Re: Setting openVPN options
On Mon, Feb 20, 2012 at 3:36 AM, Volker Kuhlmann wrote: > Hi, > > Network manager dies trying to establish an openVPN connection because > it uses the wrong openVPN options. How can I change the openVPN options > used by NM? I need to add some and remove some. Which option? Some options could be set in nm-connection-editor. > And is it possible to get the output from openVPN properly? What it > writes to syslog is no where near sufficient and basically not useful > for debugging this sort of problem. http://live.gnome.org/NetworkManager/Debugging Hope it helpful. > Thanks, > > Volker > > -- > Volker Kuhlmann > http://volker.dnsalias.net/ Please do not CC list postings to me. > ___ > networkmanager-list mailing list > networkmanager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Setting openVPN options
Hi, Network manager dies trying to establish an openVPN connection because it uses the wrong openVPN options. How can I change the openVPN options used by NM? I need to add some and remove some. And is it possible to get the output from openVPN properly? What it writes to syslog is no where near sufficient and basically not useful for debugging this sort of problem. Thanks, Volker -- Volker Kuhlmann http://volker.dnsalias.net/ Please do not CC list postings to me. ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
multiple remotes and remote-random in openvpn
Hello! I've made a patch to support subj. in NM. Multiple hosts just separated by commas and/or spaces in gateway_entry. I think it's still suitable for including into the project, though may be the "NM way" is to use GtkTree and other forms for each new host. wbr. rr.patch Description: Unix manual page ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
OpenVPN connection through GSM device
Hi, i'm able to start an OpenVPN connection using Network Manager. It work fine if i start it through ethernet connection (previously activate)...but it work bad if i start VPN through GSM/GPRS device connection (previously activate). I'm able to start, but after a bit time (about some minutes) it go down. Below the fragment of Network Manager (DEBUG mode) logs: Nov 16 15:35:13 myWorkstation NetworkManager[2033]: Starting VPN service 'openvpn'... Nov 16 15:35:13 myWorkstation NetworkManager[2033]: VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 2125 Nov 16 15:35:13 myWorkstation kernel: tun: Universal TUN/TAP device driver, 1.6 Nov 16 15:35:13 myWorkstation kernel: tun: (C) 1999-2004 Max Krasnyansky < m...@qualcomm.com> Nov 16 15:35:13 myWorkstation NetworkManager[2033]: VPN service 'openvpn' appeared; activating connections Nov 16 15:35:13 myWorkstation NetworkManager[2033]: [1321457713.828958] [nm-vpn-connection.c:902] get_secrets(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPN) requesting VPN secrets pass #1 Nov 16 15:35:13 myWorkstation NetworkManager[2033]: [1321457713.831977] [nm-agent-manager.c:1100] nm_agent_manager_get_secrets(): Secrets requested for connection /org/freedesktop/NetworkManager/Set) Nov 16 15:35:13 myWorkstation NetworkManager[2033]: [1321457713.832486] [nm-settings-connection.c:850] nm_settings_connection_get_secrets(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:2) secrets requ' Nov 16 15:35:13 myWorkstation NetworkManager[2033]: [1321457713.841727] [nm-agent-manager.c:1015] get_start(): (0xf81f8/vpn) system settings secrets sufficient Nov 16 15:35:13 myWorkstation NetworkManager[2033]: [1321457713.842228] [nm-settings-connection.c:706] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:2) existing secrets returned Nov 16 15:35:13 myWorkstation NetworkManager[2033]: [1321457713.842587] [nm-settings-connection.c:712] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:2) secrets request completed Nov 16 15:35:13 myWorkstation NetworkManager[2033]: [1321457713.847864] [nm-settings-connection.c:751] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:2) new agent secrets processd Nov 16 15:35:13 myWorkstation NetworkManager[2033]: [1321457713.848273] [nm-vpn-connection.c:870] get_secrets_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPN) asking service if additional secrets ard Nov 16 15:35:13 myWorkstation NetworkManager[2033]: VPN plugin state changed: 1 Nov 16 15:35:14 myWorkstation NetworkManager[2033]: [1321457714.22935] [nm-vpn-connection.c:840] plugin_need_secrets_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPN) service indicated no additional d Nov 16 15:35:14 myWorkstation NetworkManager[2033]: VPN plugin state changed: 3 Nov 16 15:35:14 myWorkstation NetworkManager[2033]: VPN connection 'VPN' (Connect) reply received. Nov 16 15:35:14 myWorkstation nm-openvpn[2127]: OpenVPN 2.1.3 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 22 2010 Nov 16 15:35:14 myWorkstation nm-openvpn[2127]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Nov 16 15:35:14 myWorkstation nm-openvpn[2127]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Nov 16 15:35:14 myWorkstation nm-openvpn[2127]: WARNING: file '/etc/openvpn/certs/x-key.pem' is group or others accessible Nov 16 15:35:14 myWorkstation nm-openvpn[2127]: /usr/bin/openssl-vulnkey -q -b 2048 -m Nov 16 15:35:16 myWorkstation nm-openvpn[2127]: LZO compression initialized Nov 16 15:35:16 myWorkstation nm-openvpn[2127]: UDPv4 link local: [undef] Nov 16 15:35:16 myWorkstation nm-openvpn[2127]: UDPv4 link remote: [AF_INET]xx.xx.xxx.xxx:1194 Nov 16 15:35:44 myWorkstation nm-openvpn[2127]: [serverVpnPrdItaly] Peer Connection Initiated with [AF_INET]91.213.153.15:1194 Nov 16 15:35:49 myWorkstation NetworkManager[2033]: [1321457749.191751] [nm-netlink-monitor.c:117] link_msg_handler(): netlink link message: iface idx 7 flags 0x1090 Nov 16 15:35:49 myWorkstation nm-openvpn[2127]: TUN/TAP device tun0 opened Nov 16 15:35:49 myWorkstation nm-openvpn[2127]: /usr/libexec/nm-openvpn-service-openvpn-helper tun0 1500 1542 10.9.0.101 10.9.0.1 init Nov 16 15:35:49 myWorkstation NetworkManager[2033]: VPN connection 'VPN' (IP Config Get) reply received. Nov 16 15:35:49 myWorkstation NetworkManager[2033]: VPN Gateway: xx.xx.xxx.xxx Nov 16 15:35:49 myWorkstation NetworkManager[2033]: Internal Gateway: 10.9.0.1 Nov 16 15:35:49 myWorkstation NetworkManager[2033]: Tunnel Device: tun0 Nov 16 15:35:49 myWorkstation NetworkManager[2033]: Internal IP4 Address: 10.9.0.101 Nov 16 15:35:49 myWorkstation NetworkManager[2033]: Internal IP4 Prefix: 32 Nov 16 15:35:49 myWorkstation NetworkManager[2033]: Internal IP4 P
Re: OpenVpn plugin NeedSecret
[SOLVED] I've solved the problem. Thanks a lot to Dan for his support. I've added all secrets into /etc/NetworkManager/system-connection/VPNconn...below the correct structure: [connection] id=VPNconn uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e type=vpn autoconnect=FALSE [ipv4] method=auto [vpn] name=openvpn service-type=org.freedesktop.NetworkManager.openvpn connection-type=tls remote=xx..xx.it proto-tcp=no reneg-seconds=0 port=1194 ca=/etc/openvpn/certs/cacert.crt cert=/etc/openvpn/certs/x.pem key=/etc/openvpn/certs/xx-key.pem comp-lzo=yes [ipv6] method=ignore Reagards On Thu, Nov 3, 2011 at 4:43 PM, Dan Williams wrote: > On Thu, 2011-11-03 at 16:03 +0100, Francesco Andrisani wrote: > > Thanks a lot. But i'm not able to know all parameter to intert into > > my /etc/NetworkManager/system-connections/VPNconnection. > > > > For example keyfile, certficate, ecc > > > > Please can you tell me how to find these informations (all > > parameters)? > > At the moment the best way to do this is to edit the connection with > nm-connection-editor; otherwise it's a bit byzantine but the list of > acceptable parameters is here: > > > http://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service.h > > and the values that these keys can contain are in the code, but it's > probably non-trivial to pull them out. I can see where documenting the > acceptable values in the header there would be a nice thing to do. > Otherwise, if you have a config file you're importing from that would > work, or I can help you figure out what to use if you can describe your > VPN setup more. Or nm-connection-editor. > > Dan > > > > Thanks and regards > > > > On Thu, Nov 3, 2011 at 3:51 PM, Dan Williams wrote: > > On Thu, 2011-11-03 at 10:26 +0100, Francesco Andrisani wrote: > > > Anothe DEBUG info: > > > > > > debian:/etc/NetworkManager# /usr/libexec/nm-openvpn-service > > --debug > > > ** Message: nm-openvpn-service (version 0.9.0) starting... > > > ** Message: real_need_secrets: connection > > > - > > > connection > > > name : "connection" > > > id : "VPNconnection" (s) > > > uuid : "355653c0-34d3-4777-ad25-f9a498b7ef8e" (s) > > > type : "vpn" (s) > > > permissions : [] (sd) > > > autoconnect : FALSE (s) > > > timestamp : 0 (sd) > > > read-only : FALSE (sd) > > > > > > > > > ipv4 > > > name : "ipv4" > > > method : "auto" (s) > > > dns : [] (s) > > > dns-search : [] (sd) > > > addresses : [] (s) > > > routes : [] (s) > > > ignore-auto-routes : FALSE (sd) > > > ignore-auto-dns : FALSE (sd) > > > dhcp-client-id : NULL (sd) > > > dhcp-send-hostname : TRUE (sd) > > > dhcp-hostname : NULL (sd) > > > never-default : FALSE (sd) > > > may-fail : FALSE (sd) > > > > > > > > > ipv6 > > > name : "ipv6" > > > method : "ignore" (s) > > > dns : [] (s) > > > dns-search : [] (sd) > > > addresses : [] (s) > > > routes : [] (s) > > > ignore-auto-routes : FALSE (sd) > > > ignore-auto-dns : FALSE (sd) > > > never-default : FALSE (sd) > > > may-fail : TRUE (sd) > > > > > > > > > vpn > > > name : "vpn" > > > service-type : > > "org.freedesktop.NetworkManager.openvpn" (s) > > > user-name : NULL (sd) > > > data : [ { 'name': openvpn }, ] (s) > > > secrets : [ ] (s) > > > > > > So here's the problem; the [vpn] setting isn't completely > > specified. > > Did you import this connection from an openvpn config file? > > Unless this > > was changed at some point (or there's a bug in the editor) > > this > > connection was never valid sinc
Re: OpenVpn plugin NeedSecret
On Thu, 2011-11-03 at 16:03 +0100, Francesco Andrisani wrote: > Thanks a lot. But i'm not able to know all parameter to intert into > my /etc/NetworkManager/system-connections/VPNconnection. > > For example keyfile, certficate, ecc > > Please can you tell me how to find these informations (all > parameters)? At the moment the best way to do this is to edit the connection with nm-connection-editor; otherwise it's a bit byzantine but the list of acceptable parameters is here: http://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service.h and the values that these keys can contain are in the code, but it's probably non-trivial to pull them out. I can see where documenting the acceptable values in the header there would be a nice thing to do. Otherwise, if you have a config file you're importing from that would work, or I can help you figure out what to use if you can describe your VPN setup more. Or nm-connection-editor. Dan > Thanks and regards > > On Thu, Nov 3, 2011 at 3:51 PM, Dan Williams wrote: > On Thu, 2011-11-03 at 10:26 +0100, Francesco Andrisani wrote: > > Anothe DEBUG info: > > > > debian:/etc/NetworkManager# /usr/libexec/nm-openvpn-service > --debug > > ** Message: nm-openvpn-service (version 0.9.0) starting... > > ** Message: real_need_secrets: connection > > - > > connection > > name : "connection" > > id : "VPNconnection" (s) > > uuid : "355653c0-34d3-4777-ad25-f9a498b7ef8e" (s) > > type : "vpn" (s) > > permissions : [] (sd) > > autoconnect : FALSE (s) > > timestamp : 0 (sd) > > read-only : FALSE (sd) > > > > > > ipv4 > > name : "ipv4" > > method : "auto" (s) > > dns : [] (s) > > dns-search : [] (sd) > > addresses : [] (s) > > routes : [] (s) > > ignore-auto-routes : FALSE (sd) > > ignore-auto-dns : FALSE (sd) > > dhcp-client-id : NULL (sd) > > dhcp-send-hostname : TRUE (sd) > > dhcp-hostname : NULL (sd) > > never-default : FALSE (sd) > > may-fail : FALSE (sd) > > > > > > ipv6 > > name : "ipv6" > > method : "ignore" (s) > > dns : [] (s) > > dns-search : [] (sd) > > addresses : [] (s) > > routes : [] (s) > > ignore-auto-routes : FALSE (sd) > > ignore-auto-dns : FALSE (sd) > > never-default : FALSE (sd) > > may-fail : TRUE (sd) > > > > > > vpn > > name : "vpn" > > service-type : > "org.freedesktop.NetworkManager.openvpn" (s) > > user-name : NULL (sd) > > data : [ { 'name': openvpn }, ] (s) > > secrets : [ ] (s) > > > So here's the problem; the [vpn] setting isn't completely > specified. > Did you import this connection from an openvpn config file? > Unless this > was changed at some point (or there's a bug in the editor) > this > connection was never valid since it doesn't have the required > connection > type field and a few other things. Here's what it *should* > look like: > > [vpn] > service-type=org.freedesktop.NetworkManager.openvpn > connection-type=password > password-flags=3 > remote=ovpn.mycompany.com > cipher=AES-256-CBC > proto-tcp=yes > reneg-seconds=0 > port=443 > username=dcbw > ca=/home/dcbw/MyCA.pem > > or something along those lines. If you imported it from a > config file, > can you try doing that again? If it still looks like this, > can you send > me the config file so I can see what's going wrong? > > Dan > > > Regards > > > > > > On Thu, Nov 3, 2011 at 10:12 AM, Francesco Andrisani > > wrote: > > OK. > > > > So i've installed ope
Re: OpenVpn plugin NeedSecret
Hi, then...below my new (NetworkManager-openvpn) confg file and client.conf (openvpn) config file: debian# cat /etc/NetworkManager/system-connections/VPNconnection [connection] id=VPNconnection uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e type=vpn autoconnect=FALSE [ipv4] method=auto [vpn] name=openvpn service-type=org.freedesktop.NetworkManager.openvpn remote=openvpn.xxx.x.it proto-udp=yes reneg-seconds=0 port=1194 ca=/etc/openvpn/certs/cacert.crt cert=/etc/openvpn/certs/-vpn.pem key=/etc/openvpn/certs/x-vpn-key.pem [ipv6] method=ignore debian# cat /etc/openvpn/client.conf client dev tun proto udp # This is the remote ip address and port of the VPN Server remote openvpn.xxx.xx.it resolv-retry infinite ping 10 ping-restart 60 nobind persist-key persist-tun ca certs/cacert.crt cert certs/-vpn.pem key certs/xx-vpn-key.pem verb 3 comp-lzo explicit-exit-notify 2 log-append /var/log/openvpn.log Now...after your changes, if i try to start vpn from NetworkManager i can see these logs: Nov 3 16:26:54 debian NetworkManager[2899]: Starting VPN service 'openvpn'... Nov 3 16:26:54 debian NetworkManager[2899]: VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3296 Nov 3 16:26:54 debian NetworkManager[2899]: VPN service 'openvpn' appeared; activating connections Nov 3 16:26:54 debian NetworkManager[2899]: [1320337614.716383] [nm-vpn-connection.c:902] get_secrets(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) requesting VPN secrets pass #1 Nov 3 16:26:54 debian NetworkManager[2899]: [1320337614.716961] [nm-agent-manager.c:1100] nm_agent_manager_get_secrets(): Secrets requested for connection /org/freedesktop/NetworkManager/Settings/5 (vpn) Nov 3 16:26:54 debian NetworkManager[2899]: [1320337614.717110] [nm-settings-connection.c:850] nm_settings_connection_get_secrets(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:3) secrets requested flags 0x8000 hint '(null)' Nov 3 16:26:54 debian NetworkManager[2899]: [1320337614.720913] [nm-agent-manager.c:1015] get_start(): (0xfcba0/vpn) system settings secrets sufficient Nov 3 16:26:54 debian NetworkManager[2899]: [1320337614.721055] [nm-settings-connection.c:706] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:3) existing secrets returned Nov 3 16:26:54 debian NetworkManager[2899]: [1320337614.721154] [nm-settings-connection.c:712] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:3) secrets request completed Nov 3 16:26:54 debian NetworkManager[2899]: [1320337614.733265] [nm-settings-connection.c:751] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:3) new agent secrets processed Nov 3 16:26:54 debian NetworkManager[2899]: [1320337614.733906] [nm-vpn-connection.c:870] get_secrets_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) asking service if additional secrets are required Nov 3 16:26:54 debian NetworkManager[2899]: VPN plugin state changed: 1 Nov 3 16:26:54 debian NetworkManager[2899]: Policy set 'MyConnection' (eth0) as default for IPv4 routing and DNS. Nov 3 16:27:00 debian NetworkManager[2899]: VPN service 'openvpn' disappeared Nov 3 16:27:02 debian NetworkManager[2899]: [1320337622.2972] [nm-vpn-service.c:267] ensure_killed(): waiting for VPN service pid 3296 to exit Nov 3 16:27:02 debian NetworkManager[2899]: [1320337622.3592] [nm-vpn-service.c:269] ensure_killed(): VPN service pid 3296 cleaned up Thanks and Regards On Thu, Nov 3, 2011 at 4:03 PM, Francesco Andrisani < francesco.andris...@acotel.com> wrote: > Thanks a lot. But i'm not able to know all parameter to intert into my > /etc/NetworkManager/system-connections/VPNconnection. > > For example keyfile, certficate, ecc > > Please can you tell me how to find these informations (all parameters)? > > Thanks and regards > > > On Thu, Nov 3, 2011 at 3:51 PM, Dan Williams wrote: > >> On Thu, 2011-11-03 at 10:26 +0100, Francesco Andrisani wrote: >> > Anothe DEBUG info: >> > >> > debian:/etc/NetworkManager# /usr/libexec/nm-openvpn-service --debug >> > ** Message: nm-openvpn-service (version 0.9.0) starting... >> > ** Message: real_need_secrets: connection >> > - >> > connection >> > name : "connection" >> > id : "VPNconnection" (s) >> > uuid : "355653c0-34d3-4777-ad25-f9a498b7ef8e" (s) >> > type : "vpn" (s) >> > permissions : [] (sd) >> > autoconnect : FALSE (s) >> > timestamp : 0 (sd) >> > read-only : FALSE (sd) >> > >> > >> > ipv4 >> > name : "ipv4" >> > method : "auto" (s) >> > dns : [] (s) >> &g
Re: OpenVpn plugin NeedSecret
Thanks a lot. But i'm not able to know all parameter to intert into my /etc/NetworkManager/system-connections/VPNconnection. For example keyfile, certficate, ecc Please can you tell me how to find these informations (all parameters)? Thanks and regards On Thu, Nov 3, 2011 at 3:51 PM, Dan Williams wrote: > On Thu, 2011-11-03 at 10:26 +0100, Francesco Andrisani wrote: > > Anothe DEBUG info: > > > > debian:/etc/NetworkManager# /usr/libexec/nm-openvpn-service --debug > > ** Message: nm-openvpn-service (version 0.9.0) starting... > > ** Message: real_need_secrets: connection > > - > > connection > > name : "connection" > > id : "VPNconnection" (s) > > uuid : "355653c0-34d3-4777-ad25-f9a498b7ef8e" (s) > > type : "vpn" (s) > > permissions : [] (sd) > > autoconnect : FALSE (s) > > timestamp : 0 (sd) > > read-only : FALSE (sd) > > > > > > ipv4 > > name : "ipv4" > > method : "auto" (s) > > dns : [] (s) > > dns-search : [] (sd) > > addresses : [] (s) > > routes : [] (s) > > ignore-auto-routes : FALSE (sd) > > ignore-auto-dns : FALSE (sd) > > dhcp-client-id : NULL (sd) > > dhcp-send-hostname : TRUE (sd) > > dhcp-hostname : NULL (sd) > > never-default : FALSE (sd) > > may-fail : FALSE (sd) > > > > > > ipv6 > > name : "ipv6" > > method : "ignore" (s) > > dns : [] (s) > > dns-search : [] (sd) > > addresses : [] (s) > > routes : [] (s) > > ignore-auto-routes : FALSE (sd) > > ignore-auto-dns : FALSE (sd) > > never-default : FALSE (sd) > > may-fail : TRUE (sd) > > > > > > vpn > > name : "vpn" > > service-type : "org.freedesktop.NetworkManager.openvpn" (s) > > user-name : NULL (sd) > > data : [ { 'name': openvpn }, ] (s) > > secrets : [ ] (s) > > So here's the problem; the [vpn] setting isn't completely specified. > Did you import this connection from an openvpn config file? Unless this > was changed at some point (or there's a bug in the editor) this > connection was never valid since it doesn't have the required connection > type field and a few other things. Here's what it *should* look like: > > [vpn] > service-type=org.freedesktop.NetworkManager.openvpn > connection-type=password > password-flags=3 > remote=ovpn.mycompany.com > cipher=AES-256-CBC > proto-tcp=yes > reneg-seconds=0 > port=443 > username=dcbw > ca=/home/dcbw/MyCA.pem > > or something along those lines. If you imported it from a config file, > can you try doing that again? If it still looks like this, can you send > me the config file so I can see what's going wrong? > > Dan > > > Regards > > > > > > On Thu, Nov 3, 2011 at 10:12 AM, Francesco Andrisani > > wrote: > > OK. > > > > So i've installed openvpn client on my workstation with > > certificate authentication and...it work fine. > > About NetworkManager-openvpn i've installed (from sources) > > 0.9.0 version, the same of NetworkManager (it also installed > > from sources). > > > > A clarification...i use the system without X server (no gnome, > > no kde). > > Below my NetworkManager and NetworkManager-openvpn > > configuration files. > > > > debian:/etc/NetworkManager# cat > > system-connections/VPNconnection > > [connection] > > id=VPNconnection > > uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e > > type=vpn > > autoconnect=FALSE > > > > [ipv4] > > method=auto > > > > [vpn] > > name=openvpn > > service-type=org.freedesktop.NetworkManager.openvpn > > > > [ipv6] > > method=ignore > > > > I've no secrets specified here, Is it correct? I've no > > password for start opevpn client manually. Only certificate > > authentication. > > > > debian:/etc/NetworkManager# cat VPN/nm-openvpn-service.name > > [VPN Connection] > > name=openvpn > > service=org.freedesktop.NetworkManager.openvpn > > program=/usr/libexec/nm-openvpn-service > > > > Regards &
