Bug 1288711

Summary: Not working with static key and tcp
Product: [Fedora] Fedora EPEL Reporter: Michael S. <misc>
Component: NetworkManager-openvpnAssignee: Gwyn Ciesla <gwync>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: gwync, psimerda, rkhan, thaller
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: NetworkManager-openvpn-1.2.6-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-31 10:47:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
sample openvpn config for the client
none
Fix the bug, by using tcp-client. none

Description Michael S. 2015-12-05 13:07:27 UTC
Created attachment 1102522 [details]
sample openvpn config for the client

Description of problem:
When i try to use my openvpn (since RHEL 7.2 upgrade), it fail with this error:

déc. 05 13:40:44 kiora.example.com nm-openvpn[12454]: Options error: --proto tcp is ambiguous in this context.  Please specify --proto tcp-server or --proto tcp-client

It used to be working before the upgrade. I did tried with either NetworkManager-openvpn 1.0 and the 1.0.8 in update-testing

Version-Release number of selected component (if applicable):
NetworkManager-openvpn-1.0.8-1.el7.x86_64


How reproducible:
each time

Steps to Reproduce:
1. import the config I attached (after setting a similar setup)
2. try to run the VPN
3.

Comment 1 Jirka Klimes 2015-12-05 18:16:15 UTC
It is an error from openvpn. Change the line "proto tcp" to "proto tcp-client".
Maybe there's a problem in NM openvpn plugin too, but it seems that openvpn doesn't want to accept "tcp" value.
Where did you get the file from? 

man openvpn says:
--proto p
              Use protocol p for communicating with remote host.  p can be udp, tcp-client, or tcp-server.

Comment 2 Michael S. 2015-12-13 14:08:22 UTC
I exported the config from NetworkManager, and it was a configuration I imported around 7.0 time. It was working fine before the upgrade to 7.2 beta.

Once imported, the confi
 But I tought that giving the exported configuration was easier than a screenshot to reproduce the issue. Once imported, you can check and uncheck 'use tcp", and it will still use the wrong protocol anyway. I also did create the same exact configuration from scratch and it fail the same.

And looking at the code, I do not see where it is adding tcp-client, and the only mention I see is around:

https://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service.c#n1038

I would propose the following patch, but I couldn't test it (nor compile on my RHEL 7.2, missing deps it seems).

Should I open a bug on gnome bugzilla for review instead ?

Comment 3 Michael S. 2015-12-13 14:10:14 UTC
Created attachment 1105336 [details]
Fix the bug, by using tcp-client.

Comment 4 Michael S. 2015-12-23 16:20:19 UTC
So I went ahead and posted https://bugzilla.gnome.org/show_bug.cgi?id=759811

Comment 6 Thomas Haller 2016-02-11 18:07:02 UTC
Package NetworkManager-openvpn-1.0.8-2 fixes this for F23 and F22.

EPEL package still missing.

Comment 7 Mike McCune 2016-03-28 22:55:34 UTC
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Comment 8 Fedora Update System 2016-12-14 18:32:59 UTC
NetworkManager-openvpn-1.2.6-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1427c2b2fc

Comment 9 Fedora Update System 2016-12-16 04:19:54 UTC
NetworkManager-openvpn-1.2.6-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1427c2b2fc

Comment 10 Fedora Update System 2016-12-31 10:47:50 UTC
NetworkManager-openvpn-1.2.6-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.