Your message dated Tue, 13 Dec 2016 23:04:46 +0100 with message-id <89d184b8-8f4f-9bee-2070-674285125...@debian.org> and subject line Re: [Pkg-utopia-maintainers] Bug#848024: Bug#848024: Fails to connect after upgrade to openvpn 2.4 has caused the Debian Bug report #848024, regarding Fails to connect after upgrade to openvpn 2.4 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 848024: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848024 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: network-manager-openvpn Version: 1.2.6-2 Severity: normal After upgrading to openvpn 2.4~rc1-2, my VPN connection began to fail: Dec 13 09:49:37 xps13 NetworkManager[738]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: tls-remote (2.4_rc1) (Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: tls-remote (2.4_rc1) I'm working around this by reverting to openvpn 2.3.11-2. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-rc7-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages network-manager-openvpn depends on: ii adduser 3.115 ii libc6 2.24-8 ii libglib2.0-0 2.50.2-2 ii libnm0 1.4.2-3 ii network-manager 1.4.2-3 ii openvpn 2.3.11-2 network-manager-openvpn recommends no packages. network-manager-openvpn suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Am 13.12.2016 um 18:22 schrieb Michael Biebl: > I've blocked the two bugs accordingly and forwarded the issue to > upstream. This is upstream's response Thomas Haller: > I don't think there is anything to do. > > nm-openvpn already supports the verify-x509-name option, which should > be used. > > > The problem is for users who have existing connections with > tls-remote setting. > > For example, when you look at your NetworkManager ovpn connection > (for example, named "MyOVPN"): > > $ nmcli connection show "MyVPN" | grep tls-remote > > > openvpn 2.4 breaks backward compatibility by removing the option. > There is nothing that nm-openvpn can do about it except requiring > users to fix their configuration. > > E.g. the Gnome plugin of nm-openvpn for nm-connection-editor has a > "Server Certificate Check" combobox. Affected users have to move away > from the "Verify subject partially (legacy mode)" setting. In light of that, I'll close this bug report. I suggest, openvpn either patches tls-remote support back in (for stretch) or it adds a NEWS file, telling users to check their VPN configuration files (including the NetworkManager config) and fix them up manually. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?signature.asc
Description: OpenPGP digital signature
--- End Message ---