Bug 1288711 - Not working with static key and tcp
Not working with static key and tcp
Status: CLOSED ERRATA
Product: Fedora EPEL
Classification: Fedora
Component: NetworkManager-openvpn (Show other bugs)
epel7
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Gwyn Ciesla
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-05 08:07 EST by Michael Scherer
Modified: 2016-12-31 05:47 EST (History)
4 users (show)

See Also:
Fixed In Version: NetworkManager-openvpn-1.2.6-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-12-31 05:47:50 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sample openvpn config for the client (222 bytes, text/plain)
2015-12-05 08:07 EST, Michael Scherer
no flags Details
Fix the bug, by using tcp-client. (1.42 KB, application/mbox)
2015-12-13 09:10 EST, Michael Scherer
no flags Details

  None (edit)
Description Michael Scherer 2015-12-05 08:07:27 EST
Created attachment 1102522 [details]
sample openvpn config for the client

Description of problem:
When i try to use my openvpn (since RHEL 7.2 upgrade), it fail with this error:

déc. 05 13:40:44 kiora.example.com nm-openvpn[12454]: Options error: --proto tcp is ambiguous in this context.  Please specify --proto tcp-server or --proto tcp-client

It used to be working before the upgrade. I did tried with either NetworkManager-openvpn 1.0 and the 1.0.8 in update-testing

Version-Release number of selected component (if applicable):
NetworkManager-openvpn-1.0.8-1.el7.x86_64


How reproducible:
each time

Steps to Reproduce:
1. import the config I attached (after setting a similar setup)
2. try to run the VPN
3.
Comment 1 Jirka Klimes 2015-12-05 13:16:15 EST
It is an error from openvpn. Change the line "proto tcp" to "proto tcp-client".
Maybe there's a problem in NM openvpn plugin too, but it seems that openvpn doesn't want to accept "tcp" value.
Where did you get the file from? 

man openvpn says:
--proto p
              Use protocol p for communicating with remote host.  p can be udp, tcp-client, or tcp-server.
Comment 2 Michael Scherer 2015-12-13 09:08:22 EST
I exported the config from NetworkManager, and it was a configuration I imported around 7.0 time. It was working fine before the upgrade to 7.2 beta.

Once imported, the confi
 But I tought that giving the exported configuration was easier than a screenshot to reproduce the issue. Once imported, you can check and uncheck 'use tcp", and it will still use the wrong protocol anyway. I also did create the same exact configuration from scratch and it fail the same.

And looking at the code, I do not see where it is adding tcp-client, and the only mention I see is around:

https://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service.c#n1038

I would propose the following patch, but I couldn't test it (nor compile on my RHEL 7.2, missing deps it seems).

Should I open a bug on gnome bugzilla for review instead ?
Comment 3 Michael Scherer 2015-12-13 09:10 EST
Created attachment 1105336 [details]
Fix the bug, by using tcp-client.
Comment 4 Michael Scherer 2015-12-23 11:20:19 EST
So I went ahead and posted https://bugzilla.gnome.org/show_bug.cgi?id=759811
Comment 6 Thomas Haller 2016-02-11 13:07:02 EST
Package NetworkManager-openvpn-1.0.8-2 fixes this for F23 and F22.

EPEL package still missing.
Comment 7 Mike McCune 2016-03-28 18:55:34 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 8 Fedora Update System 2016-12-14 13:32:59 EST
NetworkManager-openvpn-1.2.6-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1427c2b2fc
Comment 9 Fedora Update System 2016-12-15 23:19:54 EST
NetworkManager-openvpn-1.2.6-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1427c2b2fc
Comment 10 Fedora Update System 2016-12-31 05:47:50 EST
NetworkManager-openvpn-1.2.6-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.