Public bug reported: I am on Xubuntu 14.04 with the most recent version of network-manager (up-to-date with apt-get).
I added a TCP OpenVPN connection from a config file with a server certificate file specified. Today, when looking through my syslog, I found the following: Oct 21 11:20:38 xubuntu-MacAir NetworkManager[14273]: <info> VPN connection 'USA-New York-TCP' (Connect) reply received. Oct 21 11:20:38 xubuntu-MacAir nm-openvpn[30726]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014 Oct 21 11:20:38 xubuntu-MacAir nm-openvpn[30726]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. The certificate was listed in the main tabs of the network-manager's VPN config window, confirming that network-manager recognized its presence in the config file. Upon entering the "Advanced" window, I found that network-manager was not even attempting to use the certificate. I simply checked the relevant box, and everything now seems to be working fine. I feel that this is a bug, especially because the user is not notified of the warning. I'm reasonably experienced with manual configs, but I wrongly assumed that adding a server certificate was sufficient to have it actually used. There must be many users that don't know what a syslog is, and many more that made the same false assumption I did and never ventured into their logs to observe OpenVPN. I suggest that the user get an explicit warning through network-manager in this case, or that the server certificate be used by default if supplied by the user. ** Affects: network-manager (Ubuntu) Importance: Undecided Status: New ** Description changed: I am on Xubuntu 14.04 with the most recent version of network-manager (up-to-date with apt-get). I added a TCP OpenVPN connection from a config file with a server certificate file specified. Today, when looking through my syslog, I found the following: - Oct 21 11:20:38 xubuntu-MacAir NetworkManager[14273]: <info> VPN connection 'USA-New York-TCP' (Connect) reply received. - Oct 21 11:20:38 xubuntu-MacAir nm-openvpn[30726]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014 - Oct 21 11:20:38 xubuntu-MacAir nm-openvpn[30726]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. + Oct 21 11:20:38 xubuntu-MacAir NetworkManager[14273]: <info> VPN connection 'USA-New York-TCP' (Connect) reply received. + Oct 21 11:20:38 xubuntu-MacAir nm-openvpn[30726]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014 + Oct 21 11:20:38 xubuntu-MacAir nm-openvpn[30726]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. The certificate was listed in the main tabs of the network-manager's VPN - config window. Upon entering the "Advanced" window, I found that the - certificate was not even attempting to be used. I simply checked the - relevant box, and everything now seems to be working fine. + config window, confirming that network-manager recognized its presence + in the config file. Upon entering the "Advanced" window, I found that + network-manager was not even attempting to use the certificate. I simply + checked the relevant box, and everything now seems to be working fine. I feel that this is a bug, especially because the user is not notified of the warning. I'm reasonably experienced with manual configs, but I wrongly assumed that adding a server certificate was sufficient to have it actually used. There must be many users that don't know what a syslog is, and many more that made the same false assumption I did and never ventured into their logs to observe OpenVPN. I suggest that the user get an explicit warning through network-manager in this case, or that the server certificate be used by default if supplied by the user. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1383994 Title: OpenVPN connections with supplied server certificate don't use it by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1383994/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
