Bug 760904 – tls-auth blob import

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 760904 - tls-auth blob import


Summary:	tls-auth blob import


Status:	RESOLVED FIXED

Product:	NetworkManager
Classification:	Platform
Component:	VPN: openvpn
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	NetworkManager maintainer(s)
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Duplicates:	739216 (view as bug list)
Depends on:
Blocks:	nm-openvpn-options

Reported:	2016-01-20 20:48 UTC by François Kooman
Modified:	2016-01-25 11:14 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description François Kooman 2016-01-20 20:48:56 UTC

Since 1.0.8 there is support for importing CA, KEY and CERT blobs in OVPN configuration files. For tls-auth this support is missing. Tls-auth is used as an extra prevention of DoS on the VPN server where the client, in addition to a valid key also needs to have a shared secret key.

Importing tls-auth works fine if it points to a file with the key-direction behind it, e.g.:

    tls-auth foo_ta.key 1

This does not work however for blob and separate key-direction. For example, the relevant configuration for tls-auth in my OVPN file is this:

--- cut ----

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
7ce58ca59201223f5751dda9f6a418d8
b2319fc6d7b3d3e7aeca6ed5a1119500
1b70029b47fedecbdebb5634557a0772
857499c0b187dd846a64e6fe23d1089c
36edca6e284c8893ded7b1857c49ef07
26962cf17b0e95e1aff62a0faca83715
7e595f47e7a332c34007ade7fc3c90aa
9ee4efa2d2059509b620e236410735b3
8b9f0be82db5ddf5c21b278c5c28d873
f4522c97bdca764b393a267d1251c43c
c22ff200ae1a73388d8a1d72fbc30272
09fd9dffa5af0f02d2b03f7bc2ef9582
6567baa786b971d0ce918aba7ed38c13
9101b995a5b26b7904c1d3a3afb2638e
894f565dc0fefb30408361fe4eadd0f8
a3cdf6b9bee73c736e12ecd2ef2ce3f9
-----END OpenVPN Static key V1-----
</tls-auth>

---- cut ----

Comment 1 Thomas Haller 2016-01-23 16:46:49 UTC

fixed on master:

https://git.gnome.org/browse/network-manager-openvpn/commit/?id=ad3d639e1d1d8b10fef022f1d19a4b4ce03a0382

Comment 2 François Kooman 2016-01-23 19:24:44 UTC

Thanks so much! I tested it and it works for importing my configurations now! :)

Comment 3 Thomas Haller 2016-01-25 11:14:33 UTC

*** Bug 739216 has been marked as a duplicate of this bug. ***