[Bug 1578712] Re: Periodic failure of client authorisation
Hi, I've been reading around the code just for interest and, while I can't fix this maybe this could help: (From openvpn-plugin.h comments) * New Client Connection: * * FUNC: openvpn_plugin_client_constructor_v1 * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert * in the server chain) * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_FINAL * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_IPCHANGE * * [If OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY returned OPENVPN_PLUGIN_FUNC_DEFERRED, * we don't proceed until authentication is verified via auth_control_file] * * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_CONNECT_V2 * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS * * [Client session ensues] * * For each "TLS soft reset", according to reneg-sec option (or similar): * * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF * * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert * in the server chain) * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_FINAL * * [If OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY returned OPENVPN_PLUGIN_FUNC_DEFERRED, * we expect that authentication is verified via auth_control_file within * the number of seconds defined by the "hand-window" option. Data channel traffic * will continue to flow uninterrupted during this period.] So an issue in the implementation or else might cause this problem? The conection is established correctly at first but then it's DEFERRED (from the start or during runtime(?)) the tunnel might remain up until a TLS soft reset is received? I don't know if I'm making any sense or not actually with this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1578712 Title: Periodic failure of client authorisation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1578712/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1686254] Re: OpenVPN auto-connect options greyed out or missing for no reason
** Tags removed: openvpn ** Tags added: gnome-network-manager -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1686254 Title: OpenVPN auto-connect options greyed out or missing for no reason To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1686254/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1686254] Re: OpenVPN auto-connect options greyed out or missing for no reason
Hi, do you mean on the "Network connections" menu where you select the network connection to use? If it's correctly listed under "VPN" that you won't have the "automatically connect to this network at startup", you need to designate a real network interface that will be brought up on boot (like wired) and then select on that interface options to automatically connect to the VPN when brought up. The VPN is creating a virtual interface (tun0 usually) but it needs first that an actual interface is up and able to send/receive the packets for the TLS handshake (and the rest of the packets later too, actually), so it doesn't look like a bug to me ? Are you able to check those two options on any other network connection? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1686254 Title: OpenVPN auto-connect options greyed out or missing for no reason To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1686254/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1652525] Re: DNS leak in ubuntu 16.10
So, as promised, the logs. The only thing I needed to replicate the issue was to add again a DNS server on the network manager configuration. I found out that removing it from there + using UFW was doing the trick (meaning the test didn't crash when tried to resolve using the alternative DNS server and the possible rogue requests are stopped). For this I'm using openvpn on the CLI. The issue was more or less the same for the openvpn-nm applet but I wasn't able to find a way to get it to work there. For connecting I use ovpn files with these options: client dev tun proto udp remote us-ga.gw.ivpn.net 2049 auth-user-pass /home/tux/pass.txt resolv-retry infinite nobind persist-tun persist-key persist-remote-ip cipher AES-256-CBC tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA ns-cert-type server verify-x509-name us-ga name-prefix key-direction 1 comp-lzo verb 3 ;ca ca.crt -BEGIN CERTIFICATE- (...) -BEGIN OpenVPN Static key V1- (...) -END OpenVPN Static key V1- up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf script-security 2 ** Attachment added: "logs mentioned in the comment" https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1652525/+attachment/4873016/+files/logs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1652525 Title: DNS leak in ubuntu 16.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1652525/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1652525] Re: DNS leak in ubuntu 16.10
Hi, I have been experiencing this bug with the nm-openvpn applet and more rarely with the openvpn cli client. Right now I'm havinh a hard time reproducing it but it still definitely happens. I'kk try to get my network to the original state before trying to mitigate it because right now when www.dnsleaktest.com detects my ISP DNS chromium it just freezes the page with these errors: Failed to load resource: net::ERR_NAME_NOT_RESOLVED op3bcnhs63.dnsleaktest.com/ Failed to load resource: net::ERR_NAME_NOT_RESOLVED eti6s7oq49.dnsleaktest.com/ Failed to load resource: net::ERR_NAME_NOT_RESOLVED 4yvhbjv7qc.dnsleaktest.com/ Failed to load resource: net::ERR_NAME_NOT_RESOLVED u2rotxbca3.dnsleaktest.com/ Failed to load resource: net::ERR_NAME_NOT_RESOLVED 51cy8y0t8y.dnsleaktest.com/ Failed to load resource: net::ERR_NAME_NOT_RESOLVED When I have full logs about what is happening I will post them. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1652525 Title: DNS leak in ubuntu 16.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1652525/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs