[Pkg-utopia-maintainers] Bug#647747: network-manager-openvpn-gnome: segfaults when using a private, key with a password

Дёмин К.А. rockdrilla at gmail.com
Sat Nov 10 19:54:06 UTC 2012 

My scenario is to connect OpenVPN with TLS PSK using password
protected private key.

I confirm bug in `network-manager-openvpn` too.
AFAIK due to 'network-manager' dependency for 'libgnutls26' and I'm
sure that provided patch isn't present in testing branch for nowadays.

$ uname -a
Linux netbook 3.6-pf7.krd #1 SMP PREEMPT Thu Nov 8 15:59:44 MSK 2012
i686 GNU/Linux
$ dpkg -l | egrep -e
'^ii.+(libgnutls2[68][^-].*|network-manager(-openvpn)?)[[:space:]]'
ii  libgnutls26:i386                         2.12.20-1
           i386         GNU TLS library - runtime library
ii  libgnutls28:i386                         3.0.20-3
           i386         GNU TLS library - main runtime library
ii  network-manager                          0.9.4.0-6
           i386         network management framework (daemon and
userspace tools)
ii  network-manager-openvpn                  0.9.4.0-1
           i386         network management framework (OpenVPN plugin
core)

Supposed workaroung (quick-n-dirty for users):
$ sudo apt-get install libgnutls28
$ sudo find /lib /usr/lib -name libgnutls.so.26 -exec dpkg-divert
--divert '{}'.orig --rename '{}' \;
$ sudo find /lib /usr/lib -name libgnutls.so -exec ln -s '{}'.28 '{}'.26 \;

Supposed workaroung (long-long way for packaging teams):
substitute 'libgnutls26' with 'libgnutls28' in dependencies.

old system state with libgnutls26:
Nov 10 23:16:58 netbook NetworkManager[10088]: <info> Starting VPN
service 'openvpn'...
Nov 10 23:16:58 netbook NetworkManager[10088]: <info> VPN service
'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 13433
Nov 10 23:16:58 netbook NetworkManager[10088]: <info> VPN service
'openvpn' appeared; activating connections
Nov 10 23:16:59 netbook kernel: [34616.458536] nm-openvpn-serv[13433]:
segfault at 0 ip b7406c96 sp bfcc37bc error 4 in
libc-2.13.so[b738a000+156000]
Nov 10 23:16:59 netbook NetworkManager[10088]: <warn> VPN service
'openvpn' died with signal 11
Nov 10 23:16:59 netbook NetworkManager[10088]: <warn> error
disconnecting VPN: The name org.freedesktop.NetworkManager.openvpn was
not provided by any .service files
Nov 10 23:16:59 netbook NetworkManager[10088]: <info> Policy set
'WiFi' (wlan0) as default for IPv4 routing and DNS
Nov 10 23:16:59 netbook NetworkManager[10088]: <info> VPN service
'openvpn' disappeared

new system state with libgnutls28:
Nov 10 23:26:24 netbook NetworkManager[10088]: <info> Starting VPN
service 'openvpn'...
Nov 10 23:26:24 netbook NetworkManager[10088]: <info> VPN service
'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 13510
Nov 10 23:26:24 netbook NetworkManager[10088]: <info> VPN service
'openvpn' appeared; activating connections
Nov 10 23:26:24 netbook NetworkManager[10088]: <info> VPN plugin state
changed: init (1)
Nov 10 23:26:34 netbook NetworkManager[10088]: <info> VPN plugin state
changed: starting (3)
Nov 10 23:26:34 netbook NetworkManager[10088]: <info> VPN connection
'amethyst::local' (Connect) reply received.
Nov 10 23:26:34 netbook nm-openvpn[13513]: OpenVPN 2.2.1
i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH]
[PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 23 2012
Nov 10 23:26:34 netbook nm-openvpn[13513]: WARNING: No server
certificate verification method has been enabled.  See
http://openvpn.net/howto.html#mitm for more info.
Nov 10 23:26:34 netbook nm-openvpn[13513]: NOTE: the current
--script-security setting may allow this configuration to call
user-defined scripts
Nov 10 23:26:34 netbook nm-openvpn[13513]: Control Channel
Authentication: using '/home/krd/store/openvpn/ta.key' as a OpenVPN
static key file
Nov 10 23:26:34 netbook nm-openvpn[13513]: LZO compression initialized
Nov 10 23:26:34 netbook nm-openvpn[13513]: UDPv4 link local: [undef]
Nov 10 23:26:34 netbook nm-openvpn[13513]: UDPv4 link remote:
[AF_INET]10.xx.xx.xx:xxxx
Nov 10 23:26:35 netbook nm-openvpn[13513]: [amethyst.loc] Peer
Connection Initiated with [AF_INET]10.xx.xx.xx:xxxx
Nov 10 23:26:37 netbook nm-openvpn[13513]: TUN/TAP device tap0 opened
Nov 10 23:26:37 netbook nm-openvpn[13513]:
/usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper tap0 1500
1590   init
Nov 10 23:26:37 netbook NetworkManager[10088]:    SCPlugin-Ifupdown:
devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
Nov 10 23:26:37 netbook NetworkManager[10088]:    SCPlugin-Ifupdown:
device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no
ifupdown configuration found.
Nov 10 23:26:37 netbook NetworkManager[10088]: <warn>
/sys/devices/virtual/net/tap0: couldn't determine device driver;
ignoring...
Nov 10 23:26:37 netbook NetworkManager[10088]: <warn> VPN plugin failed: 2
Nov 10 23:26:37 netbook nm-openvpn[13513]: WARNING: Failed running
command (--up/--down): external program exited with error status: 1
Nov 10 23:26:37 netbook nm-openvpn[13513]: Exiting
Nov 10 23:26:37 netbook NetworkManager[10088]: <warn> VPN plugin failed: 1
Nov 10 23:26:37 netbook NetworkManager[10088]: <info> VPN plugin state
changed: stopped (6)
Nov 10 23:26:37 netbook NetworkManager[10088]: <info> VPN plugin state
change reason: 0
Nov 10 23:26:37 netbook NetworkManager[10088]: <warn> error
disconnecting VPN: Could not process the request because no VPN
connection was active.
Nov 10 23:26:37 netbook NetworkManager[10088]: <info> Policy set
'WiFi' (wlan0) as default for IPv4 routing and DNS.
Nov 10 23:26:37 netbook NetworkManager[10088]:    SCPlugin-Ifupdown:
devices removed (path: /sys/devices/virtual/net/tap0, iface: tap0)
Nov 10 23:26:42 netbook NetworkManager[10088]: <info> VPN service
'openvpn' disappeared

As you see, segfault has eliminated. Other warnings in syslog my own
headache but I would appreciate any help.

---
Konstantin Demin <rockdrilla at gmail.com>

More information about the Pkg-utopia-maintainers mailing list