After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 788226 - Can't save new VPN connection with static key
Can't save new VPN connection with static key
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: VPN: openvpn
git master
Other Linux
: Normal normal
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
: 793334 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2017-09-27 05:12 UTC by Brandon Guttersohn
Modified: 2018-03-13 12:25 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Possible patch (649 bytes, patch)
2017-09-27 05:12 UTC, Brandon Guttersohn
none Details | Review

Description Brandon Guttersohn 2017-09-27 05:12:20 UTC
Created attachment 360513 [details] [review]
Possible patch

Noticed that I couldn't save a static-key VPN on Arch, with console output complaining about 'static-key' being invalid. Checked out the master branch and poked around...

I'm not at all familiar with this project, but I think there may be a logic error recently introduced to network-manager-openvpn, which prevents the user from saving any static key VPN connection.

I don't know how to build this, so I can't test it, and I may be way off base. 

It looks like the applet will throw an error if the file chooser DOES return a valid filename, whereas I suspect the intention is to do the opposite? Git-blame makes it seem like this was only broken a few months ago, if it is in fact broken.

Patch attached.
Comment 2 Thomas Haller 2018-03-07 22:48:25 UTC
*** Bug 793334 has been marked as a duplicate of this bug. ***
Comment 3 d❤vid 2018-03-12 12:05:09 UTC
Applied this commit to 1.8.0 [1] and tried again. Similar error:

1. Add OVPN file through import GUI
2. Set username and passphrase through GUI
3. Attempt to connect fails
4. Opening connection in GUI reveals that "User private key" has been unset

Detailed logs to follow...

[1] See

https://tracker.pureos.net/T323

and

http://software.pureos.net/package/source/landing/network-manager-openvpn
Comment 4 d❤vid 2018-03-12 12:06:12 UTC
(Please let me know where I can track the formal release of NetworkManager and network-manager-openvpn)
Comment 5 d❤vid 2018-03-12 12:26:07 UTC
Debug logs from add and update actions. (Update attempted to manually set the private key at ~/.cert/nm-openvpn/my-connection-key.pem which appears to be a valid key file.) After both actions, the "User private key" field remains empty.

```
Mar 12 14:18:09 mail NetworkManager[1121]: <info>  [1520857089.9610] keyfile: add connection /etc/NetworkManager/system-connections/my-connection (f8471b66-b03e-49ee-b54b-bb4584d9442b,"my-connection")
Mar 12 14:18:09 mail NetworkManager[1121]: <info>  [1520857089.9617] audit: op="connection-add" uuid="f8471b66-b03e-49ee-b54b-bb4584d9442b" name="my-connection" pid=6405 uid=1000 result="success"
```

```
Mar 12 14:20:35 mail NetworkManager[1121]: <info>  [1520857235.2494] settings-connection[0x55c8612c39b0,f8471b66-b03e-49ee-b54b-bb4584d9442b]: write: successfully updated (keyfile: update /etc/NetworkManager/system-connections/my-connection (f8471b66-b03e-49ee-b54b-bb4584d9442b,"my-connection"))
Mar 12 14:20:35 mail NetworkManager[1121]: <info>  [1520857235.2499] audit: op="connection-update" uuid="f8471b66-b03e-49ee-b54b-bb4584d9442b" name="my-connection" args="vpn.data,vpn.secrets" pid=6405 uid=1000 result="success"
```
Comment 6 d❤vid 2018-03-12 12:26:36 UTC
Are any other changes needed in addition to the commit referenced above?
Comment 7 d❤vid 2018-03-12 12:28:34 UTC
NB It is possible to work around this issue by importing the OVPN and setting values using nmcli rather than the GUI. However, this is not a suitable solution for an everyday user.
Comment 8 Thomas Haller 2018-03-12 12:51:31 UTC
When talking about "import", always provide a ovpn file to reproduce the issue. Otherwise, it's hard to reproduce.
Comment 9 d❤vid 2018-03-12 14:10:31 UTC
There's a redacted OVPN file here:

https://bug793334.bugzilla-attachments.gnome.org/attachment.cgi?id=368257

I doubt I can post a functional one publicly. I'm figuring out how to generate one I can safely pass on to the GNOME/NetworkManager team.
Comment 10 d❤vid 2018-03-13 12:25:08 UTC
From IRC:

> you probably need https://git.gnome.org/browse/network-manager-openvpn/commit/?id=fcf4b58fe0da5994687469ebb0c6eac3cf083e83 as well

I can confirm that 1.8.0 with the two patches mentioned now works. (While waiting for 1.8.2 to arrive in Debian.) Many thanks.