** Description changed:
- Hi,
+ [Impact]
- Currently in Ubuntu 16.04 network-manager-openvpn does not support the
openvpn --max-routes switch.
- This means that per omission the VPN connection supports 100 routes that can
be pushed by the openvpn server to the client. If the openvpn server pushes
more 100 routes, which can happen in some cases, the VPN establishment fails.
+ network-manager-openvpn does not support the openvpn --max-routes switch.
+ This means that per omission the VPN connection supports 100 routes that can
be pushed by the openvpn server to the client. If the openvpn server pushes
more than 100 routes, the VPN establishment fails.
From OpenVPN manual:
"--max-routes n
Allow a maximum number of n --route options to be specified, either in the
local configuration file, or pulled from an OpenVPN server. By default, n=100."
- Can you do one of the following?
- - Fully support max-routes in the GUI, with an option to choose the value of
the max-routes
- or, simpler:
- - Do not implement the max-routes in the GUI but add '--max-routes 500' for
example for all openvpn connection establishments. I mean increase the number
of maximum routes for all openvpn connections with network-manager.
+ The attached patch comes from upstream's fix (see linked Gnome bug) and
+ adds a new option to the NM Advanced section for network-manager-
+ openvpn.
- There is also a gnome bugzilla related to this issue which was recently
- closed with a patch: https://bugzilla.gnome.org/show_bug.cgi?id=720097
+ [Test Case]
+ 1. Configure an OpenVPN server to push > 100 routes
+ 2. Set up a connection to it using network-manager-openvpn
+ 3. Attempt to connect
- When can we have the max-route implementation on network-manager-openvpn
- in ubuntu?
+ Before this fix, the connection would fail, and you'd not be able to
+ resolve it using Network Manager.
- mm:~$ lsb_release -rd
- Description: Ubuntu 16.04.1 LTS
- Release: 16.04
+ After the fix, the connection will fail, but one can use the UI, in the
+ Advanced section, to configure the maximum number of routes to be >= the
+ number sent.
- mm:~$ apt-cache policy network-manager-openvpn
- network-manager-openvpn:
- Installed: 1.1.93-1ubuntu1
- Candidate: 1.1.93-1ubuntu1
- Version table:
- *** 1.1.93-1ubuntu1 500
- 500 http://pt.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
- 100 /var/lib/dpkg/statusThanks,
+ [Regression Potential]
- mm:~$ apt-cache policy network-manager-openvpn-gnome
- network-manager-openvpn-gnome:
- Installed: 1.1.93-1ubuntu1
- Candidate: 1.1.93-1ubuntu1
- Version table:
- *** 1.1.93-1ubuntu1 500
- 500 http://pt.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
- 100 /var/lib/dpkg/status
+ Two broad areas -
+ 1) the UI could be messed up, and make it difficult or impossible to
configure VPNs. Or,
- mm:~$ apt-cache policy openvpn
- openvpn:
- Installed: 2.3.10-1ubuntu2
- Candidate: 2.3.10-1ubuntu2
- Version table:
- *** 2.3.10-1ubuntu2 500
- 500 http://pt.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
- 100 /var/lib/dpkg/status
-
- Regards,
-
- Marco
+ 2) the establishment of a VPN could fail, both
+ 2.a) with peers that push < 100 routes
+ 2.b) with peers that push > 100 routes
** Changed in: network-manager-openvpn (Ubuntu Xenial)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager-openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1617098
Title:
Add support for option max-routes
Status in NetworkManager-OpenVPN:
Fix Released
Status in network-manager-openvpn package in Ubuntu:
Fix Released
Status in network-manager-openvpn source package in Xenial:
Confirmed
Status in network-manager-openvpn source package in Zesty:
Fix Released
Bug description:
[Impact]
network-manager-openvpn does not support the openvpn --max-routes switch.
This means that per omission the VPN connection supports 100 routes that can
be pushed by the openvpn server to the client. If the openvpn server pushes
more than 100 routes, the VPN establishment fails.
From OpenVPN manual:
"--max-routes n
Allow a maximum number of n --route options to be specified, either in the
local configuration file, or pulled from an OpenVPN server. By default, n=100."
The attached patch comes from upstream's fix (see linked Gnome bug)
and adds a new option to the NM Advanced section for network-manager-
openvpn.
[Test Case]
1. Configure an OpenVPN server to push > 100 routes
2. Set up a connection to it using network-manager-openvpn
3. Attempt to connect
Before this fix, the connection would fail, and you'd not be able to
resolve it using Network Manager.
After the fix, the connection will fail, but one can use the UI, in
the Advanced section, to configure the maximum number of routes to be
>= the number sent.
[Regression Potential]
Two broad areas -
1) the UI could be messed up, and make it difficult or impossible to
configure VPNs. Or,
2) the establishment of a VPN could fail, both
2.a) with peers that push < 100 routes
2.b) with peers that push > 100 routes
To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager-openvpn/+bug/1617098/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
