Re: [OT] Is there a how-to on importing a CISCO certificate file to VPNC?
Bastien Nocera wrote: > On Wed, 2007-06-13 at 03:14 +0530, Rogue wrote: > >> Hi All, >> >> I am trying to remove my current dependency of Cisco VPN client by >> switching to VPNC. Unfortunately I am not able to locate any useful >> documentation on the web :-( .. Has anyone on this list succeeded in >> doing this? >> >> I see that there are certificates and a shared key to be used, but not >> sure how to go about with it. >> > > NetworkManager-vpnc should have an importer for .pcf files, which > contain the VPM definition. This page will allow you to decode the > shared password, then you only need your username and password. > > http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode > > If I try to import the pcf file from NM-VPN gui, then I get the following error: The VPN setting does not contain valid data I tried looking for other executables which are part of the package, but was not able to come up with anything useful. Am I missing something? thanks, Rogue > Cheers > > ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [OT] Is there a how-to on importing a CISCO certificate file to VPNC?
On Wed, 2007-06-13 at 03:14 +0530, Rogue wrote: > Hi All, > > I am trying to remove my current dependency of Cisco VPN client by > switching to VPNC. Unfortunately I am not able to locate any useful > documentation on the web :-( .. Has anyone on this list succeeded in > doing this? > > I see that there are certificates and a shared key to be used, but not > sure how to go about with it. NetworkManager-vpnc should have an importer for .pcf files, which contain the VPM definition. This page will allow you to decode the shared password, then you only need your username and password. http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode Cheers -- Bastien Nocera <[EMAIL PROTECTED]> ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
[OT] Is there a how-to on importing a CISCO certificate file to VPNC?
Hi All, I am trying to remove my current dependency of Cisco VPN client by switching to VPNC. Unfortunately I am not able to locate any useful documentation on the web :-( .. Has anyone on this list succeeded in doing this? I see that there are certificates and a shared key to be used, but not sure how to go about with it. thanks, Rogue F7 + NetworkManager 0.6.5 + NM-VPNC 0.6.4-3 ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
problems getting networkmanager running under zenwalk-4.6
Hi There, ich installed networkmanager-0.6.5 from source on my system. The problem is that I see with nm-applet the availiable networks but can not connect to them. That s waht cat /var/log/syslog gives me out: Jun 12 20:56:17 (none) NetworkManager: ^I/usr/sbin/NetworkManager [0x8053991] Jun 12 20:56:52 (none) NetworkManager: real_act_stage2_config(): Activation (eth1/wireless): couldn't connect to the supplicant. So has anybody of you a idea by what this can be caused? wpa_Supplicant is installed! I have dhcp-3.0.5 dhcdbd-2.7 dbus-1.0.2 and hal-0.5.8.1 installed Thanks in advance thorsten ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: VPN menu does not appear in nm-applet in Fedora 7
Havard Rue wrote: > Hi. > > I have problems with the nm-applet with a fresh install of Fedora 7. > Even though I do install the vpnc-plugin for NetworkManager, it does > not appear any more in the nm-applet. It all worked fine for FC6. Same > appear for the openvpn-plugin. Perhaps I am missing something > fundamental? You need to restart both the service and the applet after installing NM-vpnc. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Suggestion: Change hardware adress / MAC
On Tue, 2007-06-12 at 17:13 +0200, Elektranox wrote: > Hi. > > I would like a feature to change the hardware adress / MAC adress. > This is quite useful for closed wireless networks if you have got on > registered WLAN device and want to connect with another. So it would > be nice if the MAC is saved for each wireless network... Will be possible in 0.7. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Suggestion: Change hardware adress / MAC
Hi. I would like a feature to change the hardware adress / MAC adress. This is quite useful for closed wireless networks if you have got on registered WLAN device and want to connect with another. So it would be nice if the MAC is saved for each wireless network... Sebastian ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: NetworkManager static-routes support patch
Hi,
i have finally 100% working patch (include info in log) ;)
Dan Williams píše v Po 11. 06. 2007 v 21:57 -0400:
> On Fri, 2007-06-08 at 09:36 +0200, Blonďák wrote:
> > Hi,
> > after small fix it works, here is working version, but i have small
> > question.
