Ubuntu
openvpn package

OpenVPN on Ubuntu Intrepid

Bug #305199 reported by Gonczi
4
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: openvpn

Since I updated from Hardy to Intrepid (8.10), OpenVPN does not work.

The first line in the log file is:

Thu Dec 4 16:55:37 2008 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 15 2008

and the three last ones are

Thu Dec 4 16:55:45 2008 openvpn_execve: external program may not be called due to setting of --script-security level
Thu Dec 4 16:55:45 2008 script failed: external program fork failed
Thu Dec 4 16:55:45 2008 Exiting

Revision history for this message
Noel J. Bergman (noeljb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 260291, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.

Revision history for this message
Thierry Carrez (ttx) wrote :

I'm not sure this is a duplicate. Bug 260291 was about usage with network-manager-openvpn and was fixed in Intrepid.

Gonczi: are you using network-manager-openvpn ? If not, could you post your openvpn configuration ?

Revision history for this message
Gonczi (georges-gonczi) wrote :

First I used network-manager but when the bug appeared I downloaded network-manager-openvpn and the bug remained unchanged. Here is my configuration file openvpn.conf (NAME stands for my user id, IP-number for the remote IP)

client
up ~/bin/up.sh
down ~/bin/down.sh
;dev tap
dev tun0
;dev-node vpn1
proto tcp
;proto udp
remote IP-number 22
;remote-random
resolv-retry infinite
nobind
;port 2222
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert NAME.crt
key NAME.key
ns-cert-type server
tls-auth XXXvpnta.key 1
;cipher BF-CBC # Blowfish (default)
cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
verb 3
;mute 20

And I use the command :

sudo openvpn --config openvpn.conf

Thank you.

Revision history for this message
Thierry Carrez (ttx) wrote :

2.1 RC9 and above introduced a new parameter for more security. If you want to maintain backward compatibility you should add "script-security 2" to your config file.

NB: you should consider putting your configuration in /etc/openvpn and starting it using "sudo /etc/init.d/openvpn start" to avoid such problems in the future.

Changed in openvpn:
status: New → Invalid
Revision history for this message
Gonczi (georges-gonczi) wrote :

OK it works !!!

However if I put "script-security 2" in the config file in /etc/openvpn there is an error message like "unknown parameter 2" (I don't remember exactly). I have also given the exact path for the files up.sh and down.sh.

Thank you so much for your aid

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.