Your message dated Sat, 11 Nov 2023 22:57:46 +0100
with message-id <[email protected]>
and subject line Closing outdated bugs
has caused the Debian Bug report #1029205,
regarding openvpn: Backporting openvpn 2.6.0~rc1 to bullseye-backports breaks
network-manager-openvpn connections to older servers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1029205: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029205
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openvpn
Version: 2.6.0~rc1
Severity: normal
Dear Maintainer,
after updating openvpn from bullseye-backports from 2.5.1 to 2.6.0~rc1 I got a
broken VPN client-to-site connection to a server
not supporting TLS 1.2 (forced min TLS version: 1.0, overridden cipher:
AES-128-CBC).
The reason is not the explicit cipher in the setting, but
network-manager-openvpn relies on a different option set.
Message:
--cipher set to 'AES-128-CBC' but missing in --data-ciphers
(AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for
cipher negotiations.
As a result, the connection cannot be established.
IMHO, in each case it is not a idea to backport openvpn 2.6 unless
network-manager-openvpn supports to override also --data-ciphers.
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable'), (100, 'bullseye-fasttrack'), (100, 'bullseye-backports-staging')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.0.0-0.deb11.6-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openvpn depends on:
ii debconf [debconf-2.0] 1.5.77
ii iproute2 6.1.0-1~bpo11+1
ii libc6 2.31-13+deb11u5
ii liblz4-1 1.9.3-2
ii liblzo2-2 2.10-2
ii libpam0g 1.4.0-9+deb11u1
ii libpkcs11-helper1 1.27-1
ii libssl1.1 1.1.1n-0+deb11u3
ii libsystemd0 251.3-1~bpo11+1
ii lsb-base 11.1.0
Versions of packages openvpn recommends:
ii easy-rsa 3.0.8-1
Versions of packages openvpn suggests:
ii openssl 1.1.1n-0+deb11u3
pn openvpn-systemd-resolved <none>
pn resolvconf <none>
-- debconf information:
openvpn/create_tun: false
--- End Message ---
--- Begin Message ---
signature.asc
Description: PGP signature
--- End Message ---