Re: OpenVpn plugin NeedSecret
On Thu, 2011-11-03 at 10:26 +0100, Francesco Andrisani wrote: > Anothe DEBUG info: > > debian:/etc/NetworkManager# /usr/libexec/nm-openvpn-service --debug > ** Message: nm-openvpn-service (version 0.9.0) starting... > ** Message: real_need_secrets: connection > - > connection > name : "connection" > id : "VPNconnection" (s) > uuid : "355653c0-34d3-4777-ad25-f9a498b7ef8e" (s) > type : "vpn" (s) > permissions : [] (sd) > autoconnect : FALSE (s) > timestamp : 0 (sd) > read-only : FALSE (sd) > > > ipv4 > name : "ipv4" > method : "auto" (s) > dns : [] (s) > dns-search : [] (sd) > addresses : [] (s) > routes : [] (s) > ignore-auto-routes : FALSE (sd) > ignore-auto-dns : FALSE (sd) > dhcp-client-id : NULL (sd) > dhcp-send-hostname : TRUE (sd) > dhcp-hostname : NULL (sd) > never-default : FALSE (sd) > may-fail : FALSE (sd) > > > ipv6 > name : "ipv6" > method : "ignore" (s) > dns : [] (s) > dns-search : [] (sd) > addresses : [] (s) > routes : [] (s) > ignore-auto-routes : FALSE (sd) > ignore-auto-dns : FALSE (sd) > never-default : FALSE (sd) > may-fail : TRUE (sd) > > > vpn > name : "vpn" > service-type : "org.freedesktop.NetworkManager.openvpn" (s) > user-name : NULL (sd) > data : [ { 'name': openvpn }, ] (s) > secrets : [ ] (s) So here's the problem; the [vpn] setting isn't completely specified. Did you import this connection from an openvpn config file? Unless this was changed at some point (or there's a bug in the editor) this connection was never valid since it doesn't have the required connection type field and a few other things. Here's what it *should* look like: [vpn] service-type=org.freedesktop.NetworkManager.openvpn connection-type=password password-flags=3 remote=ovpn.mycompany.com cipher=AES-256-CBC proto-tcp=yes reneg-seconds=0 port=443 username=dcbw ca=/home/dcbw/MyCA.pem or something along those lines. If you imported it from a config file, can you try doing that again? If it still looks like this, can you send me the config file so I can see what's going wrong? Dan > Regards > > > On Thu, Nov 3, 2011 at 10:12 AM, Francesco Andrisani > wrote: > OK. > > So i've installed openvpn client on my workstation with > certificate authentication and...it work fine. > About NetworkManager-openvpn i've installed (from sources) > 0.9.0 version, the same of NetworkManager (it also installed > from sources). > > A clarification...i use the system without X server (no gnome, > no kde). > Below my NetworkManager and NetworkManager-openvpn > configuration files. > > debian:/etc/NetworkManager# cat > system-connections/VPNconnection > [connection] > id=VPNconnection > uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e > type=vpn > autoconnect=FALSE > > [ipv4] > method=auto > > [vpn] > name=openvpn > service-type=org.freedesktop.NetworkManager.openvpn > > [ipv6] > method=ignore > > I've no secrets specified here, Is it correct? I've no > password for start opevpn client manually. Only certificate > authentication. > > debian:/etc/NetworkManager# cat VPN/nm-openvpn-service.name > [VPN Connection] > name=openvpn > service=org.freedesktop.NetworkManager.openvpn > program=/usr/libexec/nm-openvpn-service > > Regards > > > > On Thu, Nov 3, 2011 at 2:25 AM, Dan Williams > wrote: > On Wed, 2011-11-02 at 10:21 +0100, Francesco Andrisani > wrote: > > (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) > plugin > > NeedSecrets > > request #1 failed: dbus-glib-error-quark Invalid > connection type. > > > This part is the problem. Any chance you could paste > in your vpn > connection file > from /etc/NetworkManager/system-connections for us to > look at? Remove any passwords and out any > sensit
Re: OpenVpn plugin NeedSecret
Anothe DEBUG info: debian:/etc/NetworkManager# /usr/libexec/nm-openvpn-service --debug ** Message: nm-openvpn-service (version 0.9.0) starting... ** Message: real_need_secrets: connection - connection name : "connection" id : "VPNconnection" (s) uuid : "355653c0-34d3-4777-ad25-f9a498b7ef8e" (s) type : "vpn" (s) permissions : [] (sd) autoconnect : FALSE (s) timestamp : 0 (sd) read-only : FALSE (sd) ipv4 name : "ipv4" method : "auto" (s) dns : [] (s) dns-search : [] (sd) addresses : [] (s) routes : [] (s) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-client-id : NULL (sd) dhcp-send-hostname : TRUE (sd) dhcp-hostname : NULL (sd) never-default : FALSE (sd) may-fail : FALSE (sd) ipv6 name : "ipv6" method : "ignore" (s) dns : [] (s) dns-search : [] (sd) addresses : [] (s) routes : [] (s) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) vpn name : "vpn" service-type : "org.freedesktop.NetworkManager.openvpn" (s) user-name : NULL (sd) data : [ { 'name': openvpn }, ] (s) secrets : [ ] (s) Regards On Thu, Nov 3, 2011 at 10:12 AM, Francesco Andrisani < francesco.andris...@acotel.com> wrote: > OK. > > So i've installed openvpn client on my workstation with certificate > authentication and...it work fine. > About NetworkManager-openvpn i've installed (from sources) 0.9.0 version, > the same of NetworkManager (it also installed from sources). > > A clarification...i use the system without X server (no gnome, no kde). > Below my NetworkManager and NetworkManager-openvpn configuration files. > > debian:/etc/NetworkManager# cat system-connections/VPNconnection > [connection] > id=VPNconnection > uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e > type=vpn > autoconnect=FALSE > > [ipv4] > method=auto > > [vpn] > name=openvpn > service-type=org.freedesktop.NetworkManager.openvpn > > [ipv6] > method=ignore > > I've no secrets specified here, Is it correct? I've no password for start > opevpn client manually. Only certificate authentication. > > debian:/etc/NetworkManager# cat VPN/nm-openvpn-service.name > [VPN Connection] > name=openvpn > service=org.freedesktop.NetworkManager.openvpn > program=/usr/libexec/nm-openvpn-service > > Regards > > > > On Thu, Nov 3, 2011 at 2:25 AM, Dan Williams wrote: > >> On Wed, 2011-11-02 at 10:21 +0100, Francesco Andrisani wrote: >> > (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) plugin >> > NeedSecrets >> > request #1 failed: dbus-glib-error-quark Invalid connection type. >> >> This part is the problem. Any chance you could paste in your vpn >> connection file from /etc/NetworkManager/system-connections for us to >> look at? Remove any passwords and out any sensitive information >> before doing so. >> >> Any idea what version of NetworkManager-openvpn you've got installed? >> >> Dan >> >> >> > > > -- > > *Francesco Andrisani* > mailto:francesco.andris...@acotel.com > *Acotel Spa* > http://www.acotel.com > Via della Valle dei Fontanili, 29 > 00168 Roma > Tel +390661141200 > Fax +39066149936 > > > Le informazioni contenute nella comunicazione che precede possono essere > riservate e sono, comunque, destinate esclusivamente alla persona o > all’ente sopraindicati. La diffusione, distribuzione e/o copiatura non > autorizzata del documento trasmesso da parte di qualsiasi soggetto è > proibita. La sicurezza e la correttezza dei messaggi di posta elettronica > non possono essere garantite. Se avete ricevuto questo messaggio per > errore, Vi preghiamo di contattarci immediatamente. Grazie. > > This message is for the named person's use only. It may contain > confidential, proprietary or legally privileged information. No > confidentiality or privilege is waived or lost by any transmission. If you > receive this message in error, please immediately delete it and all copies > of it from your system, destroy any hard copies of it and notify the > sender. You must not, directly or indirectly, use, disclose, distribute, > print, or copy any part of this message if you are not the intended > recipient. Thanks > > -- *Francesco Andrisani* mailto:francesco.andris...@acotel.com *Acotel Spa* http://www.acotel.c
Re: OpenVpn plugin NeedSecret
OK. So i've installed openvpn client on my workstation with certificate authentication and...it work fine. About NetworkManager-openvpn i've installed (from sources) 0.9.0 version, the same of NetworkManager (it also installed from sources). A clarification...i use the system without X server (no gnome, no kde). Below my NetworkManager and NetworkManager-openvpn configuration files. debian:/etc/NetworkManager# cat system-connections/VPNconnection [connection] id=VPNconnection uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e type=vpn autoconnect=FALSE [ipv4] method=auto [vpn] name=openvpn service-type=org.freedesktop.NetworkManager.openvpn [ipv6] method=ignore I've no secrets specified here, Is it correct? I've no password for start opevpn client manually. Only certificate authentication. debian:/etc/NetworkManager# cat VPN/nm-openvpn-service.name [VPN Connection] name=openvpn service=org.freedesktop.NetworkManager.openvpn program=/usr/libexec/nm-openvpn-service Regards On Thu, Nov 3, 2011 at 2:25 AM, Dan Williams wrote: > On Wed, 2011-11-02 at 10:21 +0100, Francesco Andrisani wrote: > > (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) plugin > > NeedSecrets > > request #1 failed: dbus-glib-error-quark Invalid connection type. > > This part is the problem. Any chance you could paste in your vpn > connection file from /etc/NetworkManager/system-connections for us to > look at? Remove any passwords and out any sensitive information > before doing so. > > Any idea what version of NetworkManager-openvpn you've got installed? > > Dan > > > -- *Francesco Andrisani* mailto:francesco.andris...@acotel.com *Acotel Spa* http://www.acotel.com Via della Valle dei Fontanili, 29 00168 Roma Tel +390661141200 Fax +39066149936 Le informazioni contenute nella comunicazione che precede possono essere riservate e sono, comunque, destinate esclusivamente alla persona o all’ente sopraindicati. La diffusione, distribuzione e/o copiatura non autorizzata del documento trasmesso da parte di qualsiasi soggetto è proibita. La sicurezza e la correttezza dei messaggi di posta elettronica non possono essere garantite. Se avete ricevuto questo messaggio per errore, Vi preghiamo di contattarci immediatamente. Grazie. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any transmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Thanks ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVpn plugin NeedSecret
On Wed, 2011-11-02 at 10:21 +0100, Francesco Andrisani wrote: > (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) plugin > NeedSecrets > request #1 failed: dbus-glib-error-quark Invalid connection type. This part is the problem. Any chance you could paste in your vpn connection file from /etc/NetworkManager/system-connections for us to look at? Remove any passwords and out any sensitive information before doing so. Any idea what version of NetworkManager-openvpn you've got installed? Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVpn plugin NeedSecret
Hi, sorry for delay. Below the piace of log with log-legel DEBUG: NetworkManager[3054]: Starting VPN service 'openvpn'... NetworkManager[3054]: VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3089 NetworkManager[3054]: VPN service 'openvpn' appeared; activating connections NetworkManager[3054]: [1320230029.479049] [nm-vpn-connection.c:902] get_secrets(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) requesting VPN secrets pass #1 NetworkManager[3054]: [1320230029.481972] [nm-agent-manager.c:1100] nm_agent_manager_get_secrets(): Secrets requested for connection /org/freedesktop/NetworkManager/Settings/0 (vpn) NetworkManager[3054]: [1320230029.485727] [nm-settings-connection.c:850] nm_settings_connection_get_secrets(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:2) secrets requested flags 0x8000 hint '(null)' NetworkManager[3054]: VPN plugin state changed: 1 NetworkManager[3054]: [1320230029.491319] [nm-agent-manager.c:1015] get_start(): (0xe1c10/vpn) system settings secrets sufficient NetworkManager[3054]: [1320230029.492466] [nm-settings-connection.c:706] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:2) existing secrets returned NetworkManager[3054]: [1320230029.492907] [nm-settings-connection.c:712] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:2) secrets request completed NetworkManager[3054]: [1320230029.497663] [nm-settings-connection.c:751] agent_secrets_done_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/vpn:2) new agent secrets processed NetworkManager[3054]: [1320230029.498118] [nm-vpn-connection.c:870] get_secrets_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) asking service if additional secrets are required NetworkManager[3054]: [1320230029.511927] [nm-vpn-connection.c:823] plugin_need_secrets_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) plugin NeedSecrets request #1 failed: dbus-glib-error-quark Invalid connection type. NetworkManager[3054]: Policy set 'MyConnection' (eth0) as default for IPv4 routing and DNS. NetworkManager[3054]: VPN service 'openvpn' disappeared NetworkManager[3054]: [1320230037.2325] [nm-vpn-service.c:267] ensure_killed(): waiting for VPN service pid 3089 to exit NetworkManager[3054]: [1320230037.2932] [nm-vpn-service.c:269] ensure_killed(): VPN service pid 3089 cleaned up Thank you On Mon, Oct 31, 2011 at 11:28 PM, Dan Williams wrote: > On Fri, 2011-10-28 at 18:34 +0200, Francesco Andrisani wrote: > > Hi, > > i'm newbie of Network manager, so sorry for any errors. > > > > I'm an Debian User. I've downloaded and conpiled Networkmanager-0.9.0 > > with ModemManager 0.5 and NetworkManager-openvpn-0.9.0 plugin. > > Network manager work fine. I'm able with my custom python script to > > use ethernet and gsm at modem. > > > > My problem is when i try to start Openvpn (using NM) throught ethernet > > device. > > I continuosly see into NM logs: > > > > Oct 28 17:16:46 sheevaplug-debian NetworkManager[2327]: > > Starting VPN service 'openvpn'... > > Oct 28 17:16:46 sheevaplug-debian NetworkManager[2327]: VPN > > service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), > > PID 2416 > > tun: Universal TUN/TAP device driver, 1.6 > > tun: (C) 1999-2004 Max Krasnyansky > > Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: VPN > > service 'openvpn' appeared; activating connections > > Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: VPN > > plugin state changed: 1 > > Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: > > [1319822207.127668] [nm-vpn-connection.c:823] > > plugin_need_secrets_cb(): > > (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) plugin > > NeedSecret. > > Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: Policy > > set 'MyConnection' (eth0) as default for IPv4 routing and DNS. > > Oct 28 17:16:52 sheevaplug-debian NetworkManager[2327]: VPN > > service 'openvpn' disappeared > > The error message appears to be somewhat cut off; can you grab the full > message from [nm-vpn-connection.c:823] plugin_need_secrets_cb() for us? > That will have more information about where the problem may lie. > > It should be something like: > > (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) plugin NeedSecrets > request 1 failed: > > Dan > > -- *Francesco Andrisani* mailto:francesco.andris...@acotel.com *Acotel Spa* http://www.acotel.com Via della Valle dei Fontanili, 29 00168 Roma Tel +390661141200 Fax +39066149936 Le informazioni contenute nel
Re: OpenVpn plugin NeedSecret
On Fri, 2011-10-28 at 18:34 +0200, Francesco Andrisani wrote: > Hi, > i'm newbie of Network manager, so sorry for any errors. > > I'm an Debian User. I've downloaded and conpiled Networkmanager-0.9.0 > with ModemManager 0.5 and NetworkManager-openvpn-0.9.0 plugin. > Network manager work fine. I'm able with my custom python script to > use ethernet and gsm at modem. > > My problem is when i try to start Openvpn (using NM) throught ethernet > device. > I continuosly see into NM logs: > > Oct 28 17:16:46 sheevaplug-debian NetworkManager[2327]: > Starting VPN service 'openvpn'... > Oct 28 17:16:46 sheevaplug-debian NetworkManager[2327]: VPN > service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), > PID 2416 > tun: Universal TUN/TAP device driver, 1.6 > tun: (C) 1999-2004 Max Krasnyansky > Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: VPN > service 'openvpn' appeared; activating connections > Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: VPN > plugin state changed: 1 > Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: > [1319822207.127668] [nm-vpn-connection.c:823] > plugin_need_secrets_cb(): > (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) plugin > NeedSecret. > Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: Policy > set 'MyConnection' (eth0) as default for IPv4 routing and DNS. > Oct 28 17:16:52 sheevaplug-debian NetworkManager[2327]: VPN > service 'openvpn' disappeared The error message appears to be somewhat cut off; can you grab the full message from [nm-vpn-connection.c:823] plugin_need_secrets_cb() for us? That will have more information about where the problem may lie. It should be something like: (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) plugin NeedSecrets request 1 failed: Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
OpenVpn plugin NeedSecret
Hi, i'm newbie of Network manager, so sorry for any errors. I'm an Debian User. I've downloaded and conpiled Networkmanager-0.9.0 with ModemManager 0.5 and NetworkManager-openvpn-0.9.0 plugin. Network manager work fine. I'm able with my custom python script to use ethernet and gsm at modem. My problem is when i try to start Openvpn (using NM) throught ethernet device. I continuosly see into NM logs: Oct 28 17:16:46 sheevaplug-debian NetworkManager[2327]: Starting VPN service 'openvpn'... Oct 28 17:16:46 sheevaplug-debian NetworkManager[2327]: VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 2416 tun: Universal TUN/TAP device driver, 1.6 tun: (C) 1999-2004 Max Krasnyansky Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: VPN service 'openvpn' appeared; activating connections Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: VPN plugin state changed: 1 *Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: [1319822207.127668] [nm-vpn-connection.c:823] plugin_need_secrets_cb(): (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection) plugin NeedSecret.* Oct 28 17:16:47 sheevaplug-debian NetworkManager[2327]: Policy set 'MyConnection' (eth0) as default for IPv4 routing and DNS. Oct 28 17:16:52 sheevaplug-debian NetworkManager[2327]: VPN service 'openvpn' disappeared I've added at_console user permission into config file of d-bus...but i'm not able to solve it. Please can someone hel me please?? Regards -- *Francesco Andrisani* mailto:francesco.andris...@acotel.com *Acotel Spa* http://www.acotel.com Via della Valle dei Fontanili, 29 00168 Roma Tel +390661141200 Fax +39066149936 Le informazioni contenute nella comunicazione che precede possono essere riservate e sono, comunque, destinate esclusivamente alla persona o all’ente sopraindicati. La diffusione, distribuzione e/o copiatura non autorizzata del documento trasmesso da parte di qualsiasi soggetto è proibita. La sicurezza e la correttezza dei messaggi di posta elettronica non possono essere garantite. Se avete ricevuto questo messaggio per errore, Vi preghiamo di contattarci immediatamente. Grazie. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any transmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Thanks ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
usb stick and openvpn
Hello, I've finally determined that networkmanager cannot connect through my usb stick (Onda MT833UP) while the network-manager-openvpn-gnome package is installed. I'm using ubuntu 11.04 (2.6.38-8-generic). Any suggestion? Thank you -Luca <http://about.me/lrkwz> ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Howto debug OpenVPN connection?
