After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 774730 - [review] bg/ciphers-case-bgo774730 - ovpn file port and cipher import
[review] bg/ciphers-case-bgo774730 - ovpn file port and cipher import
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: VPN: openvpn
1.4.x
Other Linux
: Normal normal
: ---
Assigned To: Beniamino Galvani
NetworkManager maintainer(s)
: 791881 (view as bug list)
Depends on:
Blocks: nm-review nm-openvpn-options
 
 
Reported: 2016-11-19 20:07 UTC by wolf
Modified: 2018-01-04 18:51 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description wolf 2016-11-19 20:07:35 UTC 
I'm importing ovpn files into NM (1.4.2). The files contain the following lines:

remote area.server.com 1196
cipher aes-128-cbc

But upon import into NM (through Add... > Import a saved VPN connection), the port is instead appended to the gateway address (area.server.com:1196) instead of put in (Advanced > General > Use custom gateway port) and the cipher is set to Default instead of the one specified (in Advanced > Security > Cipher). Is there a reason why these fields aren't completely assimilated on import? Let me know if you need more info, but I imagine it's a simple import script fix.
Comment 1 wolf 2016-11-19 22:12:14 UTC 
Another one—the conf file contains `auth sha1`, which should change the HMAC Authentication (Advanced > Security > HMAC Authentication) to SHA-1, but the setting remains as "Default".
Comment 2 Beniamino Galvani 2016-12-02 22:04:34 UTC 
(In reply to wolf from comment #0)
> I'm importing ovpn files into NM (1.4.2). The files contain the following
> lines:
>
> remote area.server.com 1196
> cipher aes-128-cbc
>
> But upon import into NM (through Add... > Import a saved VPN connection),
> the port is instead appended to the gateway address (area.server.com:1196)
> instead of put in (Advanced > General > Use custom gateway port)

I think this is correct, 'area.server.com:1196' is the syntax to set a
remote-specific port, and the 'custom gateway port' applies only to
remotes that don't explicitly specify a port.

> and the
> cipher is set to Default instead of the one specified (in Advanced >
> Security > Cipher). Is there a reason why these fields aren't completely
> assimilated on import? Let me know if you need more info, but I imagine it's
> a simple import script fix.

(In reply to wolf from comment #1)
> Another one—the conf file contains `auth sha1`, which should change the HMAC
> Authentication (Advanced > Security > HMAC Authentication) to SHA-1, but the
> setting remains as "Default".

Thanks for reporting these bugs. I've pushed some fixes to branch
bg/ciphers-case-bgo774730.
Comment 3 wolf 2016-12-03 01:31:42 UTC 
Thanks!

(In reply to Beniamino Galvani from comment #2)
> the 'custom gateway port' applies only to remotes that don't explicitly specify a port

What is the proper syntax for setting the custom gateway port if not with the colon?
Comment 4 Beniamino Galvani 2016-12-03 08:57:14 UTC 
(In reply to wolf from comment #3)
> What is the proper syntax for setting the custom gateway port if not with
> the colon?

remote area.server.com
port 777
Comment 5 Thomas Haller 2016-12-03 10:50:40 UTC 
lgtm. 

Maybe use g_ascii_strcasecmp() instead of the local dependent strcasecmp().
Comment 6 Beniamino Galvani 2016-12-05 08:11:11 UTC 
(In reply to Thomas Haller from comment #5)
> lgtm. 
> 
> Maybe use g_ascii_strcasecmp() instead of the local dependent strcasecmp().

Updated and merged:

https://git.gnome.org/browse/network-manager-openvpn/commit/?id=912c0ee3c3f4add1432607da38794ad1d8a59c98
Comment 7 Thomas Haller 2018-01-04 18:51:18 UTC 
*** Bug 791881 has been marked as a duplicate of this bug. ***