GNOME Bugzilla – Bug 788226
Can't save new VPN connection with static key
Last modified: 2018-03-13 12:25:08 UTC
Created attachment 360513 [details] [review] Possible patch Noticed that I couldn't save a static-key VPN on Arch, with console output complaining about 'static-key' being invalid. Checked out the master branch and poked around... I'm not at all familiar with this project, but I think there may be a logic error recently introduced to network-manager-openvpn, which prevents the user from saving any static key VPN connection. I don't know how to build this, so I can't test it, and I may be way off base. It looks like the applet will throw an error if the file chooser DOES return a valid filename, whereas I suspect the intention is to do the opposite? Git-blame makes it seem like this was only broken a few months ago, if it is in fact broken. Patch attached.
merged to master: https://git.gnome.org/browse/network-manager-openvpn/commit/?id=b83f028a6da067dcc9b31555c15411f0288ebda1 Thanks!!
*** Bug 793334 has been marked as a duplicate of this bug. ***
Applied this commit to 1.8.0 [1] and tried again. Similar error: 1. Add OVPN file through import GUI 2. Set username and passphrase through GUI 3. Attempt to connect fails 4. Opening connection in GUI reveals that "User private key" has been unset Detailed logs to follow... [1] See https://tracker.pureos.net/T323 and http://software.pureos.net/package/source/landing/network-manager-openvpn
(Please let me know where I can track the formal release of NetworkManager and network-manager-openvpn)
Debug logs from add and update actions. (Update attempted to manually set the private key at ~/.cert/nm-openvpn/my-connection-key.pem which appears to be a valid key file.) After both actions, the "User private key" field remains empty. ``` Mar 12 14:18:09 mail NetworkManager[1121]: <info> [1520857089.9610] keyfile: add connection /etc/NetworkManager/system-connections/my-connection (f8471b66-b03e-49ee-b54b-bb4584d9442b,"my-connection") Mar 12 14:18:09 mail NetworkManager[1121]: <info> [1520857089.9617] audit: op="connection-add" uuid="f8471b66-b03e-49ee-b54b-bb4584d9442b" name="my-connection" pid=6405 uid=1000 result="success" ``` ``` Mar 12 14:20:35 mail NetworkManager[1121]: <info> [1520857235.2494] settings-connection[0x55c8612c39b0,f8471b66-b03e-49ee-b54b-bb4584d9442b]: write: successfully updated (keyfile: update /etc/NetworkManager/system-connections/my-connection (f8471b66-b03e-49ee-b54b-bb4584d9442b,"my-connection")) Mar 12 14:20:35 mail NetworkManager[1121]: <info> [1520857235.2499] audit: op="connection-update" uuid="f8471b66-b03e-49ee-b54b-bb4584d9442b" name="my-connection" args="vpn.data,vpn.secrets" pid=6405 uid=1000 result="success" ```
Are any other changes needed in addition to the commit referenced above?
NB It is possible to work around this issue by importing the OVPN and setting values using nmcli rather than the GUI. However, this is not a suitable solution for an everyday user.
When talking about "import", always provide a ovpn file to reproduce the issue. Otherwise, it's hard to reproduce.
There's a redacted OVPN file here: https://bug793334.bugzilla-attachments.gnome.org/attachment.cgi?id=368257 I doubt I can post a functional one publicly. I'm figuring out how to generate one I can safely pass on to the GNOME/NetworkManager team.
From IRC: > you probably need https://git.gnome.org/browse/network-manager-openvpn/commit/?id=fcf4b58fe0da5994687469ebb0c6eac3cf083e83 as well I can confirm that 1.8.0 with the two patches mentioned now works. (While waiting for 1.8.2 to arrive in Debian.) Many thanks.