On Tue, 2011-06-21 at 10:08 -0400, Eric B. wrote: > On 06/21/2011 01:10 AM, Dan Williams wrote: > >> Thanks for the quick response. Am running Fedora 14 and have > >> NetworkManager-openvpn-0.8.1-1.fc14.i686 installed. > >> > >> When I try your suggestions, I get the following messages (non-root > >> account): > >> > >> [eric@eric-laptop ~]$ killall -TERM > >> nm-openvpn-servicenm-openvpn-service: no process found > > > > That's fine, seems the service isn't running which is normal if the VPN is > > disconnected. > > Exactly. As expected as well. > > > > >> [eric@eric-laptop ~]$ /usr/libexec/nm-openvpn-service --debug --persist > >> ** (process:8434): WARNING **: constructor(): Connection > >> ":1.134" is not allowed to own the service > >> "org.freedesktop.NetworkManager.openvpn" due to security policies in the > >> configuration file > > > > Oops; you need to run it as root via something like: > > > > sudo /usr/libexec/nm-openvpn-service --debug --persist > > I had tried that as well. But got nothing new in terms of debug info, > so I thought that that running as root was not the solution and there > was another way to generate more debug info > > [eric@eric-laptop ~]$ sudo /usr/libexec/nm-openvpn-service --debug --persist > [sudo] password for eric: > > ** (process:2901): CRITICAL **: crypto_get_private_key_data: assertion > `password != NULL' failed > > ** (process:2901): CRITICAL **: crypto_get_private_key_data: assertion > `password != NULL' failed > ** Message: openvpn started with pid 2909 > > > > Is there something else I can do? Yeah, one more thing (as root): NM_OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service --persist Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Need help configuring an OpenVPN connection
Hi, I am new to creating client IPSec tunnels in Linux. I am running Fedora 14 with openvpn-2.1.1-2.fc13.i686 and NetworkManager-openvpn-0.8.1-1.fc14.i686 installed. I am looking to configured my FC14 box as an IPSEC client to connect to my office VPN. I do not know what server the office VPN is using. All I know are the specs that they have given me. I also have a working example of it running in Windows using TheGreenBow client. I have been given the following files: ericb.p12 ericb.pem ericb.key (and password for the key/p12 files) I know the following settings (from looking at the functinoal TGB client and someone who has gotten it to work with ipsecuritas in Mac): Gateway IP Network Addr/CIDR: 10.9.40.0/22 Phase 1: - Lifetime 1800 - DH Group: 1024(2) - Encryption: AES 128 - Authen: SHA-1 - Exchange: Main Phase 2: - PFS Group: 1024(2) - Encryption: AES 128 - Authen: HMAC SHA-1 NAT-T: force Can anyone please help me with getting this configuration to work? I have attempted to set up the tunnel using the NetworkManager plugin, but it just seems to hang. I have tried both with UDP and forced TCP and I just get timeouts: Jun 21 10:07:56 eric-laptop NetworkManager[1267]: VPN connection 'VpnMtl' (IP Config Get) timeout exceeded. Ideally, I'd like to get this working via the NM, but if it has to be done at command line level, i would be happy with that as well. Thanks for any help that you can provide! Eric ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Howto debug OpenVPN connection?
On 06/21/2011 01:10 AM, Dan Williams wrote: Thanks for the quick response. Am running Fedora 14 and have NetworkManager-openvpn-0.8.1-1.fc14.i686 installed. When I try your suggestions, I get the following messages (non-root account): [eric@eric-laptop ~]$ killall -TERM nm-openvpn-servicenm-openvpn-service: no process found That's fine, seems the service isn't running which is normal if the VPN is disconnected. Exactly. As expected as well. [eric@eric-laptop ~]$ /usr/libexec/nm-openvpn-service --debug --persist ** (process:8434): WARNING **: constructor(): Connection ":1.134" is not allowed to own the service "org.freedesktop.NetworkManager.openvpn" due to security policies in the configuration file Oops; you need to run it as root via something like: sudo /usr/libexec/nm-openvpn-service --debug --persist I had tried that as well. But got nothing new in terms of debug info, so I thought that that running as root was not the solution and there was another way to generate more debug info [eric@eric-laptop ~]$ sudo /usr/libexec/nm-openvpn-service --debug --persist [sudo] password for eric: ** (process:2901): CRITICAL **: crypto_get_private_key_data: assertion `password != NULL' failed ** (process:2901): CRITICAL **: crypto_get_private_key_data: assertion `password != NULL' failed ** Message: openvpn started with pid 2909 Is there something else I can do? Thanks, Eric ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Howto debug OpenVPN connection?
On Tue, 2011-06-21 at 00:58 -0400, Eric B. wrote: > On 06/21/2011 12:53 AM, Dan Williams wrote: > > On Mon, 2011-06-20 at 23:35 -0400, Eric B. wrote: > >> Hi, > >> > >> I am fairly new to the NetworkManager, and am trying to understand how > >> to enable additional debug information for a failing OpenVPN connection. > >> > >> I've installed the OpenVPN plugin, but I am not getting enough > >> information in /var/log/messages and would like to see if there is a way > >> to enable additional information. Is there some configuration flag > >> somewhere that I can enable for this? > > > > killall -TERM nm-openvpn-service > > /path/to/nm-openvpn-service --debug --persist > > > > that works for newer versions of nm-openvpn (like 0.8.1 and later); for > > earlier versions you may need to: > > > > killall -TERM nm-openvpn-service > > OPENVPN_DEBUG=1 /path/to/nm-openvpn-service --persist > > > > where of course /path/to/ gets replaced with where that binary lives; > > for non-Debian systems it's usually /usr/libexec otherwise I'm not sure > > where it lives. > > > > Dan > > > Thanks for the quick response. Am running Fedora 14 and have > NetworkManager-openvpn-0.8.1-1.fc14.i686 installed. > > When I try your suggestions, I get the following messages (non-root > account): > > [eric@eric-laptop ~]$ killall -TERM > nm-openvpn-servicenm-openvpn-service: no process found That's fine, seems the service isn't running which is normal if the VPN is disconnected. > [eric@eric-laptop ~]$ /usr/libexec/nm-openvpn-service --debug --persist > ** (process:8434): WARNING **: constructor(): Connection > ":1.134" is not allowed to own the service > "org.freedesktop.NetworkManager.openvpn" due to security policies in the > configuration file Oops; you need to run it as root via something like: sudo /usr/libexec/nm-openvpn-service --debug --persist Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Howto debug OpenVPN connection?
On 06/21/2011 12:53 AM, Dan Williams wrote: On Mon, 2011-06-20 at 23:35 -0400, Eric B. wrote: Hi, I am fairly new to the NetworkManager, and am trying to understand how to enable additional debug information for a failing OpenVPN connection. I've installed the OpenVPN plugin, but I am not getting enough information in /var/log/messages and would like to see if there is a way to enable additional information. Is there some configuration flag somewhere that I can enable for this? killall -TERM nm-openvpn-service /path/to/nm-openvpn-service --debug --persist that works for newer versions of nm-openvpn (like 0.8.1 and later); for earlier versions you may need to: killall -TERM nm-openvpn-service OPENVPN_DEBUG=1 /path/to/nm-openvpn-service --persist where of course /path/to/ gets replaced with where that binary lives; for non-Debian systems it's usually /usr/libexec otherwise I'm not sure where it lives. Dan Thanks for the quick response. Am running Fedora 14 and have NetworkManager-openvpn-0.8.1-1.fc14.i686 installed. When I try your suggestions, I get the following messages (non-root account): [eric@eric-laptop ~]$ killall -TERM nm-openvpn-servicenm-openvpn-service: no process found [eric@eric-laptop ~]$ /usr/libexec/nm-openvpn-service --debug --persist ** (process:8434): WARNING **: constructor(): Connection ":1.134" is not allowed to own the service "org.freedesktop.NetworkManager.openvpn" due to security policies in the configuration file Any suggestions / ideas? Thanks, Eric ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Howto debug OpenVPN connection?
On Mon, 2011-06-20 at 23:35 -0400, Eric B. wrote: > Hi, > > I am fairly new to the NetworkManager, and am trying to understand how > to enable additional debug information for a failing OpenVPN connection. > > I've installed the OpenVPN plugin, but I am not getting enough > information in /var/log/messages and would like to see if there is a way > to enable additional information. Is there some configuration flag > somewhere that I can enable for this? killall -TERM nm-openvpn-service /path/to/nm-openvpn-service --debug --persist that works for newer versions of nm-openvpn (like 0.8.1 and later); for earlier versions you may need to: killall -TERM nm-openvpn-service OPENVPN_DEBUG=1 /path/to/nm-openvpn-service --persist where of course /path/to/ gets replaced with where that binary lives; for non-Debian systems it's usually /usr/libexec otherwise I'm not sure where it lives. Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Howto debug OpenVPN connection?
