Ubuntu
network-manager-openvpn package

Strong HMAC authentication (SHA256, SHA512) that is supported by OpenVPN cannot be selected

Bug #1217094 reported by Sander Bosma on 2013-08-26

24

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	NetworkManager-OpenVPN	Expired	Medium	gnome-bugs #746429
	network-manager-openvpn (Ubuntu)	Triaged	Wishlist	Unassigned

Bug Description

OpenVPN currently supports more HMAC authentication options than can be chosen in network-manager-openvpn, like:
- SHA256;
- SHA384;
- SHA512.

I would like to use network-manager-openvpn with a stronger authentication option than MD-5 and SHA-1, but this is currently not possible, as these options cannot be selected in the OpenVPN Advanced Options window.

Ubuntu release: 10.04.4 LTS
Version of network-manager-openvpn package: 0.8-0ubuntu3
Version of network-manager-openvpn-gnome package: 0.8-0ubuntu3

Tags:

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-09-10:

#1

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openvpn (Ubuntu):
status:	New → Confirmed

Revision history for this message

xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote on 2015-03-18:

#2

Even though the higher crypto hash options are now selectable, the connection does not appear to complete successfully. Let me see if I can find more evidence of why that it...

Revision history for this message

xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote on 2015-03-18:

#3

The problem is that NetworkManager builds a bad command line script. To fix this specific issue, it is really as simple as updating NM to pass the additional CLI option: --auth <hash>

For example, for sha512, just pass: --auth sha512 to the built parameter via /usr/sbin/openvpn ...

Revision history for this message

xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote on 2015-03-18:

#4

A bigger problem though is that Networkmanager should support .ovpn (openvpn conf files). Currently, NM does not allow users to import them, but this would fix MANY other issues where users complain that NM is not accepting their parameters. If NM wants to work properly with existing .ovpn files, all that needs to be done is to accept a config file from the user in the GUI and then build the CLI parameters to include the --config <ovpn-file>.

Eg: /usr/sbin/openvpn ... --config myconfig.ovpn ...

Revision history for this message

Alberto Salvia Novella (es20490446e) wrote on 2015-03-19:

#5

@ Kristian Erik Hernansen

You have subscribed me to this report, but that's unnecessary. I set priority to all confirmed bugs, usually in less than a day.

Changed in network-manager-openvpn (Ubuntu):
importance:	Undecided → Wishlist

Revision history for this message

Alberto Salvia Novella (es20490446e) wrote on 2015-03-19:

#6

Well, except those not tagged.

Revision history for this message

Alberto Salvia Novella (es20490446e) wrote on 2015-03-19:

#7

Please:
- Report to <https://bugzilla.gnome.org/>
- Paste the new report URL here.
- Set this bug status back to confirmed.

Thank you.

Changed in network-manager-openvpn (Ubuntu):
status:	Confirmed → Incomplete
tags:	added: asked-to-upstream
tags:	added: lucid precise trusty utopic vivid

Revision history for this message

xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote on 2015-03-19: Re: [Bug 1217094] Re: Strong HMAC authentication (SHA256, SHA512) that is supported by OpenVPN cannot be selected

#8

OK, reason I did so is because this bug appears to have been neglected for
~18 months, since 2013-08-26. More and more people are reporting similar
issues online, although not necessary via the Ubuntu bug tracker. I will
try to push upstream...thanks

On Wed, Mar 18, 2015 at 6:40 PM Alberto Salvia Novella <
<email address hidden>> wrote:

> Please:
> - Report to <https://bugzilla.gnome.org/>
> - Paste the new report URL here.
> - Set this bug status back to confirmed.
>
> Thank you.
>
> ** Changed in: network-manager-openvpn (Ubuntu)
> Status: Confirmed => Incomplete
>
> ** Tags added: asked-to-upstream
>
> ** Tags added: lucid precise trusty utopic vivid
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1217094
>
> Title:
> Strong HMAC authentication (SHA256, SHA512) that is supported by
> OpenVPN cannot be selected
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/network-manager-openvpn/+bug/
> 1217094/+subscriptions
>

Revision history for this message

xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote on 2015-03-19:

#9

Upstream Gnome bug is here: https://bugzilla.gnome.org/show_bug.cgi?id=746429

Changed in network-manager-openvpn (Ubuntu):
status:	Incomplete → Confirmed
Changed in network-manager-openvpn:
status:	New → Confirmed
importance:	Undecided → Unknown
status:	Confirmed → Unknown

Bug Watch Updater (bug-watch-updater) on 2015-03-19

Changed in network-manager-openvpn:
importance:	Unknown → Medium
status:	Unknown → Confirmed

Revision history for this message

Alberto Salvia Novella (es20490446e) wrote on 2015-03-19:

#10

Thank you.

Changed in network-manager-openvpn (Ubuntu):
status:	Confirmed → Triaged

Bug Watch Updater (bug-watch-updater) on 2016-03-24

Changed in network-manager-openvpn:
status:	Confirmed → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

gnome-bugs #746429
[RESOLVED OBSOLETE] Edit

Bug watches keep track of this bug in other bug trackers.