> > Don't you have idea why this doesn't work?
> >
> > nm_info (" static route %s gw %s", inet_ntoa(temp_route.host),
> > inet_ntoa(temp_route.gw));
> >
> > it output host IP address twice instead of host and gw ip address, code
> > bellow works without problem.
> >
> > nm_info (" static route %s", inet_ntoa(temp_route.host));
> > nm_info ("gw %s", inet_ntoa(temp_route.gw));
>
> Probably because inet_ntoa() uses a static buffer, and compiler
> instruction ordering may not guarantee what gets called when within the
> same statement, because neither of those really have side-effects. Just
> a guess.
>
> You should probably use inet_ntop() instead here, with two different
> static buffers, one for the host and one for the gw. Something like the
> following would probably do it better:
>
> ---
>
> #define BUFSIZE 50
> char buf1[BUFSIZE];
> char buf2[BUFSIZE];
> char * ret;
> struct in_addr addr;
>
> addr.s_addr = temp_route.host;
> ret = inet_ntop (AF_INET, &addr, &buf1, BUFSIZE);
> if (!ret)
> goto error;
>
> addr.s_addr = temp_route.gw;
> ret = inet_ntop (AF_INET, &addr, &buf2, BUFSIZE);
> if (!ret)
> goto error;
>
> nm_info (" static route %s gw %s", buf1, buf2);
>
> --
>
> Dan
>
> >
> > with regards
> >
> > Blondak
> >
> > Dan Williams píše v Čt 07. 06. 2007 v 16:29 -0400:
> > > On Thu, 2007-06-07 at 22:17 +0200, Blonďák wrote:
> > > > I update the patch code using your comments, but i am not able test it
> > > > right now, i will test it tomorrow.
> > >
> > > Looks better, thanks. Let me know if the test works and then I'll be
> > > happy to apply it.
> > >
> > > Thanks,
> > > Dan
> > >
> > > > Blondak
> > > >
> > > >
> > > > Dan Williams píše v Čt 07. 06. 2007 v 13:01 -0400:
> > > > > On Thu, 2007-06-07 at 15:12 +0200, Blonďák wrote:
> > > > > > Hi,
> > > > > > i wrote patch for NetworkManager for support static-routes from DHCP
> > > > > > (033).
> > > > >
> > > > > Nice! A few comments...
> > > > >
> > > > > - instead of doing "(*temp_route).host", just use "temp_route->host".
> > > > > That shows up in a few places.
> > > > >
> > > > > - do static routes -always- have a netmask of 0x?
> > > > >
> > > > > - I'd prefer to have the nm_ip4_config_add_static_route() function
> > > > > _copy_ the NMIP4Route structure and append it to the list. The
> > > > > NMIP4Config should also free any NMIP4Route structures that it has
> > > > > references to when it is destroyed. Once you've done this don't
> > > > > forget
> > > > > to free the malloc-ed NMIP4Route structure too. Also please check
> > > > > for a
> > > > > NULL return value after the malloc and print out a warning and break
> > > > > out
> > > > > of the for() loop. Should also check for NULL return from the
> > > > > g_malloc0
> > > > > when you add that to nm_ip4_config_add_static_route and return.
> > > > >
> > > > > - There are some spaces after the ( in
> > > > > nm_ip4_config_add_static_route():
> > > > > +g_return_if_fail ( config != NULL);
> > > > >
> > > > > Thanks!
