Ubuntu
kvpnc package

kvpnc: needs ability to add "--script-security 2" to openvpn args

Bug #291263 reported by Patrick M. Jordan on 2008-10-30

34

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	kvpnc (Ubuntu)	Confirmed	Undecided	Unassigned
Nominated for Jaunty by max
Nominated for Karmic by max

Bug Description

Binary package hint: kvpnc

openvpn includes a new security feature that prevents by default the execution of external scripts. When kvpnc runs openvpn, and openvpn has been configured to execut external scripts such as the resolv.conf updater, openvpn won't connect. To enable openvpn, kvpnc should add the "--script-security 2" args as was done for network-manager, to preserve backward compatibilty.

Revision history for this message

Olaf Lenz (olenz) wrote on 2008-11-14:

#1

I can confirm this problem.
The problem is caused by an incompatibility between the version of openvpn and kvpnc provided by intrepid. To be able to work with the current version of openvpn, kvpnc >= 0.9 is required. This means, that the problem should be fixed as soon a newer version of kvpnc is uploaded.

PS: I've been working with kubuntu intrepid for two months now, ignoring a great number of problems, but this problem has finally convinced me to return to hardy for now. *sigh*

Changed in kvpnc:
status:	New → Confirmed

Revision history for this message

Olaf Lenz (olenz) wrote on 2008-11-14:

#2

Corrected information: you need at least kvpnc 0.9.1-rc1. Unfortunately, I wasn't able to compile the package myself to test whether this is really the case.

The information of the incompatibility originates from here:
http://www.cms.hu-berlin.de/dl/netze/vpn/openvpn/kvpnc

Revision history for this message

Patrick M. Jordan (ubuntu-bugs-antistatic) wrote on 2008-11-21:

#3

UPDATE:

openvpn later patched for backward compatibility:

http://cvs.fedora.redhat.com/viewvc/devel/openvpn/openvpn-script-security.patch

Revision history for this message

Per Hermansson (hermansson-per) wrote on 2009-03-09:

#4

script-security.debdiff Edit (1.5 KiB, text/plain)

I've patched kvpnc to always start openvpn with script-security 2. Not sure if it's the best solution but at least kvpnc now works for me.
I'm attaching a debdiff with the modifications I've made. The new version is also available in my ppa.

Revision history for this message

Olaf Lenz (olenz) wrote on 2009-04-17:

#5

I have just filed bug #362747, in which I summarize all the problems in connecting OpenVPN under Kubutnu jaunty.

Revision history for this message

Janusz Mordarski (janusz-mordarski) wrote on 2012-02-15:

#6

The problem shows up once again on Ubuntu 11.10 and OpenVPN 2.2.0.

There is no problem with Kvpnc and Ubuntu 10.x and 11.04, using OpenVPN 2.1.x.

So "--script-security 2" problem is back again.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

script-security.debdiff Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.