13651 – version 3.4.2 of OpenVPN Connect (Android) is highlighting additional unsupported options

Bug 13651 - version 3.4.2 of OpenVPN Connect (Android) is highlighting additional unsupported options

Summary: version 3.4.2 of OpenVPN Connect (Android) is highlighting additional unsuppo...

Status:	NEW

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified Unspecified

Importance:	- Unknown - - Unknown -
Assignee:	Assigned to nobody - feel free to grab it and work on it
QA Contact:

URL:
Keywords:

Duplicates (1):	13686 (view as bug list)
Depends on:
Blocks:	OPENVPN-2024
	Show dependency tree / graph

Reported:	2024-04-15 12:16 UTC by Adolf Belka
Modified:	2024-05-13 10:43 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
OpenVPN Connect error message when trying to connect to IPFire from forum user (104.21 KB, image/jpeg) 2024-04-15 12:16 UTC, Adolf Belka	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adolf Belka 2024-04-15 12:16:42 UTC

Created attachment 1523 [details]
OpenVPN Connect error message when trying to connect to IPFire from forum user

A user on the forum has highlighted that the version 3.4.2 of OpenVPN Connect (Android App) is highlighting new current options that are being dropped as not supported.

These include pkcs12, providers and data-ciphers fallback.

At the moment those can be ignored on the app but the message say that the next release of OpenVPN Connect (Android) will entirely disallow them. It is not clear i=f that will mean that the connection will fail if those options are in the .ovpn profile or only that they will be ignored.

Currently the options can be ignored but if that ignore option was not there the message is indicating that the connection would fail.

This suggests that with version 3.4.3 of OpenVPN Connect (Android) only cipher negotiation will be allowed and fallback to older ciphers will fail.

Comment 1 Michael Tremer 2024-04-16 11:18:46 UTC

(In reply to Adolf Belka from comment #0)
> Created attachment 1523 [details]
> OpenVPN Connect error message when trying to connect to IPFire from forum
> user
> 
> A user on the forum has highlighted that the version 3.4.2 of OpenVPN
> Connect (Android App) is highlighting new current options that are being
> dropped as not supported.
> 
> These include pkcs12, providers and data-ciphers fallback.

Providers and data-cipher-fallback are not a problem after we upgrade to OpenVPN 2.6.

However, PKCS12 is, because we always ship the certificate in that format.

I could not find anything online that announces this change.

Comment 2 Adolf Belka 2024-04-22 10:05:08 UTC

(In reply to Michael Tremer from comment #1)
> (In reply to Adolf Belka from comment #0)
> 
> Providers and data-cipher-fallback are not a problem after we upgrade to
> OpenVPN 2.6.
> 
> However, PKCS12 is, because we always ship the certificate in that format.
> 
> I could not find anything online that announces this change.

I also couldn't find anything in any logs.

I am wondering if this is specific to the OpenVPN Connect Android client.

When I tested out connecting via  the OpenVPN command line to test out the first OpenVPN-2.6 branch that I tested and used the latest openvpn client on my laptop I do not remember seeing any messages like that in the logs and I went through the logs in some detail.

I will try it again with the latest OpenVPN-2.6 branch that I have on my system and test it with Arch Linux instead of the Ubuntu-20.04.4 vm and check for any messages like that.

Comment 3 Michael Tremer 2024-05-13 10:43:23 UTC

*** Bug 13686 has been marked as a duplicate of this bug. ***