Bug 1421499 - tls-remote config fails with networkmanager-openvpn-1.2.6
Summary: tls-remote config fails with networkmanager-openvpn-1.2.6
Keywords:
Status: CLOSED DUPLICATE of bug 1421241
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager-openvpn
Version: 25
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-12 19:02 UTC by Fabrice Bellet
Modified: 2017-02-13 08:58 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-13 08:58:38 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Fabrice Bellet 2017-02-12 19:02:14 UTC 
With this new version, it seems that the legacy option to check the x509 certificate subject (tls-remote) is no longer accepted :

Feb 12 19:29:46 bonobo.bellet.info NetworkManager[1051]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: tls-remote (2.4.0)
Feb 12 19:29:46 bonobo.bellet.info NetworkManager[1051]: Use --help for more information.
Feb 12 19:29:46 bonobo.bellet.info NetworkManager[1051]: <warn>  [1486924186.6513] vpn-connection[0x560946b30100,ba9c7938-bd0e-4e3d-b971-5a605ee5811d,"VPN xxx 1194/udp",0]: VPN plugin: failed: connect-failed (1)
Feb 12 19:29:46 bonobo.bellet.info NetworkManager[1051]: <warn>  [1486924186.6513] vpn-connection[0x560946b30100,ba9c7938-bd0e-4e3d-b971-5a605ee5811d,"VPN xxx 1194/udp",0]: VPN plugin: failed: connect-failed (1)

Switching to other options to verify the CN works fine of course, but I think breaking the existing tls-remote option was not the desired behaviour.
Comment 1 Thomas Haller 2017-02-12 21:36:31 UTC 
I assume you are running openvpn version 2.4?

Probably a dupe of bug 1421241.
Comment 2 Thomas Haller 2017-02-13 08:58:38 UTC 

*** This bug has been marked as a duplicate of bug 1421241 ***
Note You need to log in before you can comment on or make changes to this bug.