network manager for kde is not working with openvpn configuration introduced by 2.4 release. https://github.com/pivpn/pivpn/issues/542 https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1749562
excerpt from repeating records of journalctl logs from Kubuntu 18.04: Jun 18 18:44:45 example.com ovpn-server[1002]: tls-crypt unwrap error: packet authentication failed Jun 18 18:44:45 example.com ovpn-server[1002]: TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.1.1:60049
to reproduce this issue, easiest way is to: 1 install pivpn from http://www.pivpn.io/ set up the openvpn 2.4 features. 2 create opvpn setup, load it on multiple devices and see it working on all apart from kde's network manager implementation. (use gnome for next two years)
this was not completely fair - the default ubuntu 18.04 has the same problem with no information on what is going on in logs.
I believe this bug was caused by usage of LZ4 compression, backend openvpn >=2.4 should be able to support this.
Same problem here. Looks like it's not solved yet.
The problem here might be in OpenVPN import. We have tls-crypt option supported for some time, but support for it hasn't been added to the importing function. Can you try configuring tls-crypt manually? It's in Advanced → TLS Setting.
it works if you manually configure settings in tls-properties dialogue. with .ovpn from pivpn, you need to add name checking for server certificate , extract the tls-key from the .ovpn and select it from that dialogue. after that, it still didn't work and i found you need to install "network-manager-openvpn". i'm curious that you can configure openvpn settings and then need this package to make openvpn works, that looks like a missing package dependency to me. in ubuntu 18.04 it works without problems (i.e. it seems to have been fixed there in the meantime ) could someone please fix openvpn import and package dependency ? this is open for about a year now, really curious why fixing security related stuff need such long time fixing and people put so much fokus on replicating eye-candy and stuff instead. that "each distro does reinvent things und bugs on their own" really really sucks so badly - no wonder that windows or osx is the more successful desktop OS.
oh, and i just see - this is reported for archlinux - i'm reporting for kubuntu 18.04 where the problem also exists (while it's working on ubuntu 18.04)
The issue is still present on plasma-nm 5.16.4
Martin, does it work if you import the connection using some other means? See also bug #396530.
Based on the tls-crypt error, this sound like it is the same problem described in https://bugs.kde.org/show_bug.cgi?id=416643 Basically, the tls-crypt entry is not being properly imported. But if it is imported through another mechanism or set directly then it does work.
Plasma 5.27 changes the way vpn connections are imported to match what nmcli does, so this should be fixed.
Does this also fix the GUI so that, if a user creates an OpenVPN connection using the GUI instead of importing the settings it also works with TLS-Crypt v2?
(In reply to Soren Stoutner from comment #13) > Does this also fix the GUI so that, if a user creates an OpenVPN connection > using the GUI instead of importing the settings it also works with TLS-Crypt > v2? It doesn't change how the GUI behaves
Then it is appropriate to mark https://bugs.kde.org/show_bug.cgi?id=416643 as fixed, but to keep this open until the GUI is also updated to handle TLS Crypt v2.
Actually, it looks like this bug report contains a mix of at least three different root causes. As such, it would make the most sense to close it and mark it as a duplicate of the one issue that is still remaining. *** This bug has been marked as a duplicate of bug 460777 ***
Indeed, I'm having a hard time following what this report is and isn't about. If you are testing 5.27 and still notice any issue please file a new report and I'll look into it
Bulk transfer as requested in T17796