Hi, I am fairly new to the NetworkManager, and am trying to understand how to enable additional debug information for a failing OpenVPN connection. I've installed the OpenVPN plugin, but I am not getting enough information in /var/log/messages and would like to see if there is a way to enable additional information. Is there some configuration flag somewhere that I can enable for this? Thanks! Eric ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH] adding RSA-MD4 for HMAC encryption in nm-openvpn
On Fri, 2011-05-20 at 12:22 +0200, Olivier Lambert wrote: > Hi everyone, > > (sorry, repost, but I forgot previously the syntax [PATCH] in subject) Thanks, applied to 0.8 and git master. Dan > I need to connect to a corporate OpenVPN server. This VPN use RSA-MD4 > on HMAC.. But this option doesn't exist in the nm GUI ! > > So, here is a fix (it was tested by me, and it works like a charm). > > diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c > index 357a5dd..322688e 100644 > --- a/properties/auth-helpers.c > +++ b/properties/auth-helpers.c > @@ -1077,6 +1077,7 @@ populate_hmacauth_combo (GtkComboBox *box, const char > *hm >const char **item; >static const char *items[] = { >NM_OPENVPN_AUTH_NONE, > + NM_OPENVPN_AUTH_MD4, >NM_OPENVPN_AUTH_MD5, >NM_OPENVPN_AUTH_SHA1, >NM_OPENVPN_AUTH_SHA224, > @@ -1102,6 +1103,8 @@ populate_hmacauth_combo (GtkComboBox *box, const char > *hm > >if (!strcmp (*item, NM_OPENVPN_AUTH_NONE)) >name = _("None"); > + else if (!strcmp (*item, NM_OPENVPN_AUTH_MD4)) > + name = _("RSA-MD4"); >else if (!strcmp (*item, NM_OPENVPN_AUTH_MD5)) > name = _("MD-5"); >else if (!strcmp (*item, NM_OPENVPN_AUTH_SHA1)) > diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c > index f3c25ce..0762e89 100644 > --- a/src/nm-openvpn-service.c > +++ b/src/nm-openvpn-service.c > @@ -605,6 +605,7 @@ validate_auth (const char *auth) > { >if (auth) { >if ( !strcmp (auth, NM_OPENVPN_AUTH_NONE) > + || !strcmp (auth, NM_OPENVPN_AUTH_MD4) >|| !strcmp (auth, NM_OPENVPN_AUTH_MD5) > || !strcmp (auth, NM_OPENVPN_AUTH_SHA1) > || !strcmp (auth, NM_OPENVPN_AUTH_SHA224) > diff --git a/src/nm-openvpn-service.h b/src/nm-openvpn-service.h > index d503f4e..bc245b0 100644 > --- a/src/nm-openvpn-service.h > +++ b/src/nm-openvpn-service.h > @@ -77,6 +77,7 @@ > #define NM_OPENVPN_KEY_RENEG_SECONDS "reneg-seconds" > > #define NM_OPENVPN_AUTH_NONE "none" > +#define NM_OPENVPN_AUTH_MD4 "RSA-MD4" > #define NM_OPENVPN_AUTH_MD5 "MD5" > #define NM_OPENVPN_AUTH_SHA1 "SHA1" > #define NM_OPENVPN_AUTH_SHA224 "SHA224" > ___ > networkmanager-list mailing list > networkmanager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
System wide openvpn connection with password-tls
Hi to all I'm using Network Manager 0.8.4 (Fedora 14) and I'm trying to setup an openvpn system-wide connection. The connection needs to be TLS with password because our OpenVPN server is configured that way. The problem is that I need that username and password pair will be asked to the user via a gui dialog at the moment of connection. Is that possible with Network Manager 0.8.4 ??? (Please cc me as I'm not subscribed to the list) My keyfile: [connection] id=VPN uuid=21d0f17c-5bd0-4e5a-8f52-5244240e83bf type=vpn autoconnect=false timestamp=1306710584 [ipv4] method=auto dns=***.***.***.**;***.***.***.***.*; ignore-auto-dns=true never-default=true [vpn] service-type=org.freedesktop.NetworkManager.openvpn connection-type=password-tls ca=/etc/pki/tls/certs/ca.crt ta=/etc/pki/tls/private/ta.key remote=** username=** ta-dir=1 cert=/etc/pki/tls/certs/***.crt comp-lzo=yes key=/etc/pki/tls/private/*.key [vpn-secrets] cert-pass=** password=* Many thanks in advance...! -- .^.Lic. Gabriel Gomiz - Red Hat Certified Engineer (RHCE) /V\Jefe de Sistemas - Administrador Red y Servidores // \\ Gerencia de Sistemas - Cooperativa Obrera Ltda. /( )\ Tel (0291) 456-0084 ^^-^^ s/Window[$s]/LINUX!!/g or die; ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH] adding RSA-MD4 for HMAC encryption in nm-openvpn
Hi everyone, (sorry, repost, but I forgot previously the syntax [PATCH] in subject) I need to connect to a corporate OpenVPN server. This VPN use RSA-MD4 on HMAC.. But this option doesn't exist in the nm GUI ! So, here is a fix (it was tested by me, and it works like a charm). diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c index 357a5dd..322688e 100644 --- a/properties/auth-helpers.c +++ b/properties/auth-helpers.c @@ -1077,6 +1077,7 @@ populate_hmacauth_combo (GtkComboBox *box, const char *hm const char **item; static const char *items[] = { NM_OPENVPN_AUTH_NONE, + NM_OPENVPN_AUTH_MD4, NM_OPENVPN_AUTH_MD5, NM_OPENVPN_AUTH_SHA1, NM_OPENVPN_AUTH_SHA224, @@ -1102,6 +1103,8 @@ populate_hmacauth_combo (GtkComboBox *box, const char *hm if (!strcmp (*item, NM_OPENVPN_AUTH_NONE)) name = _("None"); + else if (!strcmp (*item, NM_OPENVPN_AUTH_MD4)) + name = _("RSA-MD4"); else if (!strcmp (*item, NM_OPENVPN_AUTH_MD5)) name = _("MD-5"); else if (!strcmp (*item, NM_OPENVPN_AUTH_SHA1)) diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c index f3c25ce..0762e89 100644 --- a/src/nm-openvpn-service.c +++ b/src/nm-openvpn-service.c @@ -605,6 +605,7 @@ validate_auth (const char *auth) { if (auth) { if ( !strcmp (auth, NM_OPENVPN_AUTH_NONE) + || !strcmp (auth, NM_OPENVPN_AUTH_MD4) || !strcmp (auth, NM_OPENVPN_AUTH_MD5) || !strcmp (auth, NM_OPENVPN_AUTH_SHA1) || !strcmp (auth, NM_OPENVPN_AUTH_SHA224) diff --git a/src/nm-openvpn-service.h b/src/nm-openvpn-service.h index d503f4e..bc245b0 100644 --- a/src/nm-openvpn-service.h +++ b/src/nm-openvpn-service.h @@ -77,6 +77,7 @@ #define NM_OPENVPN_KEY_RENEG_SECONDS "reneg-seconds" #define NM_OPENVPN_AUTH_NONE "none" +#define NM_OPENVPN_AUTH_MD4 "RSA-MD4" #define NM_OPENVPN_AUTH_MD5 "MD5" #define NM_OPENVPN_AUTH_SHA1 "SHA1" #define NM_OPENVPN_AUTH_SHA224 "SHA224" ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
patch for adding RSA-MD4 on HMAC auth, for OpenVPN
Hi everyone, I need to connect to a corporate OpenVPN server. This VPN use RSA-MD4 on HMAC.. But this option doesn't exist in the nm GUI ! So, here is a fix (it was tested by me, and it works like a charm). diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c index 357a5dd..322688e 100644 --- a/properties/auth-helpers.c +++ b/properties/auth-helpers.c @@ -1077,6 +1077,7 @@ populate_hmacauth_combo (GtkComboBox *box, const char *hm const char **item; static const char *items[] = { NM_OPENVPN_AUTH_NONE, + NM_OPENVPN_AUTH_MD4, NM_OPENVPN_AUTH_MD5, NM_OPENVPN_AUTH_SHA1, NM_OPENVPN_AUTH_SHA224, @@ -1102,6 +1103,8 @@ populate_hmacauth_combo (GtkComboBox *box, const char *hm if (!strcmp (*item, NM_OPENVPN_AUTH_NONE)) name = _("None"); + else if (!strcmp (*item, NM_OPENVPN_AUTH_MD4)) + name = _("RSA-MD4"); else if (!strcmp (*item, NM_OPENVPN_AUTH_MD5)) name = _("MD-5"); else if (!strcmp (*item, NM_OPENVPN_AUTH_SHA1)) diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c index f3c25ce..0762e89 100644 --- a/src/nm-openvpn-service.c +++ b/src/nm-openvpn-service.c @@ -605,6 +605,7 @@ validate_auth (const char *auth) { if (auth) { if ( !strcmp (auth, NM_OPENVPN_AUTH_NONE) + || !strcmp (auth, NM_OPENVPN_AUTH_MD4) || !strcmp (auth, NM_OPENVPN_AUTH_MD5) || !strcmp (auth, NM_OPENVPN_AUTH_SHA1) || !strcmp (auth, NM_OPENVPN_AUTH_SHA224) diff --git a/src/nm-openvpn-service.h b/src/nm-openvpn-service.h index d503f4e..bc245b0 100644 --- a/src/nm-openvpn-service.h +++ b/src/nm-openvpn-service.h @@ -77,6 +77,7 @@ #define NM_OPENVPN_KEY_RENEG_SECONDS "reneg-seconds" #define NM_OPENVPN_AUTH_NONE "none" +#define NM_OPENVPN_AUTH_MD4 "RSA-MD4" #define NM_OPENVPN_AUTH_MD5 "MD5" #define NM_OPENVPN_AUTH_SHA1 "SHA1" #define NM_OPENVPN_AUTH_SHA224 "SHA224" ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Automatically restart OpenVPN Service
Hi, is there a way to automatically restart the openvpn session while i switch to and fro from Wireless to Wired Network on Ubuntu Desktop 10.10 ? Thanks Kaushal ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Help with OpenVPN Connection
Hi, I'm trying to setup an OpenVPN connection, but I think I'm missing some point, because I'm stuck. The server side is setup (afaik) and ready, and I already managed to get a manual connection working. Now, I want to setup NM-OpenVPN also, but all I'm getting are "Failed to update VPN secrets: 3 Secret no-secret was empty" errors. I'm using Kubuntu 10.04, package versions: network-manager: 0.8.1+git.20101009t040337.01fa170-0ubuntu1~nmt1~lucid1 network-manager-openvpn: 0.8-0ubuntu3 network-manager-openvpn-kde: 0.9~svn1137272-0ubuntu2~lucid1~ppa1 The connection uses only PEM Certificates (by the way, may I use a PKCS12 certificate on it?), no connection passwords, except the key file password. I'm using the same certificate files used in the manual connection, so they're OK. I need some directions to get this working. Thanks. ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Network Monitor and http-proxy for OpenVPN
On Tue, 2011-02-15 at 19:53 +0100, Matej Kovacic wrote: > Hi, > > I am using 3G mobile connection, and have limited traffic. Traffic over > some treshold (for instance 1 Gb a month) is very very expensive. > > Which means there would be great to have some network traffic monitor > for a specific connection. Something like: > http://netramon.sourceforge.net/eng/help.html > > Idea is to have per-connection traffic monitor, which could be enabled > or disabled. When enabled, it would measure amount of traffic for a > specific time interval. When limit will be approaching, it would start > notifying user about the limit. When limit is reached, it would > disconnect connection. > > And there is another thing. I am using OpenVPN connection in a proyxed > network. To came out of a network, I have to use http-proxy setting in > OpenVPN client. > > Unfortunately NetworkManager does not support http-proxy yet: > https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/117991 Incorrect, NM-openvpn has supported http-proxy *and* SOCKS proxy features since August 19 2010. These features are in NetworkManager-openvpn 0.8.2 and later. So the version of NM-openvpn you're using in Ubuntu may not yet support it, but Ubuntu does not always use the latest versions. Dan commit fe98554f02a198437d4cad87d0bf31bcf8d3b44b Author: Dan Williams Date: Thu Aug 19 00:13:30 2010 -0500 core/ui: add SOCKS proxy support (bgo #440031) commit 2eee51aedace28af0f39349baee130f4121428e7 Author: Dan Williams Date: Wed Aug 18 22:16:45 2010 -0500 core/ui: add HTTP Proxy support (bgo #440031) Based off patches by: Tomas Kovacik Florian Klink ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Network Monitor and http-proxy for OpenVPN
Hi, I am using 3G mobile connection, and have limited traffic. Traffic over some treshold (for instance 1 Gb a month) is very very expensive. Which means there would be great to have some network traffic monitor for a specific connection. Something like: http://netramon.sourceforge.net/eng/help.html Idea is to have per-connection traffic monitor, which could be enabled or disabled. When enabled, it would measure amount of traffic for a specific time interval. When limit will be approaching, it would start notifying user about the limit. When limit is reached, it would disconnect connection. And there is another thing. I am using OpenVPN connection in a proyxed network. To came out of a network, I have to use http-proxy setting in OpenVPN client. Unfortunately NetworkManager does not support http-proxy yet: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/117991 However, there has been patch written which does the job, but for unknown reason, it is not implemented in official NM version: https://launchpad.net/~nail-nodomain/+archive/ppa Could developers comment on this please? Regards, Matej ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Correctly write resolv.conf when using OpenVPN plugin
On Sat, 2010-12-25 at 00:27 +0300, Pentarh Udi wrote: > I decided to use OpenVPN plugin of NetworkManager instead of of openvn > CLI binary and I begin to expect name resolving problems. > > Original bug was posted > in https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/651007 > > People there suggested to write to this mailing list, so... > > Problem is in very slow name resolution when connecting to OpenVPN > peer and obtaining DNS servers from there by directive > > push "dhcp-option DNS x.x.x.x" > > While investigating this issue I found that NM append obtained DNS > servers to existing resolv.conf. So libc uses not only DNS servers > from OpenVPN peer, but original DNS servers too. > > It should be noticed that original DNS servers WILL LIKELY be > unreacable after establishing VPN connection. > > In my case resolv.conf BEFORE openvpn connection is: > > - > nameserver 212.48.193.37 > nameserver 192.168.100.1 > - > > And after is: > - > # Generated by NetworkManager > nameserver 88.85.66.222 > nameserver 78.140.128.205 > nameserver 213.158.7.2 > # NOTE: the libc resolver may not support more than 3 nameservers. > # The nameservers listed below may not be recognized. > nameserver 212.48.193.37 > nameserver 192.168.100.1 > > > In this case last three servers are invalid as they are not reachable > after VPN connection, so name resolve becomes totally slow after > openvpn connection because libc tries to get DNS answer from all > servers: > > -- > > r...@pentarh-netbook:/var/log# tcpdump -i tun0 -n port 53 > tcpdump: verbose output suppressed, use -v or -vv for full protocol > decode > listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes > 22:33:46.803557 IP 10.20.10.6.55426 > 213.158.7.2.53: 32890+ A? > mail.google.com. (33) > 22:33:51.807076 IP 10.20.10.6.58861 > 212.48.193.37.53: 32890+ A? > mail.google.com. (33) > 22:33:55.521957 IP 10.20.10.6.60601 > 213.158.7.2.53: 49670+ A? > www.google.com. (32) > 22:34:00.527135 IP 10.20.10.6.57982 > 212.48.193.37.53: 49670+ A? > www.google.com. (32) > 22:34:09.760264 IP 10.20.10.6.39286 > 88.85.66.222.53: 27804+ A? > pagead2.googleadservices.com. (46) > 22:34:09.946468 IP 88.85.66.222.53 > 10.20.10.6.39286: 27804 5/4/4 > CNAME pagead.l.google.com., A 209.85.149.167, A 209.85.149.164, A > 209.85.149.165, A 209.85.149.166 (276) > 22:34:11.505444 IP 10.20.10.6.45653 > 213.158.7.2.53: 41142+ A? > chatenabled.mail.google.com. (45) > -- > > As you can see, libc tries to resolve mail.google.com from old > unreachable servers and gets the answer from correct DNS after 20 > seconds (!!!) of first query. > > This should be fixed, it makes OpenVPN plugin for NM unusable. > > The workaround of this issue may be providing static routes to > original DNS IP, but i cant do that in NM openvpn plugin > configuration, this option is inactive. As you pointed out, it depends on routing whether the original servers are available or not. And if you check the "Only use this connection for resources on its network" then any non-VPN traffic will still go over the wifi or ethernet or 3G device, not over the VPN, and likely the original DNS servers will be used. However, libc queries the DNS servers *in order listed*, so it's odd that anything would be trying to query the older servers at all. Note that libc does *not* refresh DNS information when resolv.conf changes, so if an application does not call res_init() before it makes DNS lookups, it may be using old information. This is a well-known glibc design choice that upstream glibc has declined to change. THe solution is to run a local caching nameserver that supports split DNS, thus any queries for VPN-specific nameservers can go to the VPN, and everythign else can go to your normal nameservers. So in the end, there are some things NM could do here. If the original nameservers are on subnets that are now owned by the VPN, NM probably shouldn't put those in resolv.conf. But on the other hand, it's a bug in applications to be using old DNS information, which is only fixed in the application by using res_init(), or by using a local caching nameserver. NM 0.8.2 and later has native support for dnsmasq as a local caching nameserver. Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Correctly write resolv.conf when using OpenVPN plugin
I decided to use OpenVPN plugin of NetworkManager instead of of openvn CLI binary and I begin to expect name resolving problems. Original bug was posted in https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/651007 People there suggested to write to this mailing list, so... Problem is in very slow name resolution when connecting to OpenVPN peer and obtaining DNS servers from there by directive push "dhcp-option DNS x.x.x.x" While investigating this issue I found that NM append obtained DNS servers to existing resolv.conf. So libc uses not only DNS servers from OpenVPN peer, but original DNS servers too. It should be noticed that original DNS servers WILL LIKELY be unreacable after establishing VPN connection. In my case resolv.conf BEFORE openvpn connection is: - nameserver 212.48.193.37 nameserver 192.168.100.1 - And after is: - # Generated by NetworkManager nameserver 88.85.66.222 nameserver 78.140.128.205 nameserver 213.158.7.2 # NOTE: the libc resolver may not support more than 3 nameservers. # The nameservers listed below may not be recognized. nameserver 212.48.193.37 nameserver 192.168.100.1 In this case last three servers are invalid as they are not reachable after VPN connection, so name resolve becomes totally slow after openvpn connection because libc tries to get DNS answer from all servers: -- r...@pentarh-netbook:/var/log# tcpdump -i tun0 -n port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes 22:33:46.803557 IP 10.20.10.6.55426 > 213.158.7.2.53: 32890+ A? mail.google.com. (33) 22:33:51.807076 IP 10.20.10.6.58861 > 212.48.193.37.53: 32890+ A? mail.google.com. (33) 22:33:55.521957 IP 10.20.10.6.60601 > 213.158.7.2.53: 49670+ A? www.google.com. (32) 22:34:00.527135 IP 10.20.10.6.57982 > 212.48.193.37.53: 49670+ A? www.google.com. (32) 22:34:09.760264 IP 10.20.10.6.39286 > 88.85.66.222.53: 27804+ A? pagead2.googleadservices.com. (46) 22:34:09.946468 IP 88.85.66.222.53 > 10.20.10.6.39286: 27804 5/4/4 CNAME pagead.l.google.com., A 209.85.149.167, A 209.85.149.164, A 209.85.149.165, A 209.85.149.166 (276) 22:34:11.505444 IP 10.20.10.6.45653 > 213.158.7.2.53: 41142+ A? chatenabled.mail.google.com. (45) -- As you can see, libc tries to resolve mail.google.com from old unreachable servers and gets the answer from correct DNS after 20 seconds (!!!) of first query. This should be fixed, it makes OpenVPN plugin for NM unusable. The workaround of this issue may be providing static routes to original DNS IP, but i cant do that in NM openvpn plugin configuration, this option is inactive. -- Regards, Pentarh Udi ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH] Add checkbox to pass the --float option in OpenVPN
On 11/02/2010 06:32 PM, Carlos Alberto Lopez Perez wrote: > Hello, > > I am missing an option to pass the "--float" parameter to OpenVPN from > network-manager-openvpn so I cooked a small patch that adds a checkbox > under advanced options. > > "--float" when specified with "--remote" allows an OpenVPN session to > initially connect to a peer at a known address, however if packets arrive > from a new address and pass all authentication tests, the new address will > take control of the session. This is useful when you are connecting to a > peer which holds a dynamic address such as a dial-in user or DHCP client. > > Could you merge it upstream? > > Thanks in advance! > > Regards. > > > > ___ > networkmanager-list mailing list > networkmanager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list Hello, Any chance of merging this upstream? Thanks! signature.asc Description: OpenPGP digital signature ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH] Add checkbox to pass the --float option in OpenVPN
