Hello,
I am missing an option to pass the "--float" parameter to OpenVPN from
network-manager-openvpn so I cooked a small patch that adds a checkbox
under advanced options.
"--float" when specified with "--remote" allows an OpenVPN session to
initially connect to a peer at a known address, however if packets arrive
from a new address and pass all authentication tests, the new address will
take control of the session. This is useful when you are connecting to a
peer which holds a dynamic address such as a dial-in user or DHCP client.
Could you merge it upstream?
Thanks in advance!
Regards.
From bf1d3f07b35e83ac4a54ce06bf8bd580c972f483 Mon Sep 17 00:00:00 2001
From: Carlos Alberto Lopez Perez
Date: Tue, 2 Nov 2010 18:04:59 +0100
Subject: [PATCH] Add checkbox to pass the --float option in OpenVPN
* Essentially, --float tells OpenVPN to accept authenticated packets from
any address, not only the address which was specified in the --remote
option. This allows remote peer to change its IP address and/or port
number. This is useful when you are connecting to a peer which holds
a dynamic address such as a dial-in user or DHCP client.
---
properties/auth-helpers.c | 11 +++
properties/nm-openvpn-dialog.glade | 14 ++
src/nm-openvpn-service.c |5 +
src/nm-openvpn-service.h |1 +
4 files changed, 31 insertions(+), 0 deletions(-)
diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c
index 631be2b..09b7a0e 100644
--- a/properties/auth-helpers.c
+++ b/properties/auth-helpers.c
@@ -841,6 +841,7 @@ static const char *advanced_keys[] = {
NM_OPENVPN_KEY_PORT,
NM_OPENVPN_KEY_COMP_LZO,
NM_OPENVPN_KEY_MSSFIX,
+ NM_OPENVPN_KEY_FLOAT,
NM_OPENVPN_KEY_TUNNEL_MTU,
NM_OPENVPN_KEY_FRAGMENT_SIZE,
NM_OPENVPN_KEY_TAP_DEV,
@@ -1389,6 +1390,12 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_FLOAT);
+ if (value && !strcmp (value, "yes")) {
+ widget = glade_xml_get_widget (xml, "float_checkbutton");
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
+ }
+
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_PROTO_TCP);
if (value && !strcmp (value, "yes")) {
widget = glade_xml_get_widget (xml, "tcp_checkbutton");
@@ -1581,6 +1588,10 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_MSSFIX), g_strdup ("yes"));
+ widget = glade_xml_get_widget (xml, "float_checkbutton");
+ if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
+ g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_FLOAT), g_strdup ("yes"));
+
widget = glade_xml_get_widget (xml, "tcp_checkbutton");
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PROTO_TCP), g_strdup ("yes"));
diff --git a/properties/nm-openvpn-dialog.glade b/properties/nm-openvpn-dialog.glade
index 78cc383..1f9e5d9 100644
--- a/properties/nm-openvpn-dialog.glade
+++ b/properties/nm-openvpn-dialog.glade
@@ -1107,6 +1107,20 @@
7
+
+
+Accept authenticated packets from any address (_Float)
+True
+True
+False
+True
+True
+
+
+False
+8
+
+
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 8ac0d26..bb3326f 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -99,6 +99,7 @@ static ValidProperty valid_properties[] = {
{ NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_COMP_LZO, G_TYPE_BOOLEAN, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CONNECTION_TYPE, G_TYPE_STRING, 0, 0, FALSE },
+ { NM_OPENVPN_KEY_FLOAT,G_TYPE_BOOLEAN, 0, 0, FALSE },
{ NM_OPENVPN_KEY_FRAGMENT_SIZE,G_TYPE_INT, 0, G_MAXINT, FALSE },
{ NM_OPENVPN_KEY_KEY, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_LOCAL_IP, G_TYPE_STRING, 0, 0, TRUE },
@@ -802,6 +803,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
if (tmp && !strcmp (tmp, "yes"))
add_openvpn_arg (args, "--comp-lzo");
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FLOAT);
+ if (tmp && !strcmp (tmp, "yes"))
+ add_openvpn_arg (args, "--float");
+
add_openvpn_arg (a