On Fri, 2008-05-30 at 11:59 +0300, Dimitris Zilaskos wrote: > I have tried removing the ns-cert-type from the nm-openvpn-service.c file. > Thus I have successfully connected to my openvpn server using x509 > authentication. However I am facing another issue now: routes are not > pushed, or if they are, they are ignored Here is the log:
They are pushed, but ignored. Like the situation with openvpn TAP connections, we don't have a way to push these server supplied routes from the VPN plugin back into NetworkManager's core. It's on my TODO list to get this working. By default, NetworkManager will route all traffic through the VPN, so the server supplied routes with a TUN connection are usually moot (as long as the VPN gateway knows how to route things properly). If you don't want to route all traffic through the VPN, you can manually specify which subnets should be routed through the VPN in the advanced properties dialog. Dan: Attached is a patch (against svn rev 3712) which removes the '--ns-cert-type server' argument from the openvpn service. I was not able to test this. (Does NM require polkit, or can it be disabled?). -casey
Index: NetworkManager/vpn-daemons/openvpn/src/nm-openvpn-service.c =================================================================== --- NetworkManager.orig/vpn-daemons/openvpn/src/nm-openvpn-service.c +++ NetworkManager/vpn-daemons/openvpn/src/nm-openvpn-service.c @@ -474,8 +474,6 @@ nm_openvpn_start_openvpn_binary (NMOpenv switch (connection_type) { case NM_OPENVPN_CONTYPE_X509: g_ptr_array_add (openvpn_argv, (gpointer) "--client"); - g_ptr_array_add (openvpn_argv, (gpointer) "--ns-cert-type"); - g_ptr_array_add (openvpn_argv, (gpointer) "server"); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CA); if (tmp) { @@ -525,8 +523,6 @@ nm_openvpn_start_openvpn_binary (NMOpenv case NM_OPENVPN_CONTYPE_PASSWORD: /* Client mode */ g_ptr_array_add (openvpn_argv, (gpointer) "--client"); - g_ptr_array_add (openvpn_argv, (gpointer) "--ns-cert-type"); - g_ptr_array_add (openvpn_argv, (gpointer) "server"); /* Use user/path authentication */ g_ptr_array_add (openvpn_argv, (gpointer) "--auth-user-pass"); @@ -539,8 +535,6 @@ nm_openvpn_start_openvpn_binary (NMOpenv case NM_OPENVPN_CONTYPE_X509USERPASS: g_ptr_array_add (openvpn_argv, (gpointer) "--client"); - g_ptr_array_add (openvpn_argv, (gpointer) "--ns-cert-type"); - g_ptr_array_add (openvpn_argv, (gpointer) "server"); tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CA); if (tmp) {
_______________________________________________ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list