Hello, I am missing an option to pass the "--float" parameter to OpenVPN from network-manager-openvpn so I cooked a small patch that adds a checkbox under advanced options. "--float" when specified with "--remote" allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new address will take control of the session. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client. Could you merge it upstream? Thanks in advance! Regards. From bf1d3f07b35e83ac4a54ce06bf8bd580c972f483 Mon Sep 17 00:00:00 2001 From: Carlos Alberto Lopez Perez Date: Tue, 2 Nov 2010 18:04:59 +0100 Subject: [PATCH] Add checkbox to pass the --float option in OpenVPN * Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the --remote option. This allows remote peer to change its IP address and/or port number. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client. --- properties/auth-helpers.c | 11 +++ properties/nm-openvpn-dialog.glade | 14 ++ src/nm-openvpn-service.c |5 + src/nm-openvpn-service.h |1 + 4 files changed, 31 insertions(+), 0 deletions(-) diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c index 631be2b..09b7a0e 100644 --- a/properties/auth-helpers.c +++ b/properties/auth-helpers.c @@ -841,6 +841,7 @@ static const char *advanced_keys[] = { NM_OPENVPN_KEY_PORT, NM_OPENVPN_KEY_COMP_LZO, NM_OPENVPN_KEY_MSSFIX, + NM_OPENVPN_KEY_FLOAT, NM_OPENVPN_KEY_TUNNEL_MTU, NM_OPENVPN_KEY_FRAGMENT_SIZE, NM_OPENVPN_KEY_TAP_DEV, @@ -1389,6 +1390,12 @@ advanced_dialog_new (GHashTable *hash, const char *contype) gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); } + value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_FLOAT); + if (value && !strcmp (value, "yes")) { + widget = glade_xml_get_widget (xml, "float_checkbutton"); + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); + } + value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_PROTO_TCP); if (value && !strcmp (value, "yes")) { widget = glade_xml_get_widget (xml, "tcp_checkbutton"); @@ -1581,6 +1588,10 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error) if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_MSSFIX), g_strdup ("yes")); + widget = glade_xml_get_widget (xml, "float_checkbutton"); + if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) + g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_FLOAT), g_strdup ("yes")); + widget = glade_xml_get_widget (xml, "tcp_checkbutton"); if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PROTO_TCP), g_strdup ("yes")); diff --git a/properties/nm-openvpn-dialog.glade b/properties/nm-openvpn-dialog.glade index 78cc383..1f9e5d9 100644 --- a/properties/nm-openvpn-dialog.glade +++ b/properties/nm-openvpn-dialog.glade @@ -1107,6 +1107,20 @@ 7 + + +Accept authenticated packets from any address (_Float) +True +True +False +True +True + + + False + 8 + + diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c index 8ac0d26..bb3326f 100644 --- a/src/nm-openvpn-service.c +++ b/src/nm-openvpn-service.c @@ -99,6 +99,7 @@ static ValidProperty valid_properties[] = { { NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_COMP_LZO, G_TYPE_BOOLEAN, 0, 0, FALSE }, { NM_OPENVPN_KEY_CONNECTION_TYPE, G_TYPE_STRING, 0, 0, FALSE }, + { NM_OPENVPN_KEY_FLOAT,G_TYPE_BOOLEAN, 0, 0, FALSE }, { NM_OPENVPN_KEY_FRAGMENT_SIZE,G_TYPE_INT, 0, G_MAXINT, FALSE }, { NM_OPENVPN_KEY_KEY, G_TYPE_STRING, 0, 0, FALSE }, { NM_OPENVPN_KEY_LOCAL_IP, G_TYPE_STRING, 0, 0, TRUE }, @@ -802,6 +803,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, if (tmp && !strcmp (tmp, "yes")) add_openvpn_arg (args, "--comp-lzo"); + tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FLOAT); + if (tmp && !strcmp (tmp, "yes")) + add_openvpn_arg (args, "--float"); + add_openvpn_arg (a
Re: Patch for nm-openvpn: fix incompatible change of NMVpnPluginUiInterface
On Wed, 2010-10-20 at 13:32 +0800, cee1 wrote: > Hi Dan, > > > I found these changes have already in repo, but: > nm-openvpn: applied and then > reverted: > http://git.gnome.org/browse/network-manager-openvpn/commit/?id=fd508820f42448e43b921d9e1e3353ba11ba3a17 > nm-pptp: in master branch but hasn't synchronized to NM_0_8 Yeah, I need to revert the revert before 0.8.2 on all the VPN plugins. Dan > 2010/10/13 cee1 > Found the same problem for nm-pptp, attachment is the patch. > > 2010/10/12 cee1 > > > Hi Dan, > > > From NM0.8.1 to 0.8.2, two members of > "NMVpnPluginUiInterface" renamed. > File properties/nm-openvpn.c of nm-openvpn should > upgrade for this. > > > -- > Regards, > > - cee1 > > ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Patch for nm-openvpn: fix incompatible change of NMVpnPluginUiInterface
Hi Dan, I found these changes have already in repo, but: nm-openvpn: applied and then reverted: http://git.gnome.org/browse/network-manager-openvpn/commit/?id=fd508820f42448e43b921d9e1e3353ba11ba3a17 nm-pptp: in master branch<http://git.gnome.org/browse/network-manager-pptp/commit/?id=738426ebc4b3bf0bd40e02a093df814ff570a920> but hasn't synchronized to NM_0_8 2010/10/13 cee1 > Found the same problem for nm-pptp, attachment is the patch. > > 2010/10/12 cee1 > > Hi Dan, >> >> From NM0.8.1 to 0.8.2, two members of "NMVpnPluginUiInterface" renamed. >> File >> properties/nm-openvpn.c<http://git.gnome.org/browse/network-manager-openvpn/tree/properties/nm-openvpn.c#n778> >> of >> nm-openvpn should upgrade for this. >> > -- Regards, - cee1 ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Patch for nm-openvpn: fix incompatible change of NMVpnPluginUiInterface
Found the same problem for nm-pptp, attachment is the patch. 2010/10/12 cee1 > Hi Dan, > > From NM0.8.1 to 0.8.2, two members of "NMVpnPluginUiInterface" renamed. > File > properties/nm-openvpn.c<http://git.gnome.org/browse/network-manager-openvpn/tree/properties/nm-openvpn.c#n778> > of > nm-openvpn should upgrade for this. > -- Regards, - cee1 0001-nm-pptp.c-fix-for-new-NMVpnPluginUiInterface.patch Description: Binary data ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Patch for nm-openvpn: fix incompatible change of NMVpnPluginUiInterface
Hi Dan, >From NM0.8.1 to 0.8.2, two members of "NMVpnPluginUiInterface" renamed. File properties/nm-openvpn.c<http://git.gnome.org/browse/network-manager-openvpn/tree/properties/nm-openvpn.c#n778> of nm-openvpn should upgrade for this. -- Regards, - cee1 0001-nm-openvpn.c-fix-for-new-NMVpnPluginUiInterface.patch Description: Binary data ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN is stopped when wireless goes down
2010/9/29 Dan Williams : > On Sat, 2010-09-04 at 21:24 +0200, Gregory Auzanneau wrote: >> Hello all, >> >> Since some days, I experience a lot of renegociation on my WIFI network >> card. >> Each time, a renegociation occured, OpenVPN is disconnected and need to >> be reactivated manually. >> >> Is there a way to keep OpenVPN started and reconnect when connection >> came back ? > > Not yet, it's an often-requested enhancement and we need to make this > happen. > I solved it with a dispatcher script which starts openvpn connection with "nmcli" if eth0 is up. ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN is stopped when wireless goes down
On Sat, 2010-09-04 at 21:24 +0200, Gregory Auzanneau wrote: > Hello all, > > Since some days, I experience a lot of renegociation on my WIFI network > card. > Each time, a renegociation occured, OpenVPN is disconnected and need to > be reactivated manually. > > Is there a way to keep OpenVPN started and reconnect when connection > came back ? Not yet, it's an often-requested enhancement and we need to make this happen. Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Support for inline certs and keys for openvpn
Hi all, In newer versions of OpenVPN there's support added for including the certificates and keys inline in the configuration-file. Is there any logical support in network-manager-openvpn today to support this or any plans of adding it? Thanks ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
OpenVPN is stopped when wireless goes down
Hello all, Since some days, I experience a lot of renegociation on my WIFI network card. Each time, a renegociation occured, OpenVPN is disconnected and need to be reactivated manually. Is there a way to keep OpenVPN started and reconnect when connection came back ? Thank you all for the good work with network-manager, keep up with it ! :) ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 0.8 / OpenVPN certificate selection broken
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dan Williams @ 08/04/2010 12:05 AM: >> In what format is your private key? Can you share the top few lines of >> it? I'm not sure what version of NM-openvpn 10.04 shipped, but there >> have been a number of fixes in the past 6 months in this area. It looks >> like 10.04 contains code from Feb 2010, which does not have these fixes. > the private key is saved in PEM format, here are the top lines: - -BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,CFF55EC1C0093EDD the version of network-manager-openvpn installed is 0.8-0ubuntu3 -BEGIN PGP SIGNATURE- iEYEAREIAAYFAkxZrEYACgkQXhfCJNu98qBR8gCfUbRKIkHEo4EVuJTx/eXV3aMW 04YAoOv/3ZAQEJc0EyKy2NWix3ergBRB =R7fp -END PGP SIGNATURE- ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 0.8 / OpenVPN certificate selection broken
On Fri, 2010-07-30 at 23:05 -0700, scar wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > hello all, > > i have v0.8 installed in ubuntu 10.04 (0.8-0ubuntu3) and i am trying to > create an OpenVPN connection but something very weird is going on with > the certificate selection boxes. > > i originally setup the VPN connection on debian lenny, which uses NM > 0.6.6, and it works great. i created the CA and all of the server and > client certificates and private keys there too, using tinyca 0.7.5-2. > > now i have copied over the CA and my user cert and private key to this > box with NM 0.8 and attempting to setup the same VPN connection. after > filling in all of the required info, and selecting the certificates, i > clicked Apply button. i also restarted network-manager. the VPN > connection did not show up in the list of available connections > (left-click on NM icon). the computer needed to be restarted because of > some updates and, after it rebooted, the VPN connection did show up in > the list of available connections. however, it did not work "because > there are no valid VPN secrets" > > when i go back to check the VPN's setting, the certificates have been > changed. for example, the User Certificate is now set to my ~/sbin > directory. when i click on that to try and change it to the correct > certificate file, i am unable to select the file (clicking on the file > does nothing). when i click the Open button, it seems to open a random > folder. if i go back to try to pick the certificate, i can. after > getting the right files selected again, i click apply and then > immediately go back to edit the VPN connection, and the certificates > have been changed again to different directories or files. very weird. In what format is your private key? Can you share the top few lines of it? I'm not sure what version of NM-openvpn 10.04 shipped, but there have been a number of fixes in the past 6 months in this area. It looks like 10.04 contains code from Feb 2010, which does not have these fixes. Dan > i also tried to delete the VPN connection and recreate it, no luck. > > i also tried to export the VPN connection from the debian computer and > import it on the ubuntu computer. when i try that, NM on the ubuntu > computer says: > > The file 'VPN.pcf' could not be read or does not contain recognized VPN > connection information > > Error: unknown OpenVPN file extension. > > -BEGIN PGP SIGNATURE- > > iEYEAREIAAYFAkxTvR8ACgkQXhfCJNu98qC4EgCfSWu/a2omzd0TrWDx255vlAbt > p3EAoPP12yyB9bp2aLjUwhQ3ovaHm+AO > =zyOI > -END PGP SIGNATURE- > > ___ > networkmanager-list mailing list > networkmanager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
0.8 / OpenVPN certificate selection broken
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 hello all, i have v0.8 installed in ubuntu 10.04 (0.8-0ubuntu3) and i am trying to create an OpenVPN connection but something very weird is going on with the certificate selection boxes. i originally setup the VPN connection on debian lenny, which uses NM 0.6.6, and it works great. i created the CA and all of the server and client certificates and private keys there too, using tinyca 0.7.5-2. now i have copied over the CA and my user cert and private key to this box with NM 0.8 and attempting to setup the same VPN connection. after filling in all of the required info, and selecting the certificates, i clicked Apply button. i also restarted network-manager. the VPN connection did not show up in the list of available connections (left-click on NM icon). the computer needed to be restarted because of some updates and, after it rebooted, the VPN connection did show up in the list of available connections. however, it did not work "because there are no valid VPN secrets" when i go back to check the VPN's setting, the certificates have been changed. for example, the User Certificate is now set to my ~/sbin directory. when i click on that to try and change it to the correct certificate file, i am unable to select the file (clicking on the file does nothing). when i click the Open button, it seems to open a random folder. if i go back to try to pick the certificate, i can. after getting the right files selected again, i click apply and then immediately go back to edit the VPN connection, and the certificates have been changed again to different directories or files. very weird. i also tried to delete the VPN connection and recreate it, no luck. i also tried to export the VPN connection from the debian computer and import it on the ubuntu computer. when i try that, NM on the ubuntu computer says: The file 'VPN.pcf' could not be read or does not contain recognized VPN connection information Error: unknown OpenVPN file extension. -BEGIN PGP SIGNATURE- iEYEAREIAAYFAkxTvR8ACgkQXhfCJNu98qC4EgCfSWu/a2omzd0TrWDx255vlAbt p3EAoPP12yyB9bp2aLjUwhQ3ovaHm+AO =zyOI -END PGP SIGNATURE- ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Thu, 2010-04-15 at 11:13 +0200, Robert Vogelgesang wrote: > On Wed, Apr 14, 2010 at 02:15:31PM -0700, Dan Williams wrote: > > On Fri, 2010-04-09 at 09:43 +0200, Robert Vogelgesang wrote: > > > Dan, > > > > > > On Thu, Apr 08, 2010 at 05:15:54PM -0700, Dan Williams wrote: > > > > On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote: > > > > > On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: > > > > > > > > > > > On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: > > > > > >> I have an openvpn config file that works fine with openvpn. > > > > > >> (ubuntu > > > > > >> lucid beta) As far as I can tell there is no way to create a like > > > > > >> config in the nm openvpn editor. I can make one somewhat similar > > > > > >> and > > > > > >> export, but it doesn't look enough like mine to work. > > > > > > > > > > > > Which options? > > > > > > > > > > Hi Dan > > > > > > > > > > this is my (short) list of missing options/features > > > > > > > > > > - support for external dhcp on the server side, normally I configure > > > > > openvpn server to push only data that I can't provide via dhcp > > > > > server. So > > > > > ip/mask/dns is taken from dhcp and additional route from openvpn > > > > > This configuration works perfectly for windows machine, on certain > > > > > customer I have a dedicated openvpn only for me because I can't use > > > > > "normal" openvpn configuration :-( > > > > > > > > Yeah, we need support for this internally. Right now we pretty much > > > > assume a tunnel approach, not TAP. It's not that hard to fix that I > > > > guess; but in general the real fix for this would be helped by some of > > > > the activation changes that I'd like to do to fix the PPPoE issues that > > > > people currently have. > > > > > > I'd like to see this feature, too. Could you please elaborate on what > > > has to be done to support this? > > Sorry, I forgot to mention that I'd like to use this in a Fedora 12 > environment. Therefore I'd prefer to start with the source RPMs > for the current Fedora 12 update packages; or is there anything > that requires an update to the current GIT branches? I actually have f12-updates-testing based on current git, since F12's versions were so old (2009/09). So you might as well start with those :) F12 periodically gets updated to very recent snapshots anyway. > In case I should use the GIT versions: The relevant GIT branches > for Fedora 12 would be the master branches of NetworkManager and > network-manager-openvpn, correct? This is the very recent build for updates-testing: https://admin.fedoraproject.org/updates/NetworkManager-0.8.0-6.git20100408.fc12,ModemManager-0.3-9.git20100409.fc12 So if you like you could base your work off that, or use git master. > > > > > 1) add an "method" item to NetworkManagerVPN.h: > > > > /* string: IP4 configuration method */ > > #define NM_VPN_PLUGIN_IP4_CONFIG_METHOD "method" > > > > /* Values for NM_VPN_PLUGIN_IP4_CONFIG_METHOD */ > > #define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_DHCP "dhcp" > > #define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_STATIC "static" > > Hmm, should "static" mean "parameters provided by static configuration > on the client side", or "parameters provided by the peer via VPN > protocol data", or both? Since these key/value pairs only come from teh VPN plugin, they always mean "parameters provided by the peer via VPN protocol data". The user overrides are figured in later (the "merge_ip4_config" function in nm_vpn_connection_ip4_config_get() handles this). > > > > if the plugin doesn't send 'method' in the config dict, or the item is a > > zero-length string, 'static' is assumed. > > > > 2) In the openvpn plugin, if we're supposed to use DHCP (is tap always > > used with DHCP, or are there cases where it's not?) then we add the > > NM_VPN_PLUGIN_IP4_CONFIG_METHOD item to the returned IP4 config struct > > with the value "dhcp". > > Openvpn has the "server-bridge" directive, which defines a pool of > IP addresses that the openvpn server assigns to its clients on tap > devices; so tap does not
Re: complex openvpn - can nm just launch?
On Wed, Apr 14, 2010 at 02:15:31PM -0700, Dan Williams wrote: > On Fri, 2010-04-09 at 09:43 +0200, Robert Vogelgesang wrote: > > Dan, > > > > On Thu, Apr 08, 2010 at 05:15:54PM -0700, Dan Williams wrote: > > > On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote: > > > > On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: > > > > > > > > > On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: > > > > >> I have an openvpn config file that works fine with openvpn. (ubuntu > > > > >> lucid beta) As far as I can tell there is no way to create a like > > > > >> config in the nm openvpn editor. I can make one somewhat similar and > > > > >> export, but it doesn't look enough like mine to work. > > > > > > > > > > Which options? > > > > > > > > Hi Dan > > > > > > > > this is my (short) list of missing options/features > > > > > > > > - support for external dhcp on the server side, normally I configure > > > > openvpn server to push only data that I can't provide via dhcp server. > > > > So > > > > ip/mask/dns is taken from dhcp and additional route from openvpn > > > > This configuration works perfectly for windows machine, on certain > > > > customer I have a dedicated openvpn only for me because I can't use > > > > "normal" openvpn configuration :-( > > > > > > Yeah, we need support for this internally. Right now we pretty much > > > assume a tunnel approach, not TAP. It's not that hard to fix that I > > > guess; but in general the real fix for this would be helped by some of > > > the activation changes that I'd like to do to fix the PPPoE issues that > > > people currently have. > > > > I'd like to see this feature, too. Could you please elaborate on what > > has to be done to support this? Sorry, I forgot to mention that I'd like to use this in a Fedora 12 environment. Therefore I'd prefer to start with the source RPMs for the current Fedora 12 update packages; or is there anything that requires an update to the current GIT branches? In case I should use the GIT versions: The relevant GIT branches for Fedora 12 would be the master branches of NetworkManager and network-manager-openvpn, correct? > > 1) add an "method" item to NetworkManagerVPN.h: > > /* string: IP4 configuration method */ > #define NM_VPN_PLUGIN_IP4_CONFIG_METHOD "method" > > /* Values for NM_VPN_PLUGIN_IP4_CONFIG_METHOD */ > #define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_DHCP "dhcp" > #define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_STATIC "static" Hmm, should "static" mean "parameters provided by static configuration on the client side", or "parameters provided by the peer via VPN protocol data", or both? > > if the plugin doesn't send 'method' in the config dict, or the item is a > zero-length string, 'static' is assumed. > > 2) In the openvpn plugin, if we're supposed to use DHCP (is tap always > used with DHCP, or are there cases where it's not?) then we add the > NM_VPN_PLUGIN_IP4_CONFIG_METHOD item to the returned IP4 config struct > with the value "dhcp". Openvpn has the "server-bridge" directive, which defines a pool of IP addresses that the openvpn server assigns to its clients on tap devices; so tap does not always mean DHCP. I'll look and see how we could / should handle this. Robert > > 3) Then we need to modify nm_vpn_connection_ip4_config_get() and split > it into two functions, one for DHCP and one for static. Take the stuff > at the bottom of that function (everything below print_vpn_config()) and > put that into a separate function that gets called by both the static > and dhcp processing bits. So you'll have something like: > > nm_vpn_connection_ip4_config_get() > { >const char *method = "static"; > >/* remove the timeout since the plugin replied */ >g_source_remove (priv->ipconfig_timeout); >priv->ipconfig_timeout = 0; > >val = g_hash_table_lookup (config_hash, NM_VPN_PLUGIN_IP4_CONFIG_METHOD); >if (val && G_VALUE_HOLDS_STRING (val)) >method = g_value_get_string (val); > >if (!method || !strcmp (method, NM_VPN_PLUGIN_IP4_CONFIG_METHOD_STATIC)) { > if (handle_static_ip4_config (connection, config_hash)) > return; >} else if (method && !strcmp (method, > NM_VPN_PLUGIN_IP4_CONFIG_METHOD_DHCP)) { > if
Re: complex openvpn - can nm just launch?
