No way to specify tls-version-min or tls-version-max, please include the config options in the GUI config panel.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NetworkManager-OpenVPN |
Fix Released
|
Unknown
|
|||
network-manager-openvpn (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
The OpenVPN plugin for Network Manager does not have any mechanisms to interpret tls-version-
In Debian upstream, especially in Buster and Unstable, they disable TLS 1.0, 1.1, and 1.2 by default and use only TLS 1.3 by default. Therefore, with OpenVPN servers that only use TLS 1.2 or older, it is impossible to establish a tunnel to those locations *unless* you specify tls-version-
This can be done in OVPN files for OpenVPN directly, but there is currently no mechanism to do this in the GUI.
This is tracked in Debian https:/
Upstream, GNOME has not yet merged a merge request which would add this option to the GUI: https:/
Testing in Debian, the patch works against NetworkManager OpenVPN there. I am currently testing these in Focal, Eoan, and Bionic to see if this is something we can possibly include at a future date to fix this issue long-term.
In the interim, this tracks the request to get these features in.
Changed in network-manager-openvpn: | |
status: | Unknown → New |
Changed in network-manager-openvpn (Ubuntu): | |
status: | Triaged → Fix Committed |
Changed in network-manager-openvpn: | |
status: | New → Fix Released |
This bug was fixed in the package network- manager- openvpn - 1.8.10-1ubuntu1
--------------- manager- openvpn (1.8.10-1ubuntu1) focal; urgency=medium
network-
* debian/ patches/ git_tls_ version. patch:
- backport patch to allow specifying the supported tls versions
(lp: #1849573)
-- Sebastien Bacher <email address hidden> Wed, 26 Feb 2020 16:01:37 +0100