> > > > > Dan
> > > > >
> > > > > > With regards
> > > > > >
> > > > > > Blondak
> > > > > >
> > > > > >
> > > > > > ___
> > > > > > NetworkManager-list mailing list
> > > > > > NetworkManager-list@gnome.org
> > > > > > http://mail.gnome.org/mailman/listinfo/networkmanager-list
> > > > >
> > >
>
diff -bBru NetworkManager-0.6.5/src/dhcp-manager/nm-dhcp-manager.c NetworkManager-0.6.5-blondak/src/dhcp-manager/nm-dhcp-manager.c
--- NetworkManager-0.6.5/src/dhcp-manager/nm-dhcp-manager.c 2007-04-18 20:13:04.0 +0200
+++ NetworkManager-0.6.5-blondak/src/dhcp-manager/nm-dhcp-manager.c 2007-06-12 15:53:15.0 +0200
@@ -468,13 +468,18 @@
guint32 * ip4_broadcast = NULL;
guint32 * ip4_nameservers = NULL;
guint32 * ip4_gateway = NULL;
+ guint32 num_ip4_static_routes = 0;
guint32 num_ip4_nameservers = 0;
guint32 num_ip4_nis_servers = 0;
char * hostname = NULL;
char * domain_names = NULL;
char * nis_domain = NULL;
guint32 * ip4_nis_servers = NULL;
+ guint32 * ip4_static_routes = NULL;
struct in_addr temp_addr;
+ struct NMIP4Route temp_route;
+ char temp_char_host[INET_ADDRSTRLEN];
+ char temp_char_gw[INET_ADDRSTRLEN];
nm_completion_args args;
g_return_val_if_fail (manager != NULL, NULL);
@@ -520,6 +525,7 @@
get_ip4_string (manager, dev, "domain_name", &domain_names, TRUE);
get_ip4_string (manager, dev, "nis_domain", &nis_domain, TRUE);
get_ip4_uint32s (manager, dev, "nis_servers", &ip4_nis_servers, &num_ip4_nis_servers, TRUE);
+ get_ip4_uint32s (manager, dev, "static_routes", &ip4_static_routes, &num_
VPN menu does not appear in nm-applet in Fedora 7
Hi. I have problems with the nm-applet with a fresh install of Fedora 7. Even though I do install the vpnc-plugin for NetworkManager, it does not appear any more in the nm-applet. It all worked fine for FC6. Same appear for the openvpn-plugin. Perhaps I am missing something fundamental? The packages I have installed, are NetworkManager-0.6.5-3.fc7 NetworkManager-gnome-0.6.5-3.fc7 NetworkManager-vpnc-0.6.4-3.fc7 NetworkManager-glib-0.6.5-3.fc7 vpnc-0.4.0-2.fc7 I have turned off selinux, but it did not help. I can start the vpnc manually of'course, but... Any ides? Havard -- Håvard Rue Department of Mathematical Sciences Norwegian University of Science and Technology N-7491 Trondheim, Norway Voice: +47-7359-3533URL : http://www.math.ntnu.no/~hrue Fax : +47-7359-3524Email: [EMAIL PROTECTED] Please avoid sending me Word or PowerPoint attachments, see http://www.gnu.org/philosophy/no-word-attachments.html This message was created in a Microsoft-free computing environment. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: nm-openswan is alive again!