On Fri, 2010-04-09 at 09:43 +0200, Robert Vogelgesang wrote: > Dan, > > On Thu, Apr 08, 2010 at 05:15:54PM -0700, Dan Williams wrote: > > On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote: > > > On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: > > > > > > > On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: > > > >> I have an openvpn config file that works fine with openvpn. (ubuntu > > > >> lucid beta) As far as I can tell there is no way to create a like > > > >> config in the nm openvpn editor. I can make one somewhat similar and > > > >> export, but it doesn't look enough like mine to work. > > > > > > > > Which options? > > > > > > Hi Dan > > > > > > this is my (short) list of missing options/features > > > > > > - support for external dhcp on the server side, normally I configure > > > openvpn server to push only data that I can't provide via dhcp server. So > > > ip/mask/dns is taken from dhcp and additional route from openvpn > > > This configuration works perfectly for windows machine, on certain > > > customer I have a dedicated openvpn only for me because I can't use > > > "normal" openvpn configuration :-( > > > > Yeah, we need support for this internally. Right now we pretty much > > assume a tunnel approach, not TAP. It's not that hard to fix that I > > guess; but in general the real fix for this would be helped by some of > > the activation changes that I'd like to do to fix the PPPoE issues that > > people currently have. > > I'd like to see this feature, too. Could you please elaborate on what > has to be done to support this? 1) add an "method" item to NetworkManagerVPN.h: /* string: IP4 configuration method */ #define NM_VPN_PLUGIN_IP4_CONFIG_METHOD "method" /* Values for NM_VPN_PLUGIN_IP4_CONFIG_METHOD */ #define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_DHCP "dhcp" #define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_STATIC "static" if the plugin doesn't send 'method' in the config dict, or the item is a zero-length string, 'static' is assumed. 2) In the openvpn plugin, if we're supposed to use DHCP (is tap always used with DHCP, or are there cases where it's not?) then we add the NM_VPN_PLUGIN_IP4_CONFIG_METHOD item to the returned IP4 config struct with the value "dhcp". 3) Then we need to modify nm_vpn_connection_ip4_config_get() and split it into two functions, one for DHCP and one for static. Take the stuff at the bottom of that function (everything below print_vpn_config()) and put that into a separate function that gets called by both the static and dhcp processing bits. So you'll have something like: nm_vpn_connection_ip4_config_get() { const char *method = "static"; /* remove the timeout since the plugin replied */ g_source_remove (priv->ipconfig_timeout); priv->ipconfig_timeout = 0; val = g_hash_table_lookup (config_hash, NM_VPN_PLUGIN_IP4_CONFIG_METHOD); if (val && G_VALUE_HOLDS_STRING (val)) method = g_value_get_string (val); if (!method || !strcmp (method, NM_VPN_PLUGIN_IP4_CONFIG_METHOD_STATIC)) { if (handle_static_ip4_config (connection, config_hash)) return; } else if (method && !strcmp (method, NM_VPN_PLUGIN_IP4_CONFIG_METHOD_DHCP)) { if (handle_dhcp_ip4_config (connection, config_hash)) return; } else nm_log_err (LOGD_VPN, "unknown vpn IP4 method '%s', method); /* same error stuff as at the bottom of the function now */ } For the DHCP4 bits, we'll want to build up the NMIP4Config object as much as possible and cache that in priv->ip4_config while DHCP is completing. We'll need to add a few things to teh NMVPNConnection object's private data, like: NMDHCPManager * dhcp_manager; NMDHCPClient * dhcp4_client; gulong dhcp4_state_sigid; gulong dhcp4_timeout_sigid; (see nm-device.c for DHCP stuff). When the NMVPNConnection is initialized, lets grab a reference to the DHCP manager in nm_vpn_connection_init(): priv->dhcp_manager = nm_dhcp_manager_get (); and then in handle_dhcp_ip4_config() we'll do something like: static gboolean handle_dhcp_ip4_config (NMVPNConnection *vpn, GHashTable *config) { NMVPNConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (vpn); NMSettingConnection *s_con; NMSettingIP4Config *s_ip4; const char *uuid; ip4_config, see nm_vpn_connection_ip4_config_get() for how to do this> s_con = NM_SETT
Re: complex openvpn - can nm just launch?
Dan, On Thu, Apr 08, 2010 at 05:15:54PM -0700, Dan Williams wrote: > On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote: > > On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: > > > > > On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: > > >> I have an openvpn config file that works fine with openvpn. (ubuntu > > >> lucid beta) As far as I can tell there is no way to create a like > > >> config in the nm openvpn editor. I can make one somewhat similar and > > >> export, but it doesn't look enough like mine to work. > > > > > > Which options? > > > > Hi Dan > > > > this is my (short) list of missing options/features > > > > - support for external dhcp on the server side, normally I configure > > openvpn server to push only data that I can't provide via dhcp server. So > > ip/mask/dns is taken from dhcp and additional route from openvpn > > This configuration works perfectly for windows machine, on certain > > customer I have a dedicated openvpn only for me because I can't use > > "normal" openvpn configuration :-( > > Yeah, we need support for this internally. Right now we pretty much > assume a tunnel approach, not TAP. It's not that hard to fix that I > guess; but in general the real fix for this would be helped by some of > the activation changes that I'd like to do to fix the PPPoE issues that > people currently have. I'd like to see this feature, too. Could you please elaborate on what has to be done to support this? If it's not too much work, I'd give it a try over the next few weekends (I'd like to use this feature mid-May ;-)). Robert > > > - support for multiple remote server > > Yeah; the trick there is going to be pulling out the IP of the current > server and using that to update the routing table, since we have to add > a host route to the VPN server over the underlying hardware interface. > Maybe that already works just fine for multi-server case, not sure. > > Dan > > > > > > > > > Dan > > > > > >> I've tried importing/exporting a tweaking, but the wizard thing just > > >> isn't flexible enough. (the xml-ization aka 'registry-ization' of just > > >> standard config files seems to bite me in various aspects of computing) > > >> > > >> I'd like to launch openvpn with my config file from nm. Is there a > > >> way? Short of that is there a way to make dbus or whatever think of I > > >> have network without launching from nm? > > >> > > >> Thanks! > > >> -Scott > > >> > > >> ___ NetworkManager-list > > >> mailing list > > >> NetworkManager-list@gnome.org > > >> http://mail.gnome.org/mailman/listinfo/networkmanager-list > > > > > > > > > > > > > ___ > networkmanager-list mailing list > networkmanager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Thu, 2010-04-08 at 17:15 -0700, Dan Williams wrote: > On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote: > > On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: > > > > > On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: > > >> I have an openvpn config file that works fine with openvpn. (ubuntu > > >> lucid beta) As far as I can tell there is no way to create a like > > >> config in the nm openvpn editor. I can make one somewhat similar and > > >> export, but it doesn't look enough like mine to work. > > > > > > Which options? > > > > Hi Dan > > > > this is my (short) list of missing options/features > > > > - support for external dhcp on the server side, normally I configure > > openvpn server to push only data that I can't provide via dhcp server. So > > ip/mask/dns is taken from dhcp and additional route from openvpn > > This configuration works perfectly for windows machine, on certain > > customer I have a dedicated openvpn only for me because I can't use > > "normal" openvpn configuration :-( > > Yeah, we need support for this internally. Right now we pretty much > assume a tunnel approach, not TAP. It's not that hard to fix that I > guess; but in general the real fix for this would be helped by some of > the activation changes that I'd like to do to fix the PPPoE issues that > people currently have. > > > - support for multiple remote server > > Yeah; the trick there is going to be pulling out the IP of the current > server and using that to update the routing table, since we have to add > a host route to the VPN server over the underlying hardware interface. > Maybe that already works just fine for multi-server case, not sure. I was talking about one openvpn server with multiple ip, with openvpn you can use "remote" several times or even better support for , but also multiple vpn concurrently is an interesting case > > Dan > > > > > > > > > Dan > > > > > >> I've tried importing/exporting a tweaking, but the wizard thing just > > >> isn't flexible enough. (the xml-ization aka 'registry-ization' of just > > >> standard config files seems to bite me in various aspects of computing) > > >> > > >> I'd like to launch openvpn with my config file from nm. Is there a > > >> way? Short of that is there a way to make dbus or whatever think of I > > >> have network without launching from nm? > > >> > > >> Thanks! > > >> -Scott > > >> > > >> ___ NetworkManager-list > > >> mailing list > > >> NetworkManager-list@gnome.org > > >> http://mail.gnome.org/mailman/listinfo/networkmanager-list > > > > > > > > > > > > -- Cordiali Saluti Alessandro Bono ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote: > On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: > > > On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: > >> I have an openvpn config file that works fine with openvpn. (ubuntu > >> lucid beta) As far as I can tell there is no way to create a like > >> config in the nm openvpn editor. I can make one somewhat similar and > >> export, but it doesn't look enough like mine to work. > > > > Which options? > > Hi Dan > > this is my (short) list of missing options/features > > - support for external dhcp on the server side, normally I configure > openvpn server to push only data that I can't provide via dhcp server. So > ip/mask/dns is taken from dhcp and additional route from openvpn > This configuration works perfectly for windows machine, on certain > customer I have a dedicated openvpn only for me because I can't use > "normal" openvpn configuration :-( Yeah, we need support for this internally. Right now we pretty much assume a tunnel approach, not TAP. It's not that hard to fix that I guess; but in general the real fix for this would be helped by some of the activation changes that I'd like to do to fix the PPPoE issues that people currently have. > - support for multiple remote server Yeah; the trick there is going to be pulling out the IP of the current server and using that to update the routing table, since we have to add a host route to the VPN server over the underlying hardware interface. Maybe that already works just fine for multi-server case, not sure. Dan > > > > > Dan > > > >> I've tried importing/exporting a tweaking, but the wizard thing just > >> isn't flexible enough. (the xml-ization aka 'registry-ization' of just > >> standard config files seems to bite me in various aspects of computing) > >> > >> I'd like to launch openvpn with my config file from nm. Is there a > >> way? Short of that is there a way to make dbus or whatever think of I > >> have network without launching from nm? > >> > >> Thanks! > >> -Scott > >> > >> ___ NetworkManager-list > >> mailing list > >> NetworkManager-list@gnome.org > >> http://mail.gnome.org/mailman/listinfo/networkmanager-list > > > > > ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: > On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: >> I have an openvpn config file that works fine with openvpn. (ubuntu >> lucid beta) As far as I can tell there is no way to create a like >> config in the nm openvpn editor. I can make one somewhat similar and >> export, but it doesn't look enough like mine to work. > > Which options? Hi Dan this is my (short) list of missing options/features - support for external dhcp on the server side, normally I configure openvpn server to push only data that I can't provide via dhcp server. So ip/mask/dns is taken from dhcp and additional route from openvpn This configuration works perfectly for windows machine, on certain customer I have a dedicated openvpn only for me because I can't use "normal" openvpn configuration :-( - support for multiple remote server > > Dan > >> I've tried importing/exporting a tweaking, but the wizard thing just >> isn't flexible enough. (the xml-ization aka 'registry-ization' of just >> standard config files seems to bite me in various aspects of computing) >> >> I'd like to launch openvpn with my config file from nm. Is there a >> way? Short of that is there a way to make dbus or whatever think of I >> have network without launching from nm? >> >> Thanks! >> -Scott >> >> ___ NetworkManager-list >> mailing list >> NetworkManager-list@gnome.org >> http://mail.gnome.org/mailman/listinfo/networkmanager-list -- Cordiali saluti Alessandro Bono ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Tue, 2010-04-06 at 14:31 -0600, Scott Serr wrote: > On 04/06/2010 12:10 PM, Dan Williams wrote: > > On Tue, 2010-04-06 at 11:28 -0600, Scott Serr wrote: > > > >> On 04/06/2010 10:25 AM, Dan Williams wrote: > >> > >>> On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: > >>> > >>> > >>>> I have an openvpn config file that works fine with openvpn. (ubuntu > >>>> lucid beta) As far as I can tell there is no way to create a like > >>>> config in the nm openvpn editor. I can make one somewhat similar and > >>>> export, but it doesn't look enough like mine to work. > >>>> > >>>> > >>> Which options? > >>> > >>> Dan > >>> > >>> > >> I suspect there will always be a new option to chase. > >> > > Probably, but at some point we reach the set of options that 95% of > > people use. There are seriously so many options with openvpn that it's > > not funny, and the program is completely incapable of auto-negotiating > > them, which is also not funny. It's downright sad. > > > > > >> Here is mine: > >> > >> dev tun > >> remote 127.0.0.1 41927 tcp-client > >> proto tcp-client > >> ifconfig 192.168.56.2 192.168.56.1 > >> route 0.0.0.0 128.0.0.0 > >> route 128.0.0.0 128.0.0.0 > >> socket-flags TCP_NODELAY > >> ping 10 > >> dhcp-option DNS 192.168.56.1 > >> > >> There is no encryption, data is sent in cleartext. This is appropriate > >> for use with Azilink on Android phones. > >> > > The only thing I can see that's not yet supported is the "no encryption" > > part, which (not to be pedantic) isn't really a VPN. But I suppose > > that's something we can add. > > > > Dan > > > > > > Thanks for the info Dan. > > On Ubuntu Lucid Beta, there are some issues saving other options. I was > going to attempt to hack up the xml and take out the key/user/pass. Do > you think this would work? The routes and the DNS option would go into the IPv4 tab, which may not actually get imported by the current import code. This is basically like a static key connection, except without the key. > I wonder how easy it would be to have an "ad-hoc" sort of connection in > nm. Where nm would not care about much other that running a start and > stop script and telling dbus networking is up. That doesn't really work automatically, for the most part, and it's also a security issue since openvpn runs as 'root' and you're basically giving it unfiltered commands which will also get run as root. In the end, it's not that hard to support additional options, but we need people willing to write the patches. I can't do everything at once of course, and while others (Huzaifa for example) have been very good about picking issues out of bugzilla and fixing them, this isn't one that's been reported before and thus we haven't looked at it yet... Random question though, what exactly is Azilink and what are you using it for? Dan > For Azilink users: > If you wish to use dbus-aware apps like Empathy, I've been successful > now with "/etc/init.d/network-manager stop". > ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On 04/06/2010 12:10 PM, Dan Williams wrote: On Tue, 2010-04-06 at 11:28 -0600, Scott Serr wrote: On 04/06/2010 10:25 AM, Dan Williams wrote: On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Dan I suspect there will always be a new option to chase. Probably, but at some point we reach the set of options that 95% of people use. There are seriously so many options with openvpn that it's not funny, and the program is completely incapable of auto-negotiating them, which is also not funny. It's downright sad. Here is mine: dev tun remote 127.0.0.1 41927 tcp-client proto tcp-client ifconfig 192.168.56.2 192.168.56.1 route 0.0.0.0 128.0.0.0 route 128.0.0.0 128.0.0.0 socket-flags TCP_NODELAY ping 10 dhcp-option DNS 192.168.56.1 There is no encryption, data is sent in cleartext. This is appropriate for use with Azilink on Android phones. The only thing I can see that's not yet supported is the "no encryption" part, which (not to be pedantic) isn't really a VPN. But I suppose that's something we can add. Dan Thanks for the info Dan. On Ubuntu Lucid Beta, there are some issues saving other options. I was going to attempt to hack up the xml and take out the key/user/pass. Do you think this would work? I wonder how easy it would be to have an "ad-hoc" sort of connection in nm. Where nm would not care about much other that running a start and stop script and telling dbus networking is up. For Azilink users: If you wish to use dbus-aware apps like Empathy, I've been successful now with "/etc/init.d/network-manager stop". ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Tue, 2010-04-06 at 11:28 -0600, Scott Serr wrote: > On 04/06/2010 10:25 AM, Dan Williams wrote: > > On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: > > > >> I have an openvpn config file that works fine with openvpn. (ubuntu > >> lucid beta) As far as I can tell there is no way to create a like > >> config in the nm openvpn editor. I can make one somewhat similar and > >> export, but it doesn't look enough like mine to work. > >> > > Which options? > > > > Dan > > > > I suspect there will always be a new option to chase. Probably, but at some point we reach the set of options that 95% of people use. There are seriously so many options with openvpn that it's not funny, and the program is completely incapable of auto-negotiating them, which is also not funny. It's downright sad. > Here is mine: > > dev tun > remote 127.0.0.1 41927 tcp-client > proto tcp-client > ifconfig 192.168.56.2 192.168.56.1 > route 0.0.0.0 128.0.0.0 > route 128.0.0.0 128.0.0.0 > socket-flags TCP_NODELAY > ping 10 > dhcp-option DNS 192.168.56.1 > > There is no encryption, data is sent in cleartext. This is appropriate > for use with Azilink on Android phones. The only thing I can see that's not yet supported is the "no encryption" part, which (not to be pedantic) isn't really a VPN. But I suppose that's something we can add. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On 04/06/2010 10:25 AM, Dan Williams wrote: On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Dan I suspect there will always be a new option to chase. Here is mine: dev tun remote 127.0.0.1 41927 tcp-client proto tcp-client ifconfig 192.168.56.2 192.168.56.1 route 0.0.0.0 128.0.0.0 route 128.0.0.0 128.0.0.0 socket-flags TCP_NODELAY ping 10 dhcp-option DNS 192.168.56.1 There is no encryption, data is sent in cleartext. This is appropriate for use with Azilink on Android phones. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: > I have an openvpn config file that works fine with openvpn. (ubuntu > lucid beta) As far as I can tell there is no way to create a like > config in the nm openvpn editor. I can make one somewhat similar and > export, but it doesn't look enough like mine to work. Which options? Dan > I've tried importing/exporting a tweaking, but the wizard thing just > isn't flexible enough. (the xml-ization aka 'registry-ization' of just > standard config files seems to bite me in various aspects of computing) > > I'd like to launch openvpn with my config file from nm. Is there a way? > Short of that is there a way to make dbus or whatever think of I have > network without launching from nm? > > Thanks! > -Scott > > ___ > NetworkManager-list mailing list > NetworkManager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
complex openvpn - can nm just launch?
