[Pkg-utopia-maintainers] Bug#1107240: network-manager-openvpn-gnome: GUI import/edit drops crucial "data-ciphers" option from config

Florian Schlichting schlichting at zib.de
Tue Jun 3 16:44:53 BST 2025 

Package: network-manager-openvpn-gnome
Version: 1.12.0-2
Severity: important
Tags: patch

Dear Maintainer,

I am a user of an OpenVPN service which uses the AES-256-CBC cipher,
meaning the --data-ciphers option needs to be used. Support for this
option in the network-manager-openvpn backend was added as part of the
fix for #1012664. However, the Gnome GUI (as opposed to nmcli) is still
unaware of this option, and will delete it from the configuration both
when creating a new connection via import of an ovpn file, as well as
when editing an existing working connection, for example one that has
been created from an ovpn file with nmcli.

There is an upstream bug about this:
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/110
and it has a fairly simple patch / MR:
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/86

I can confirm that building network-manager-openvpn-gnome 1.12.0-2 with
this patch included fixes the issue: I can correctly import an opvn
config file containing data-ciphers, and I can edit an existing VPN
connection containing that option without it being deleted.

Looking at the lack of progress / upstream response on this issue (which
I think might have to do with their desire to support older openvpn
versions as well, needing more complex logic), I'm asking for this patch
to be included in the Debian package for the time being.

Thank you
Florian


-- System Information:
Debian Release: 13.0
   APT prefers testing
   APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.27-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE 
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages network-manager-openvpn-gnome depends on:
ii  libc6                    2.41-8
ii  libglib2.0-0t64          2.84.2-1
ii  libgtk-3-0t64            3.24.49-3
ii  libgtk-4-1               4.18.5+ds-1
ii  libnm0                   1.52.0-6
ii  libnma-gtk4-0            1.10.6-5
ii  libnma0                  1.10.6-5
ii  libsecret-1-0            0.21.7-1
ii  network-manager-openvpn  1.12.0-2

network-manager-openvpn-gnome recommends no packages.

network-manager-openvpn-gnome suggests no packages.

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5012 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20250603/61cdad9b/attachment.p7s>

More information about the Pkg-utopia-maintainers mailing list