Technically speaking, you should be able to run as many concurrent IPsec connections as you want. In reality, I've used openswan to run up to 4 seperate and independant concurrent IPsec tunnels, some with and without Virtual interfaces (for DHCP over IPsec). My goal is to make NM-Openswan capable of doing the same thing, but as we've discussed previously, the nm-VPN API's weren't really designed to handle the case of multiple concurrent vpn connections. I'm currently reviewing the proposed changes to the VPN API and comparing it to the over all design of my plugin to see how to find a working model that can be used for any VPN client (not just openswan). Ideally, I think NM should be able to handle any number of concurrent Point-to-Point vpn connections with split tunneling. Of course some vpn clients don't support split tunneling (Cisco vpn is one I think) which is more akin to the one-off style design of the current API. It all comes down to routing table modifications. For example, Pluto (the daemonized portion of Openswan) automatically handles routing table modifications, whereas others will recieve those modifcations and pass them back to nm for processing in: nm_vpn_ip4config(). given that vpnc, openswan, openvpn, and most other vpn clients are simply getting front-ends and DBUS integration, I'd like to allow the native clients to handle the requsite routing table mods and use nm to montior, control, and create / modify the parameters of the connection configs passed the the actual vpn client. To try and supplant that functionality within the nm-vpn plugin architecture will introduce dependencies between nm and specific versions of various vpn clients which is not what we want (IMHO). For example, if the internal API's of Openswan change, and my nm-openswan plugin replaces the functionality of parts of the openswan distribution, then there's a good chance my plugin will break on new subsequent releases of the openswan client. Whereas if I simply control the components of Openswan from my plugin, along with passing connection configs and status across DBUS for monitoring, I can expect that the user-end functionality of the openswan client to change very little, and *hopefully* my nm-openswan vpn plugin will work with new releases of openswan, regardless of any internal API changes to the openswan client. If I'm repeating someone else's ideas, it's because I'm still catching up on the mailing list. As always, all comments are welcome. Steve. NB: Thanks for all the replies, it's good to know so many are interested in this plugin. As a bonus, I've been given access to a variety of "supposedly" IPsec compliant gateways. I'll have lots of variety for my testing, and it should validate my initial testing results that showed OpenSwan as the ideal choice for standard IPsec vpn connections when I started writing the nm-vpn plugin. Dan Williams wrote: > On Mon, 2007-06-11 at 23:34 +0200, Tomáš Hnyk wrote: > >> On Sun, 10 Jun 2007 01:46:15 +0200, Dan Williams <[EMAIL PROTECTED]> wrote: >> >> >>> On Sat, 2007-06-09 at 18:03 -0400, steve wrote: >>> Hi, Just a quick post to inform anyone who cares, that I've finished my employment transition, re-created my development environment and I've re-started work on the openswan vpn plugin. I've made two design changes to allow for multiple concurrent vpn connections (in future releases) as it will be required for my new job. I'll post again when I've got a tar ball for others to test. >>> Awesome! You might want to look at an email recently sent about a new >>> API for VPNs to see if it would also work for openswan. >>> >>> "Proposal for a new VPN DBUS interface" - May 8th >>> >>> Dan >>> >>> If anyone feels inclined to help with the effort (which is mainly bug fixing at this point), feel free to contact me. Steve. >> Does this also mean that it will possible to use VPN even if the network >> connection is not managed through NM but is set to static as described >> here: >> https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/115750 - or >> is that only Ubuntu thing? >> > > NM by definition won't know (and therefore won't care) about connections > that aren't know to NM. That's as it should be. On the other hand, the > configuration information will soon be flexible enough to deal with most > of the cases, but that's already mostly the case for VPNs. > > Dan > > > > ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
VPN menu does not appear in nm-applet in Fedora 7
Hi. I have problems with the nm-applet with a fresh install of Fedora 7. Even though I do install the vpnc-plugin for NetworkManager, it does not appear any more in the nm-applet. It all worked fine for FC6. Same appear for the openvpn-plugin. Perhaps I am missing something fundamental? The packages I have installed, are NetworkManager-0.6.5-3.fc7 NetworkManager-gnome-0.6.5-3.fc7 NetworkManager-vpnc-0.6.4-3.fc7 NetworkManager-glib-0.6.5-3.fc7 vpnc-0.4.0-2.fc7 I have turned off selinux, but it did not help. I can start the vpnc manually of'course, but... Any ides? Havard -- Håvard Rue Department of Mathematical Sciences Norwegian University of Science and Technology N-7491 Trondheim, Norway Voice: +47-7359-3533URL : http://www.math.ntnu.no/~hrue Fax : +47-7359-3524Email: [EMAIL PROTECTED] Please avoid sending me Word or PowerPoint attachments, see http://www.gnu.org/philosophy/no-word-attachments.html This message was created in a Microsoft-free computing environment. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