I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. I've tried importing/exporting a tweaking, but the wizard thing just isn't flexible enough. (the xml-ization aka 'registry-ization' of just standard config files seems to bite me in various aspects of computing) I'd like to launch openvpn with my config file from nm. Is there a way? Short of that is there a way to make dbus or whatever think of I have network without launching from nm? Thanks! -Scott ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN config problem
Andrey Borzenkov napsal(a): On Friday 19 of February 2010 11:09:37 Karel Kozlik wrote: Hi, Dan Williams napsal(a): On Thu, 2010-02-18 at 11:24 +0100, Karel Kozlik wrote: Hi Dan, Dan Williams napsal(a): On Wed, 2010-02-17 at 10:36 +0100, Karel Kozlik wrote: Hi, could someone help me vith openVPN configuration in Network Manager? Actualy when I click to VPN connection in NM, it does nothing. /var/log/syslog contain following lines: I see the message "VPN connection 'my-vpn' failed to connect: 'No VPN secrets!'", but I believe the secrets are configured correctly. Is your private key by any chance *un*encrypted? The VPN service plugin currently requires encrypted private keys (which are more secure anyway) and it could fail like this in that case. Do you mean password protected key? My key was not. I tried create password protected key and changed the connectio type to "x509 with password" and filled the password into setttings. It still not worked. But when I changed the key to my old one (unecrypted) and left the connection type to "x509 with password" it connected. There are a few different passwords here. There's the "private key password", which is used to unlock your private key for TLS connections, and then there's also the "user password", which is used for password-based authentication that openvpn supports. Somewhat confusingly, you can stack these methods in openvpn, which is what the "TLS with password" thing is. But that's not what you want. Your connection appears to be TLS only, so you only need to choose "x509" there like you were before. I'm assuming that knetworkmanager is smart enough to ask you for your private key password when nm-openvpn-service needs it. So try flipping back to just "x509" and see where that gets you. I just tryied and it ends with error: Feb 19 09:01:36 kk-nb NetworkManager: nm_vpn_connection_connect_cb(): VPN connection 'kufr' failed to connect: 'No VPN secrets!'. It does not matter if I use my unecrypted key or password protected key. Knetworkmanager even do not ask me for the private key password. Could it be a bug in knetworkmanager? I am currently working on a similar problem using kvpnc plugin. Could you please provide - your ~/.kde4/share/config/networkmanagementrc - ~/.kde4/share/apps/networkmanagement/connections/{UUID} files attached - start knetworkmanager in terminal (do kquitapp knetworkmanager to terminate running version), try to connect and provide output only these rows imediately after start knetworkmanager: QLayout: Attempting to add QLayout "" to InterfaceConnectionItem "", which already has a layout QLayout: Attempting to add QLayout "" to InterfaceConnectionItem "", which already has a layout QLayout: Attempting to add QLayout "" to InterfaceConnectionItem "", which already has a layout QLayout: Attempting to add QLayout "" to InterfaceConnectionItem "", which already has a layout QLayout: Attempting to add QLayout "" to InterfaceConnectionItem "", which already has a layout and these when I try to connect: QDBusObjectPath: invalid path "any" QDBusObjectPath: invalid path "any" It does not seem to be useful. of course obfuscate any sensitive data. Also, are you using kwallet or plain text to store secrets? I do not use any secrets except the key which is in plain text in separate file. thanks, Karel thank you! -andrey thanks, Karel Dan But I am not sure if the connection procedure finished. The openvpn daemon is running, tap interface exists, I can ping remote server interface (via vpn) and default route is set to VPN tap interface. But status of the connection in knetworkmanager did not changed. So I cannot disconnect from it. I also cannot ping any another host except those on my LAN segment and the remote VPN server. The packets should be routed throught VPN connection to another nodes, but they are not. However it works if I connect purely with openvpn (not useing NM). Any idea what could be worng? Including my syslog. thanks, Karel Feb 18 11:19:21 kk-nb NetworkManager: Starting VPN service 'org.freedesktop.NetworkManager.openvpn'... Feb 18 11:19:21 kk-nb NetworkManager: VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 24258 Feb 18 11:19:21 kk-nb NetworkManager: VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections Feb 18 11:19:21 kk-nb NetworkManager: VPN plugin state changed: 1 Feb 18 11:19:21 kk-nb nm-openvpn[24261]: OpenVPN 2.1_rc19 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009 Feb 18 11:19:21 kk-nb NetworkManager: VPN plugin state changed:
Re: OpenVPN config problem
On Friday 19 of February 2010 11:09:37 Karel Kozlik wrote: > Hi, > > Dan Williams napsal(a): > > On Thu, 2010-02-18 at 11:24 +0100, Karel Kozlik wrote: > >> Hi Dan, > >> > >> Dan Williams napsal(a): > >>> On Wed, 2010-02-17 at 10:36 +0100, Karel Kozlik wrote: > >>>> Hi, > >>>> could someone help me vith openVPN configuration in Network > >>>> Manager? Actualy when I click to VPN connection in NM, it does > >>>> nothing. /var/log/syslog contain following lines: > >>>> > >>>> I see the message "VPN connection 'my-vpn' failed to connect: > >>>> 'No VPN secrets!'", but I believe the secrets are configured > >>>> correctly. > >>> > >>> Is your private key by any chance *un*encrypted? The VPN service > >>> plugin currently requires encrypted private keys (which are more > >>> secure anyway) and it could fail like this in that case. > >> > >> Do you mean password protected key? My key was not. > >> > >> I tried create password protected key and changed the connectio > >> type to "x509 with password" and filled the password into > >> setttings. It still not worked. But when I changed the key to my > >> old one (unecrypted) and left the connection type to "x509 with > >> password" it connected. > > > > There are a few different passwords here. There's the "private key > > password", which is used to unlock your private key for TLS > > connections, and then there's also the "user password", which is > > used for password-based authentication that openvpn supports. > > Somewhat confusingly, you can stack these methods in openvpn, > > which is what the "TLS with password" thing is. > > > > But that's not what you want. Your connection appears to be TLS > > only, so you only need to choose "x509" there like you were > > before. I'm assuming that knetworkmanager is smart enough to ask > > you for your private key password when nm-openvpn-service needs > > it. So try flipping back to just "x509" and see where that gets > > you. > > I just tryied and it ends with error: > > Feb 19 09:01:36 kk-nb NetworkManager: > nm_vpn_connection_connect_cb(): VPN connection 'kufr' failed to > connect: 'No VPN secrets!'. > > It does not matter if I use my unecrypted key or password protected > key. Knetworkmanager even do not ask me for the private key > password. > > Could it be a bug in knetworkmanager? > I am currently working on a similar problem using kvpnc plugin. Could you please provide - your ~/.kde4/share/config/networkmanagementrc - ~/.kde4/share/apps/networkmanagement/connections/{UUID} - start knetworkmanager in terminal (do kquitapp knetworkmanager to terminate running version), try to connect and provide output of course obfuscate any sensitive data. Also, are you using kwallet or plain text to store secrets? thank you! -andrey > thanks, > Karel > > > Dan > > > >> But I am not sure if the connection procedure finished. The > >> openvpn > >> > >> daemon is running, tap interface exists, I can ping remote server > >> interface (via vpn) and default route is set to VPN tap interface. > >> But status of the connection in knetworkmanager did not changed. > >> So I cannot disconnect from it. I also cannot ping any another > >> host except those on my LAN segment and the remote VPN server. > >> The packets should be routed throught VPN connection to another > >> nodes, but they are not. However it works if I connect purely > >> with openvpn (not useing NM). > >> > >> Any idea what could be worng? Including my syslog. > >> > >> thanks, > >> Karel > >> > >> > >> > >> Feb 18 11:19:21 kk-nb NetworkManager: Starting VPN service > >> 'org.freedesktop.NetworkManager.openvpn'... > >> Feb 18 11:19:21 kk-nb NetworkManager: VPN service > >> 'org.freedesktop.NetworkManager.openvpn' started > >> (org.freedesktop.NetworkManager.openvpn), PID 24258 > >> > >> > >> Feb 18 11:19:21 kk-nb NetworkManager: VPN service > >> 'org.freedesktop.NetworkManager.openvpn' just appeared, activating > >> connections > >> Feb 18 11:19:21 kk-nb NetworkManager: VPN plugin state > >> changed: 1 > >> Feb 18 11:19:21 kk-nb nm-openvpn[24
Re: OpenVPN config problem
Hi, Dan Williams napsal(a): On Thu, 2010-02-18 at 11:24 +0100, Karel Kozlik wrote: Hi Dan, Dan Williams napsal(a): On Wed, 2010-02-17 at 10:36 +0100, Karel Kozlik wrote: Hi, could someone help me vith openVPN configuration in Network Manager? Actualy when I click to VPN connection in NM, it does nothing. /var/log/syslog contain following lines: I see the message "VPN connection 'my-vpn' failed to connect: 'No VPN secrets!'", but I believe the secrets are configured correctly. Is your private key by any chance *un*encrypted? The VPN service plugin currently requires encrypted private keys (which are more secure anyway) and it could fail like this in that case. Do you mean password protected key? My key was not. I tried create password protected key and changed the connectio type to "x509 with password" and filled the password into setttings. It still not worked. But when I changed the key to my old one (unecrypted) and left the connection type to "x509 with password" it connected. There are a few different passwords here. There's the "private key password", which is used to unlock your private key for TLS connections, and then there's also the "user password", which is used for password-based authentication that openvpn supports. Somewhat confusingly, you can stack these methods in openvpn, which is what the "TLS with password" thing is. But that's not what you want. Your connection appears to be TLS only, so you only need to choose "x509" there like you were before. I'm assuming that knetworkmanager is smart enough to ask you for your private key password when nm-openvpn-service needs it. So try flipping back to just "x509" and see where that gets you. I just tryied and it ends with error: Feb 19 09:01:36 kk-nb NetworkManager: nm_vpn_connection_connect_cb(): VPN connection 'kufr' failed to connect: 'No VPN secrets!'. It does not matter if I use my unecrypted key or password protected key. Knetworkmanager even do not ask me for the private key password. Could it be a bug in knetworkmanager? thanks, Karel Dan But I am not sure if the connection procedure finished. The openvpn daemon is running, tap interface exists, I can ping remote server interface (via vpn) and default route is set to VPN tap interface. But status of the connection in knetworkmanager did not changed. So I cannot disconnect from it. I also cannot ping any another host except those on my LAN segment and the remote VPN server. The packets should be routed throught VPN connection to another nodes, but they are not. However it works if I connect purely with openvpn (not useing NM). Any idea what could be worng? Including my syslog. thanks, Karel Feb 18 11:19:21 kk-nb NetworkManager: Starting VPN service 'org.freedesktop.NetworkManager.openvpn'... Feb 18 11:19:21 kk-nb NetworkManager: VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 24258 Feb 18 11:19:21 kk-nb NetworkManager: VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections Feb 18 11:19:21 kk-nb NetworkManager: VPN plugin state changed: 1 Feb 18 11:19:21 kk-nb nm-openvpn[24261]: OpenVPN 2.1_rc19 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009 Feb 18 11:19:21 kk-nb NetworkManager: VPN plugin state changed: 3 Feb 18 11:19:21 kk-nb NetworkManager: VPN connection 'kufr' (Connect) reply received. Feb 18 11:19:21 kk-nb nm-openvpn[24261]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 18 11:19:21 kk-nb nm-openvpn[24261]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 18 11:19:21 kk-nb nm-openvpn[24261]: WARNING: file '/home/kk/.openvpn/kk-nb.key' is group or others accessible Feb 18 11:19:21 kk-nb nm-openvpn[24261]: /usr/bin/openssl-vulnkey -q -b 1024 -m Feb 18 11:19:22 kk-nb nm-openvpn[24261]: UDPv4 link local: [undef] Feb 18 11:19:22 kk-nb nm-openvpn[24261]: UDPv4 link remote: 194.228.84.159:28960 Feb 18 11:19:22 kk-nb nm-openvpn[24261]: [ns.kufr.cz] Peer Connection Initiated with 194.228.84.159:28960 Feb 18 11:19:23 kk-nb NetworkManager:SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0) Feb 18 11:19:23 kk-nb NetworkManager:SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found. Feb 18 11:19:23 kk-nb NetworkManager: device_creator(): /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring... Feb 18 11:19:23 kk-nb nm-openvpn[24261]: TUN/TAP device tap0 opened Feb 18 11:19:23 kk-nb nm-openvpn[24261]: /sbin/ifconfig
Re: OpenVPN config problem
On Thu, 2010-02-18 at 11:24 +0100, Karel Kozlik wrote: > Hi Dan, > > Dan Williams napsal(a): > > On Wed, 2010-02-17 at 10:36 +0100, Karel Kozlik wrote: > >> Hi, > >> could someone help me vith openVPN configuration in Network Manager? > >> Actualy when I click to VPN connection in NM, it does nothing. > >> /var/log/syslog contain following lines: > >> > >> I see the message "VPN connection 'my-vpn' failed to connect: 'No VPN > >> secrets!'", but I believe the secrets are configured correctly. > > > > Is your private key by any chance *un*encrypted? The VPN service plugin > > currently requires encrypted private keys (which are more secure anyway) > > and it could fail like this in that case. > > > > Do you mean password protected key? My key was not. > > I tried create password protected key and changed the connectio type to > "x509 with password" and filled the password into setttings. It still > not worked. But when I changed the key to my old one (unecrypted) and > left the connection type to "x509 with password" it connected. There are a few different passwords here. There's the "private key password", which is used to unlock your private key for TLS connections, and then there's also the "user password", which is used for password-based authentication that openvpn supports. Somewhat confusingly, you can stack these methods in openvpn, which is what the "TLS with password" thing is. But that's not what you want. Your connection appears to be TLS only, so you only need to choose "x509" there like you were before. I'm assuming that knetworkmanager is smart enough to ask you for your private key password when nm-openvpn-service needs it. So try flipping back to just "x509" and see where that gets you. Dan > But I am not sure if the connection procedure finished. The openvpn > daemon is running, tap interface exists, I can ping remote server > interface (via vpn) and default route is set to VPN tap interface. But > status of the connection in knetworkmanager did not changed. So I cannot > disconnect from it. I also cannot ping any another host except those on > my LAN segment and the remote VPN server. The packets should be routed > throught VPN connection to another nodes, but they are not. However it > works if I connect purely with openvpn (not useing NM). > > Any idea what could be worng? Including my syslog. > > thanks, > Karel > > > > Feb 18 11:19:21 kk-nb NetworkManager: Starting VPN service > 'org.freedesktop.NetworkManager.openvpn'... > Feb 18 11:19:21 kk-nb NetworkManager: VPN service > 'org.freedesktop.NetworkManager.openvpn' started > (org.freedesktop.NetworkManager.openvpn), PID 24258 > > > Feb 18 11:19:21 kk-nb NetworkManager: VPN service > 'org.freedesktop.NetworkManager.openvpn' just appeared, activating > connections > Feb 18 11:19:21 kk-nb NetworkManager: VPN plugin state changed: > 1 > Feb 18 11:19:21 kk-nb nm-openvpn[24261]: OpenVPN 2.1_rc19 > x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009 > > Feb 18 11:19:21 kk-nb NetworkManager: VPN plugin state changed: > 3 > Feb 18 11:19:21 kk-nb NetworkManager: VPN connection 'kufr' > (Connect) reply received. > Feb 18 11:19:21 kk-nb nm-openvpn[24261]: WARNING: No server certificate > verification method has been enabled. See > http://openvpn.net/howto.html#mitm for more info. > > > Feb 18 11:19:21 kk-nb nm-openvpn[24261]: NOTE: the current > --script-security setting may allow this configuration to call > user-defined scripts > > > Feb 18 11:19:21 kk-nb nm-openvpn[24261]: WARNING: file > '/home/kk/.openvpn/kk-nb.key' is group or others accessible > > Feb 18 11:19:21 kk-nb nm-openvpn[24261]: /usr/bin/openssl-vulnkey -q -b > 1024 -m > Feb 18 11:19:22 kk-nb nm-openvpn[24261]: UDPv4 link local: [undef] > > Feb 18 11:19:22 kk-nb nm-openvpn[24261]: UDPv4 link remote: > 194.228.84.159:28960 > > Feb 18 11:19:22 kk-nb nm-openvpn[24261]: [ns.kufr.cz] Peer Connection > Initiated with 194.228.84.159:28960 > Feb 18 11:19:23 kk-nb NetworkManager:SCPlugin-Ifupdown: devices > added (path: /sys/devices/virtual/net/tap0, iface: tap0) > Feb 18 11:19:23 kk-nb NetworkManager:SCPlugin-Ifupdown: device added > (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown > configuration found. > > Feb 18 11:19:23 kk-nb NetworkManager: device_creator(): > /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring... > Feb 18 11:19:23
Re: OpenVPN config problem
