Issue with "Diffie–Hellman" key in Ubuntu NetworkManager?

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Locked
HOTDOG
OpenVpn Newbie
Posts: 8
Joined: Wed Mar 02, 2011 1:16 pm

Issue with "Diffie–Hellman" key in Ubuntu NetworkManager?

Post by HOTDOG » Thu Mar 03, 2011 12:29 pm

I was just wondering because on my Windows 7 system these entrys are in my OpenVPN configuration:

dh xxx_cert/dh1024.pem
cipher AES-128-CBC

But in Ubuntu 10.10 NetworkManager Applet 0.8.1 "dh xxx_cert/dh1024.pem" is missing.

The funny thing is I entered the path to the "dh1024.pem" key manually in NetworkManager but I could never get a connection. When I imported my Windows 7 configuration file into NetworkManager i got immediately a connection but without the "dh1024.pem" key.

My questions:
Is it secure to establish a VPN connection without the "dh1024.pem" key?
Is it normal to do so or a NetworkManager bug?

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Issue with "Diffie–Hellman" key in Ubuntu NetworkManager

Post by janjust » Thu Mar 03, 2011 12:42 pm

The dh1024.pem file is used only for setting up an OpenVPN server ; it is not used on the client side. The NetworkManager is used for managing client connections, not server connections, hence the dh1024.pem support is missing.

IIRC, it's not even possible to run openvpn as a client when the line 'dh dh1024.pem' is present.

HOTDOG
OpenVpn Newbie
Posts: 8
Joined: Wed Mar 02, 2011 1:16 pm

Re: Issue with "Diffie–Hellman" key in Ubuntu NetworkManager

Post by HOTDOG » Thu Mar 03, 2011 12:53 pm

Thanks janjust,
your answer really helped me.

"IIRC, it's not even possible to run openvpn as a client when the line 'dh dh1024.pem' is present."
That was my problem with Ubuntu. I wonder why it worked with Windows though.

Does this mean I can delete the "dh xxx_cert/dh1024.pem" entry in my Windows Configuration?
And the entry "tls-auth xxx_cert/tls.key 1" from my other VPN provider too?

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Issue with "Diffie–Hellman" key in Ubuntu NetworkManager

Post by janjust » Thu Mar 03, 2011 2:15 pm

tls-auth *IS* useful, but 'dh dh1024.pem' cannot be used on the client side.

HOTDOG
OpenVpn Newbie
Posts: 8
Joined: Wed Mar 02, 2011 1:16 pm

Re: Issue with "Diffie–Hellman" key in Ubuntu NetworkManager

Post by HOTDOG » Fri Mar 04, 2011 3:46 pm

Thanks again janjust. Topic can be closed.

Douglas
Forum Team
Posts: 285
Joined: Wed Aug 27, 2008 2:41 am

Re: Issue with "Diffie–Hellman" key in Ubuntu NetworkManager

Post by Douglas » Fri Mar 04, 2011 8:14 pm

HOTDOG wrote:Thanks again janjust. Topic can be closed.
Sure, done by request.

That said,

20:19 < Dougy> !ubuntu
20:19 <@vpnHelper> "ubuntu" is dont use network manager!

Locked