I was just wondering because on my Windows 7 system these entrys are in my OpenVPN configuration:
dh xxx_cert/dh1024.pem
cipher AES-128-CBC
But in Ubuntu 10.10 NetworkManager Applet 0.8.1 "dh xxx_cert/dh1024.pem" is missing.
The funny thing is I entered the path to the "dh1024.pem" key manually in NetworkManager but I could never get a connection. When I imported my Windows 7 configuration file into NetworkManager i got immediately a connection but without the "dh1024.pem" key.
My questions:
Is it secure to establish a VPN connection without the "dh1024.pem" key?
Is it normal to do so or a NetworkManager bug?
Issue with "Diffie–Hellman" key in Ubuntu NetworkManager?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Mar 02, 2011 1:16 pm
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Issue with "Diffie–Hellman" key in Ubuntu NetworkManager
The dh1024.pem file is used only for setting up an OpenVPN server ; it is not used on the client side. The NetworkManager is used for managing client connections, not server connections, hence the dh1024.pem support is missing.
IIRC, it's not even possible to run openvpn as a client when the line 'dh dh1024.pem' is present.
IIRC, it's not even possible to run openvpn as a client when the line 'dh dh1024.pem' is present.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Mar 02, 2011 1:16 pm
Re: Issue with "Diffie–Hellman" key in Ubuntu NetworkManager
Thanks janjust,
your answer really helped me.
"IIRC, it's not even possible to run openvpn as a client when the line 'dh dh1024.pem' is present."
That was my problem with Ubuntu. I wonder why it worked with Windows though.
Does this mean I can delete the "dh xxx_cert/dh1024.pem" entry in my Windows Configuration?
And the entry "tls-auth xxx_cert/tls.key 1" from my other VPN provider too?
your answer really helped me.
"IIRC, it's not even possible to run openvpn as a client when the line 'dh dh1024.pem' is present."
That was my problem with Ubuntu. I wonder why it worked with Windows though.
Does this mean I can delete the "dh xxx_cert/dh1024.pem" entry in my Windows Configuration?
And the entry "tls-auth xxx_cert/tls.key 1" from my other VPN provider too?
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Issue with "Diffie–Hellman" key in Ubuntu NetworkManager
tls-auth *IS* useful, but 'dh dh1024.pem' cannot be used on the client side.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Mar 02, 2011 1:16 pm
Re: Issue with "Diffie–Hellman" key in Ubuntu NetworkManager
Thanks again janjust. Topic can be closed.
-
- Forum Team
- Posts: 285
- Joined: Wed Aug 27, 2008 2:41 am
Re: Issue with "Diffie–Hellman" key in Ubuntu NetworkManager
Sure, done by request.HOTDOG wrote:Thanks again janjust. Topic can be closed.
That said,
20:19 < Dougy> !ubuntu
20:19 <@vpnHelper> "ubuntu" is dont use network manager!