Red Hat Bugzilla – Bug 471397
nm-openvpn: Authenticate/Decrypt packet error: cipher final failed
Last modified: 2014-04-06 14:54:00 EDT
Description of problem:
"nm-openvpn: Authenticate/Decrypt packet error: cipher final failed" - this always happens for me and the OpenVPN integration is completely useless
for me, as it doesn't work. I digged into and noticed, that I've to configure
the keysize, by putting "--keysize 256" to the command as well.
Version-Release number of selected component (if applicable):
Everytime, see above.
Unusable OpenVPN integration into NetworkManager
Usable and configurable keysize appended as "--keysize 256" to the openvpn
I'm also lacking the ability to run an own start/stop (--up/--down) script
for an own firewall explicitly for that connection. Currently, --up seems
to be abused by a network management helper. So fix that crappy idea ASAP,
thanks for your bug report, the point is: NetworkManager-openvpn does not (and apparently will never) support _all_ openvpn options. If you need a special option you should consider making a request upstream (firstname.lastname@example.org).
I don not know the --keysize argument well, manpage tells that:
Use care in
changing a cipher’s default key size. Many ciphers have not
been extensively cryptanalyzed with non-standard key lengths,
and a larger key may offer no real guarantee of greater securi-
ty, or may even reduce security.
So I think it's pretty unlikely that this option will make its way in the gui.
The --up script will propably be used, as long as openvpn does not use dbus to talk with NetworkManager.
I'll close that bug with the advice to use plain openvpn if you have to use such special features.
Well, the main problem is, that the concept of NetworkManager-openvpn itself
is broken and wrong. Even the Windows OpenVPN client uses the configuration
file as it is and calls openvpn using the configuration file and doesn't create
an own one or only appending the parameters to the openvpn call. Very worse to
see that the Linux implementation of a thing is unusable while the Windows one
Any firewall changes should be done from NetworkManager dispatcher scripts on the 'vpn-up' event. The VPN connection isn't the only connection, and policy gets applied to the machines *overall* IP configuration based on more than just the vpn connection.
NetworkManager-openvpn-0.8.1-0.2.git20100609.el6 has been submitted as an update for Fedora EPEL 6.
NetworkManager-openvpn-0.8.1-0.2.git20100609.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.