SUMMARY *** nm-openvpn fails with the following errors after update/upgrade vpn connection was working prior *** STEPS TO REPRODUCE 1. activate openvpn connection using kde nm 2. cat /var/log/syslog | grep nm-openvpn 3. read errors OBSERVED RESULT on server: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) TLS Error: TLS handshake failed on client: nm-openvpn[5630]: OpenSSL: error:0A000086:SSL routines::certificate verify failed nm-openvpn[5630]: TLS_ERROR: BIO read tls_read_plaintext error nm-openvpn[5630]: TLS Error: TLS object -> incoming plaintext read error nm-openvpn[5630]: TLS Error: TLS handshake failed nm-openvpn[5630]: SIGUSR1[soft,tls-error] received, process restarting nm-openvpn[5630]: SIGTERM[hard,init_instance] received, process exiting nm-openvpn[5655]: OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022 nm-openvpn[5655]: library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 nm-openvpn[5655]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. nm-openvpn[5655]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts EXPECTED RESULT vpn connection SOFTWARE/OS VERSIONS Windows: macOS: Linux/KDE Plasma: Kubuntu 22.04 KDE Plasma Version: 5.24.7 KDE Frameworks Version: 5.92.0 Qt Version: 5.15.3 ADDITIONAL INFORMATION Kernel 5.15.0-58-generic(54-bit)
This is when activating an existing connection, not adding a new one, correct?
As far as I can tell this is a problem with openvpn or your openvpn setup, not with Plasma. Searching for "TLS_ERROR: BIO read tls_read_plaintext error" I find lots of hits for this on the internet
Created attachment 155444 [details] attachment-11874-0.html Yes, this was a fully functional network connection on the client machine, ran update/upgrade. restarted the computer and now failure.Something happen to networkmanager or changes to TLS that network manager cannot handle. Server:Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-58-generic x86_64) openvpn: 2.5.5-1ubuntu3.1openSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)easyrsa On Thursday, January 19, 2023 at 07:03:35 PM EST, Nicolas Fella <bugzilla_noreply@kde.org> wrote: https://bugs.kde.org/show_bug.cgi?id=464471 Nicolas Fella <nicolas.fella@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nicolas.fella@gmx.de --- Comment #1 from Nicolas Fella <nicolas.fella@gmx.de> --- This is when activating an existing connection, not adding a new one, correct?
Created attachment 155445 [details] attachment-12408-0.html some of the fixes that are on the internet cannot be handled by plasma-nm.I think the network manager has failed to reliably send the HMAC packet the way it should.(due to server openvpn log files) Did the upgrade to the CA change something, that WAS an updateopenvpn client no longer works on this machine. On my laptop, which has NOT been update/upgrade works just fine.which leads me to believe the upgrade broke something On Thursday, January 19, 2023 at 07:13:08 PM EST, Nicolas Fella <bugzilla_noreply@kde.org> wrote: https://bugs.kde.org/show_bug.cgi?id=464471 Nicolas Fella <nicolas.fella@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |UPSTREAM Status|REPORTED |RESOLVED --- Comment #2 from Nicolas Fella <nicolas.fella@gmx.de> --- As far as I can tell this is a problem with openvpn or your openvpn setup, not with Plasma. Searching for "TLS_ERROR: BIO read tls_read_plaintext error" I find lots of hits for this on the internet
Created attachment 155446 [details] attachment-15174-0.html on the openVPN sitePlease also note that OpenVPN 2.5.5 is not expected to work well with OpenSSL3, since code to support the latter was introduced after OpenVPN 2.5.5. You may want to upgrade to OpenVPN 2.5.7. I think KDE software is behind the times so Ubuntu server and Ubuntu KDE plasma desktop are out of sync for software?LOL, discover doesn't even show the client installs clientopenvpn is already the newest version (2.5.5-1ubuntu3.1)openssl is already the newest version (3.0.2-0ubuntu1.7)network-manager is already the newest version (1.36.6-0ubuntu2) network-manager-openvpn is already the newest version (1.8.18-1) what do you see here? On Thursday, January 19, 2023 at 07:03:35 PM EST, Nicolas Fella <bugzilla_noreply@kde.org> wrote: https://bugs.kde.org/show_bug.cgi?id=464471 Nicolas Fella <nicolas.fella@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nicolas.fella@gmx.de --- Comment #1 from Nicolas Fella <nicolas.fella@gmx.de> --- This is when activating an existing connection, not adding a new one, correct?
Bulk transfer as requested in T17796