Description of problem: When using net_applet to configure an openvpn access with a username.p12 file there is no way to enter the cert password to activate the vpn :-( When launching openvpn with cli, openvpn asks for the password and then everything is okay $ openvpn -f /etc/sysconfig/network-scripts/vpn.d/openvpn/myvpn.conf While with net_applet the vpn connetion fails because the password is not provided to openvpn Version-Release number of selected component (if applicable): Name : drakx-net Version : 0.93 Release : 3.mga1 How reproducible: Always Steps to Reproduce: 1. have a openvpn server and a pki 2. create yourself a pkcs12 cert (username.p12) 3. Right click on net_applet tyray icon 4. choose VPN 5. Choose Manage 6. Choose OpenVPN 7. Define a new one.. let's say "myvpn" 8. Define Type X509, give your username.p12 file in PKCS#12 field, click next 9. Give your vpn server ip or fqdn, click next 10. Try to start it 11. check /var/log/messages for openvpn failure message Try with cli reusing the very same config file net_applet just created /etc/sysconfig/network-scripts/vpn.d/openvpn/myvpn.conf give the password... watch that here openvpn is working (This is likely to prevent people from using mageia with vpn connections) Reproducible: Steps to Reproduce:
We're now on a newer version of drakx-net (0.97-1.mga1 for Mageia 1), did this get solved?
CC: (none) => marja11
Sorry : no password asked :-/ Sample of logs juste for the sake of it : Oct 11 12:01:35 laptop-xxx net_applet[3975]: running: consolehelper openvpn Linagora Oct 11 12:01:36 laptop-xxx openvpn[16160]: OpenVPN 2.2.1 i586-mageia-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jul 25 2011 Oct 11 12:01:36 laptop-xxx openvpn[16160]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Oct 11 12:01:36 laptop-xxx openvpn[16160]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Oct 11 12:01:36 laptop-xxx openvpn[16160]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Oct 11 12:01:36 laptop-xxx openvpn[16160]: OpenSSL ERROR code: 113 Oct 11 12:01:36 laptop-xxx openvpn[16160]: Error: private key password verification failed Oct 11 12:01:36 laptop-pvxxxilarem openvpn[16160]: Exiting => the feature is simply missing... no hope of having this bug solved by chance with a new version :/
Pinging. because nothing happened to this report since more than 3 months ago, and it still has the status NEW or REOPENED. @ Olivier Please set status to ASSIGNED if you think this bug was assigned correctly. If for work flow reasons you can't do that, then please put OK on the whiteboard instead. (I leave out the "OK" bugs when searching for New and Reopened stale bugs)
@ Olivier Ping?
Still no password for .p12 files as far as i can see :-( So either you explode by hand the .p12 file extracting .cert and .key (setting an empty password for the .key) to use the other configuration option available (which does not allow to enter a password either) But the drawback is that : 1/ You have to master openssl command line interface which is not really simple 2/ You have to weaken your VPN security (VPN connection without password) => imho we'd have a great improvement having mageia's VPN tool able to ask for passwords :)
Hi, This bug was filed against cauldron, but we do not have cauldron at the moment. Please report whether this bug is still valid for Mageia 2. Thanks :) Cheers, marja
Keywords: (none) => NEEDINFO
maat just confirmed on IRC the bug is still valid for all versions of Mageia. So: drakx-net-1.13-1.mga3.src.rpm drakx-net-1.12-1.mga2.src.rpm drakx-net-0.97.2-1.mga1.src.rpm @ Olivier Please put OK on the whiteboard if you think this bug was assigned correctly, or set status to ASSIGNED
Whiteboard: (none) => MGA2TOO MGA1TOOKeywords: NEEDINFO => (none)Source RPM: drakx-net-0.93-3.mga1.src.rpm => drakx-net-1.13-1.mga3.src.rpm
We have support for querying passwords from openvpn. We are running openvpn with --management 127.0.0.1 2222 --management-query-passwords" and expect ">PASSWORD:" strings. Does anyone know if this changed?
Status: NEW => ASSIGNED
CC: (none) => cazzaniga.sandroWhiteboard: MGA2TOO MGA1TOO => MGA2TOO MGA1TOO MGA3TOO
Still valid in Mageia 4 I guess.
Whiteboard: MGA2TOO MGA1TOO MGA3TOO => MGA2TOO MGA1TOO MGA3TOO MGA4TOOHardware: i586 => All
Unless I miss something, this has nothing to do with net_applet. Clicking "VPN > Manage" simply calls drakvpn, which comes from drakx-net. Please revert my changes if I'm wrong.
Summary: Missing password field in net_applet VPN configuration for pkcs1x certs => Missing password field in drakvpn VPN configuration for pkcs1x certsWhiteboard: MGA2TOO MGA1TOO MGA3TOO MGA4TOO => (none)Source RPM: drakx-net-1.13-1.mga3.src.rpm => drakx-net-2.42-1.mga7.src.rpm