** Description changed:

- Hi,
+ [Impact]
  
- Currently in Ubuntu 16.04 network-manager-openvpn does not support the 
openvpn --max-routes switch.
- This means that per omission the VPN connection supports 100 routes that can 
be pushed by the openvpn server to the client. If the openvpn server pushes 
more 100 routes, which can happen in some cases, the VPN establishment fails.
+ network-manager-openvpn does not support the openvpn --max-routes switch.
+ This means that per omission the VPN connection supports 100 routes that can 
be pushed by the openvpn server to the client. If the openvpn server pushes 
more than 100 routes, the VPN establishment fails.
  
  From OpenVPN manual:
  "--max-routes n
  Allow a maximum number of n --route options to be specified, either in the 
local configuration file, or pulled from an OpenVPN server. By default, n=100."
  
- Can you do one of the following?
- - Fully support max-routes in the GUI, with an option to choose the value of 
the max-routes
- or, simpler:
- - Do not implement the max-routes in the GUI but add '--max-routes 500' for 
example for all openvpn connection establishments. I mean increase the number 
of maximum routes for all openvpn connections with network-manager.
+ The attached patch comes from upstream's fix (see linked Gnome bug) and
+ adds a new option to the NM Advanced section for network-manager-
+ openvpn.
  
- There is also a gnome bugzilla related to this issue which was recently
- closed with a patch: https://bugzilla.gnome.org/show_bug.cgi?id=720097
+ [Test Case]
+ 1. Configure an OpenVPN server to push > 100 routes
+ 2. Set up a connection to it using network-manager-openvpn
+ 3. Attempt to connect
  
- When can we have the max-route implementation on network-manager-openvpn
- in ubuntu?
+ Before this fix, the connection would fail, and you'd not be able to
+ resolve it using Network Manager.
  
- mm:~$ lsb_release -rd
- Description:  Ubuntu 16.04.1 LTS
- Release:      16.04
+ After the fix, the connection will fail, but one can use the UI, in the
+ Advanced section, to configure the maximum number of routes to be >= the
+ number sent.
  
- mm:~$ apt-cache policy network-manager-openvpn
- network-manager-openvpn:
-   Installed: 1.1.93-1ubuntu1
-   Candidate: 1.1.93-1ubuntu1
-   Version table:
-  *** 1.1.93-1ubuntu1 500
-         500 http://pt.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
-         100 /var/lib/dpkg/statusThanks,
+ [Regression Potential]
  
- mm:~$ apt-cache policy network-manager-openvpn-gnome
- network-manager-openvpn-gnome:
-   Installed: 1.1.93-1ubuntu1
-   Candidate: 1.1.93-1ubuntu1
-   Version table:
-  *** 1.1.93-1ubuntu1 500
-         500 http://pt.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
-         100 /var/lib/dpkg/status
+ Two broad areas -
+ 1) the UI could be messed up, and make it difficult or impossible to 
configure VPNs. Or,
  
- mm:~$ apt-cache policy openvpn
- openvpn:
-   Installed: 2.3.10-1ubuntu2
-   Candidate: 2.3.10-1ubuntu2
-   Version table:
-  *** 2.3.10-1ubuntu2 500
-         500 http://pt.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
-         100 /var/lib/dpkg/status
- 
- Regards,
- 
- Marco
+ 2) the establishment of a VPN could fail, both 
+ 2.a) with peers that push < 100 routes
+ 2.b) with peers that push > 100 routes

** Changed in: network-manager-openvpn (Ubuntu Xenial)
       Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager-openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1617098

Title:
  Add support for option max-routes

Status in NetworkManager-OpenVPN:
  Fix Released
Status in network-manager-openvpn package in Ubuntu:
  Fix Released
Status in network-manager-openvpn source package in Xenial:
  Confirmed
Status in network-manager-openvpn source package in Zesty:
  Fix Released

Bug description:
  [Impact]

  network-manager-openvpn does not support the openvpn --max-routes switch.
  This means that per omission the VPN connection supports 100 routes that can 
be pushed by the openvpn server to the client. If the openvpn server pushes 
more than 100 routes, the VPN establishment fails.

  From OpenVPN manual:
  "--max-routes n
  Allow a maximum number of n --route options to be specified, either in the 
local configuration file, or pulled from an OpenVPN server. By default, n=100."

  The attached patch comes from upstream's fix (see linked Gnome bug)
  and adds a new option to the NM Advanced section for network-manager-
  openvpn.

  [Test Case]
  1. Configure an OpenVPN server to push > 100 routes
  2. Set up a connection to it using network-manager-openvpn
  3. Attempt to connect

  Before this fix, the connection would fail, and you'd not be able to
  resolve it using Network Manager.

  After the fix, the connection will fail, but one can use the UI, in
  the Advanced section, to configure the maximum number of routes to be
  >= the number sent.

  [Regression Potential]

  Two broad areas -
  1) the UI could be messed up, and make it difficult or impossible to 
configure VPNs. Or,

  2) the establishment of a VPN could fail, both 
  2.a) with peers that push < 100 routes
  2.b) with peers that push > 100 routes

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager-openvpn/+bug/1617098/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to