it via the Network Manager where there
+ is a problem.
+ 
+ Example .ovpn file contents (the lowercase cipher value here is
+ "aes-128-cbc"):
  
  client
  dev tun
  proto udp
  remote austria.privateinternetaccess.com 1198
  resolv-retry infinite
  nobind
  persist-key
  persist-tun
  cipher aes-128-cbc
  auth sha1
  tls-client
  remote-cert-tls server
  auth-user-pass
  comp-lzo
  verb 1
  reneg-sec 0
  crl-verify crl.rsa.2048.pem
  ca ca.rsa.2048.crt
  disable-occ

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1746245

Title:
  .ovpn file "cipher" does not work if it is lowercase

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1746245/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs