[Pkg-utopia-maintainers] Bug#820554: network-manager-openvpn: /dev/urandom not included in chroot, leads to crashes with static key

[Andreas Kloeckner]

Package: network-manager-openvpn
Version: 1.1.93-1
Severity: normal

Dear Maintainer,

when I try to connect to my OpenVPN server (using a static key) through NM, I get the following snippet in the logs:

Apr 09 15:10:04 bolt nm-openvpn[24250]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Apr 09 15:10:04 bolt nm-openvpn[24250]: GID set to nm-openvpn
Apr 09 15:10:04 bolt nm-openvpn[24250]: UID set to nm-openvpn
Apr 09 15:10:04 bolt nm-openvpn[24250]: UDPv4 link local: [undef]
Apr 09 15:10:04 bolt nm-openvpn[24250]: UDPv4 link remote: [AF_INET]10.8.0.1:1194
Apr 09 15:10:04 bolt nm-openvpn[24250]: RAND_bytes() failed
Apr 09 15:10:04 bolt nm-openvpn[24250]: Assertion failed at crypto.c:1386 (rand_bytes (output, len))
Apr 09 15:10:04 bolt nm-openvpn[24250]: Exiting due to fatal error

This:

https://community.openvpn.net/openvpn/ticket/646

suggests that this is likely due to /dev/urandom being inaccessible in the chroot (as mentioned in the logs).

Thanks!
Andreas

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages network-manager-openvpn depends on:
ii  adduser       3.114
ii  libc6         2.22-5
ii  libglib2.0-0  2.48.0-1
ii  libnm0        1.1.92-1
ii  openvpn       2.3.10-1

network-manager-openvpn recommends no packages.

network-manager-openvpn suggests no packages.

-- no debconf information