Hi Dan, Dan Williams napsal(a): On Wed, 2010-02-17 at 10:36 +0100, Karel Kozlik wrote: Hi, could someone help me vith openVPN configuration in Network Manager? Actualy when I click to VPN connection in NM, it does nothing. /var/log/syslog contain following lines: I see the message "VPN connection 'my-vpn' failed to connect: 'No VPN secrets!'", but I believe the secrets are configured correctly. Is your private key by any chance *un*encrypted? The VPN service plugin currently requires encrypted private keys (which are more secure anyway) and it could fail like this in that case. Do you mean password protected key? My key was not. I tried create password protected key and changed the connectio type to "x509 with password" and filled the password into setttings. It still not worked. But when I changed the key to my old one (unecrypted) and left the connection type to "x509 with password" it connected. But I am not sure if the connection procedure finished. The openvpn daemon is running, tap interface exists, I can ping remote server interface (via vpn) and default route is set to VPN tap interface. But status of the connection in knetworkmanager did not changed. So I cannot disconnect from it. I also cannot ping any another host except those on my LAN segment and the remote VPN server. The packets should be routed throught VPN connection to another nodes, but they are not. However it works if I connect purely with openvpn (not useing NM). Any idea what could be worng? Including my syslog. thanks, Karel Feb 18 11:19:21 kk-nb NetworkManager: Starting VPN service 'org.freedesktop.NetworkManager.openvpn'... Feb 18 11:19:21 kk-nb NetworkManager: VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 24258 Feb 18 11:19:21 kk-nb NetworkManager: VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections Feb 18 11:19:21 kk-nb NetworkManager: VPN plugin state changed: 1 Feb 18 11:19:21 kk-nb nm-openvpn[24261]: OpenVPN 2.1_rc19 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009 Feb 18 11:19:21 kk-nb NetworkManager: VPN plugin state changed: 3 Feb 18 11:19:21 kk-nb NetworkManager: VPN connection 'kufr' (Connect) reply received. Feb 18 11:19:21 kk-nb nm-openvpn[24261]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 18 11:19:21 kk-nb nm-openvpn[24261]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 18 11:19:21 kk-nb nm-openvpn[24261]: WARNING: file '/home/kk/.openvpn/kk-nb.key' is group or others accessible Feb 18 11:19:21 kk-nb nm-openvpn[24261]: /usr/bin/openssl-vulnkey -q -b 1024 -m Feb 18 11:19:22 kk-nb nm-openvpn[24261]: UDPv4 link local: [undef] Feb 18 11:19:22 kk-nb nm-openvpn[24261]: UDPv4 link remote: 194.228.84.159:28960 Feb 18 11:19:22 kk-nb nm-openvpn[24261]: [ns.kufr.cz] Peer Connection Initiated with 194.228.84.159:28960 Feb 18 11:19:23 kk-nb NetworkManager:SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0) Feb 18 11:19:23 kk-nb NetworkManager:SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found. Feb 18 11:19:23 kk-nb NetworkManager: device_creator(): /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring... Feb 18 11:19:23 kk-nb nm-openvpn[24261]: TUN/TAP device tap0 opened Feb 18 11:19:23 kk-nb nm-openvpn[24261]: /sbin/ifconfig tap0 44.177.215.7 netmask 255.255.255.240 mtu 1500 broadcast 44.177.215.15 Feb 18 11:19:23 kk-nb nm-openvpn[24261]: /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper tap0 1500 1573 44.177.215.7 255.255.255.240 init Feb 18 11:19:23 kk-nb avahi-daemon[1002]: Joining mDNS multicast group on interface tap0.IPv4 with address 44.177.215.7. Feb 18 11:19:23 kk-nb avahi-daemon[1002]: New relevant interface tap0.IPv4 for mDNS. Feb 18 11:19:23 kk-nb avahi-daemon[1002]: Registering new address record for 44.177.215.7 on tap0.IPv4. Feb 18 11:19:23 kk-nb avahi-daemon[1002]: Withdrawing address record for 44.177.215.7 on tap0. Feb 18 11:19:23 kk-nb avahi-daemon[1002]: Leaving mDNS multicast group on interface tap0.IPv4 with address 44.177.215.7. Feb 18 11:19:23 kk-nb avahi-daemon[1002]: Interface tap0.IPv4 no longer relevant for mDNS. Feb 18 11:19:23 kk-nb avahi-daemon[1002]: Joining mDNS multicast group on interface tap0.IPv4 with address 44.177.215.7. Feb 18 11:19:23 kk-nb avahi-daemon[1002]: New relevant interface tap0.IPv4 for mDNS. Feb 18 11:19:23 kk-nb avahi-daemon[1002]: Registering new address record for 44.177.215.7 on tap0.IPv4. Feb 18 11:19:23 kk-nb NetworkManager: VPN connection 'kufr' (I
Re: OpenVPN config problem
On Wed, 2010-02-17 at 10:36 +0100, Karel Kozlik wrote: > Hi, > could someone help me vith openVPN configuration in Network Manager? > Actualy when I click to VPN connection in NM, it does nothing. > /var/log/syslog contain following lines: > > I see the message "VPN connection 'my-vpn' failed to connect: 'No VPN > secrets!'", but I believe the secrets are configured correctly. Is your private key by any chance *un*encrypted? The VPN service plugin currently requires encrypted private keys (which are more secure anyway) and it could fail like this in that case. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN Problem
Dan Williams schrieb: > On Tue, 2010-02-16 at 14:46 +0100, rh wrote: > >> R.Hnat >> >> >> Dan Williams schrieb: >> >>> On Sat, 2010-02-13 at 12:33 +0100, rh wrote: >>> >>> >>>> Dan Williams schrieb: >>>> >>>> >>>>> On Thu, 2010-02-11 at 15:40 +0100, rh wrote: >>>>> >>>>> >>>>> >>>>>> R.Hnat >>>>>> >>>>>> >>>>>> Dan Williams schrieb: >>>>>> >>>>>> >>>>>> >>>>>>> On Tue, 2010-02-09 at 07:03 +0100, rh wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Dan Williams schrieb: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> On Sat, 2010-01-30 at 10:00 +0100, rh wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Dan Williams schrieb: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> On Fri, 2010-01-29 at 15:12 +0100, rh wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> I try to connect to an OpenVPN Server (Located on an IPCop) from my >>>>>>>>>>>> Ubuntu Box. I have Configured Netmanager with all necessary >>>>>>>>>>>> parameters >>>>>>>>>>>> Parameters following an IPCop Howto. But there happens nothing >>>>>>>>>>>> when i >>>>>>>>>>>> try to connect. There are not any Logmessages in /var/log/message, >>>>>>>>>>>> there >>>>>>>>>>>> is no error message, simply no reaction. I have installed >>>>>>>>>>>> Network-Manager and network-Manager-OpenVpn and the >>>>>>>>>>>> Network-Manager-Applet. What could that be? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> You'll need to reboot after installing a new VPN plugin package. >>>>>>>>>>> If you >>>>>>>>>>> do that, does anything different happen? >>>>>>>>>>> >>>>>>>>>>> Dan >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> No this does not change anything. It is just like network-manager >>>>>>>>>> was'nt there. But i can see the process whith 'ps ax'. And i can >>>>>>>>>> start >>>>>>>>>> the VPN using the 'openvpn' command from the commandline. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> Have you config
OpenVPN config problem
Hi, could someone help me vith openVPN configuration in Network Manager? Actualy when I click to VPN connection in NM, it does nothing. /var/log/syslog contain following lines: Feb 17 10:11:13 kk-nb NetworkManager: Starting VPN service 'org.freedesktop.NetworkManager.openvpn'... Feb 17 10:11:13 kk-nb NetworkManager: VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 12393 Feb 17 10:11:13 kk-nb NetworkManager: VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections Feb 17 10:11:13 kk-nb NetworkManager: VPN plugin state changed: 1 Feb 17 10:11:13 kk-nb NetworkManager: VPN plugin state changed: 3 Feb 17 10:11:13 kk-nb NetworkManager: VPN connection 'my-vpn' (Connect) reply received. Feb 17 10:11:13 kk-nb NetworkManager: nm_vpn_connection_connect_cb(): VPN connection 'my-vpn' failed to connect: 'No VPN secrets!'. Feb 17 10:11:13 kk-nb NetworkManager: connection_state_changed(): Could not process the request because no VPN connection was active. Feb 17 10:11:13 kk-nb NetworkManager: (eth0): writing resolv.conf to /sbin/resolvconf Feb 17 10:11:13 kk-nb NetworkManager: Policy set 'eth0 - dhcp' (eth0) as default for routing and DNS. Feb 17 10:11:26 kk-nb NetworkManager: [1266397886.002812] ensure_killed(): waiting for vpn service pid 12393 to exit Feb 17 10:11:26 kk-nb NetworkManager: [1266397886.002989] ensure_killed(): vpn service pid 12393 cleaned up I see the message "VPN connection 'my-vpn' failed to connect: 'No VPN secrets!'", but I believe the secrets are configured correctly. Ypu can check my openvpn config file (that works and connect to vpn without problems) and screenshots of my NM configuration at http://www.kufr.cz/kk/bordel/vpn/ I am useing: network-manager 0.8~a~git.20091013t193206.679d548-0ubuntu1 network-manager-openvpn 0.8~a~git.20091008t123607.7c184a9-0ubuntu1 plasma-widget-networkmanagement 0.9~svn1029786+ag1-0ubuntu1 thanks, Karel ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN Problem
Dan Williams schrieb: > On Tue, 2010-02-16 at 14:46 +0100, rh wrote: > >> R.Hnat >> >> >> Dan Williams schrieb: >> >>> On Sat, 2010-02-13 at 12:33 +0100, rh wrote: >>> >>> >>>> Dan Williams schrieb: >>>> >>>> >>>>> On Thu, 2010-02-11 at 15:40 +0100, rh wrote: >>>>> >>>>> >>>>> >>>>>> R.Hnat >>>>>> >>>>>> >>>>>> Dan Williams schrieb: >>>>>> >>>>>> >>>>>> >>>>>>> On Tue, 2010-02-09 at 07:03 +0100, rh wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Dan Williams schrieb: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> On Sat, 2010-01-30 at 10:00 +0100, rh wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Dan Williams schrieb: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> On Fri, 2010-01-29 at 15:12 +0100, rh wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> I try to connect to an OpenVPN Server (Located on an IPCop) from my >>>>>>>>>>>> Ubuntu Box. I have Configured Netmanager with all necessary >>>>>>>>>>>> parameters >>>>>>>>>>>> Parameters following an IPCop Howto. But there happens nothing >>>>>>>>>>>> when i >>>>>>>>>>>> try to connect. There are not any Logmessages in /var/log/message, >>>>>>>>>>>> there >>>>>>>>>>>> is no error message, simply no reaction. I have installed >>>>>>>>>>>> Network-Manager and network-Manager-OpenVpn and the >>>>>>>>>>>> Network-Manager-Applet. What could that be? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> You'll need to reboot after installing a new VPN plugin package. >>>>>>>>>>> If you >>>>>>>>>>> do that, does anything different happen? >>>>>>>>>>> >>>>>>>>>>> Dan >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> No this does not change anything. It is just like network-manager >>>>>>>>>> was'nt there. But i can see the process whith 'ps ax'. And i can >>>>>>>>>> start >>>>>>>>>> the VPN using the 'openvpn' command from the commandline. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> Have you config
Re: OpenVPN Problem
On Tue, 2010-02-16 at 14:46 +0100, rh wrote: > > R.Hnat > > > Dan Williams schrieb: > > On Sat, 2010-02-13 at 12:33 +0100, rh wrote: > > > > > Dan Williams schrieb: > > > > > > > On Thu, 2010-02-11 at 15:40 +0100, rh wrote: > > > > > > > > > > > > > R.Hnat > > > > > > > > > > > > > > > Dan Williams schrieb: > > > > > > > > > > > > > > > > On Tue, 2010-02-09 at 07:03 +0100, rh wrote: > > > > > > > > > > > > > > > > > > > > > > > > > Dan Williams schrieb: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Sat, 2010-01-30 at 10:00 +0100, rh wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Dan Williams schrieb: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, 2010-01-29 at 15:12 +0100, rh wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I try to connect to an OpenVPN Server (Located on an > > > > > > > > > > > IPCop) from my > > > > > > > > > > > Ubuntu Box. I have Configured Netmanager with all > > > > > > > > > > > necessary parameters > > > > > > > > > > > Parameters following an IPCop Howto. But there happens > > > > > > > > > > > nothing when i > > > > > > > > > > > try to connect. There are not any Logmessages in > > > > > > > > > > > /var/log/message, there > > > > > > > > > > > is no error message, simply no reaction. I have installed > > > > > > > > > > > Network-Manager and network-Manager-OpenVpn and the > > > > > > > > > > > Network-Manager-Applet. What could that be? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > You'll need to reboot after installing a new VPN plugin > > > > > > > > > > package. If you > > > > > > > > > > do that, does anything different happen? > > > > > > > > > > > > > > > > > > > > Dan > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > No this does not change anything. It is just like > > > > > > > > > network-manager > > > > > > > > > was'nt there. But i can see the process whith 'ps ax'. And i > > > > > > > > > can start > > > > > > > > > the VPN using the 'openvpn' command from the commandline. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Have you configured the connection using nm-connection-editor > > > > > > > > in the VPN > > > > > > > > tab? > > > > > > > > > > > > > > > > Dan > > > > > > > > > > > > > > > > &g
Re: OpenVPN Problem
On Sat, 2010-02-13 at 12:33 +0100, rh wrote: > > > Dan Williams schrieb: > > On Thu, 2010-02-11 at 15:40 +0100, rh wrote: > > > > > R.Hnat > > > > > > > > > Dan Williams schrieb: > > > > > > > On Tue, 2010-02-09 at 07:03 +0100, rh wrote: > > > > > > > > > > > > > Dan Williams schrieb: > > > > > > > > > > > > > > > > On Sat, 2010-01-30 at 10:00 +0100, rh wrote: > > > > > > > > > > > > > > > > > > > > > > > > > Dan Williams schrieb: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, 2010-01-29 at 15:12 +0100, rh wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I try to connect to an OpenVPN Server (Located on an IPCop) > > > > > > > > > from my > > > > > > > > > Ubuntu Box. I have Configured Netmanager with all necessary > > > > > > > > > parameters > > > > > > > > > Parameters following an IPCop Howto. But there happens > > > > > > > > > nothing when i > > > > > > > > > try to connect. There are not any Logmessages in > > > > > > > > > /var/log/message, there > > > > > > > > > is no error message, simply no reaction. I have installed > > > > > > > > > Network-Manager and network-Manager-OpenVpn and the > > > > > > > > > Network-Manager-Applet. What could that be? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > You'll need to reboot after installing a new VPN plugin > > > > > > > > package. If you > > > > > > > > do that, does anything different happen? > > > > > > > > > > > > > > > > Dan > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > No this does not change anything. It is just like network-manager > > > > > > > was'nt there. But i can see the process whith 'ps ax'. And i can > > > > > > > start > > > > > > > the VPN using the 'openvpn' command from the commandline. > > > > > > > > > > > > > > > > > > > > > > > > > > > Have you configured the connection using nm-connection-editor in > > > > > > the VPN > > > > > > tab? > > > > > > > > > > > > Dan > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Of course I have configured with nm-connection-editor . > > > > > > > > > > > > > > Ok, and you're using the applet menu to start the openvpn connection? > > > > If you do this, then choose your VPN from the applet, do you get any > > > > messages? > > > > > > > > killall -TERM nm-openvpn-service > > > > OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service > > > > > > > > If that doesn't work, can you attach your ~/.xsession-errors file so we > > > > can see if it's a problem on the GUI side? > > > > > > > > Dan > > > > > > > > > > > > > > > No there is no reaction. > > > > > > r...@ligeti:~$ killall -TERM nm-openvpn-service > > > nm-openvpn-service: no process found > > > r...@ligeti:~$ OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service > > > bash: /usr/libexec/nm-openvpn-service: No such file or directory > > > > > > > Oh sorry... Debian-based distros put it elsewhere. Try this: > > > > killall -TERM nm-openvpn-service > > OPENVPN_DEBUG=1 /usr/lib/network-manager-openvpn/nm-openvpn-service > > > > and then lets see what it prints out. If it's not there, then > > > > dpkg -L network-manager-openvpn | grep nm-openvpn-service > > > > will tell you where the binary is located. > > > > Dan > > > > > > OPENVPN_DEBUG=1 /usr/lib/network-manager-openvpn/nm-openvpn-service does > nothing and has to be stopped with ^C. It won't print anything until it's told to make a VPN connection by NetworkManager. So just to confirm, you run this command, and then you're choosing your VPN connection from the menu to start it, right? And you get no output? And you're running them as root, right? Can you provide /var/log/daemon.log for me after this failure has occurred? > And here is what dpkg... says: > r...@ligeti:~$ dpkg -L network-manager-openvpn |grep nm-openvpn-service > /usr/lib/network-manager-openvpn/nm-openvpn-service > /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper > /etc/dbus-1/system.d/nm-openvpn-service.conf > /etc/NetworkManager/VPN/nm-openvpn-service.name > > Might it be that the problem is that all these files are 'root-owned' > and not executable from a simple user? No, they are supposed to be root owned since they are security sensitive and must launch privileged processes (your VPN). Normally they are spawned automatically by NetworkManager when needed, so the only time they are really run by a user is for debugging. Hopefully we can get to the bottom of this... Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN Problem
Dan Williams schrieb: > On Thu, 2010-02-11 at 15:40 +0100, rh wrote: > >> R.Hnat >> >> >> Dan Williams schrieb: >> >>> On Tue, 2010-02-09 at 07:03 +0100, rh wrote: >>> >>> >>>> Dan Williams schrieb: >>>> >>>> >>>>> On Sat, 2010-01-30 at 10:00 +0100, rh wrote: >>>>> >>>>> >>>>> >>>>>> Dan Williams schrieb: >>>>>> >>>>>> >>>>>> >>>>>>> On Fri, 2010-01-29 at 15:12 +0100, rh wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> I try to connect to an OpenVPN Server (Located on an IPCop) from my >>>>>>>> Ubuntu Box. I have Configured Netmanager with all necessary parameters >>>>>>>> Parameters following an IPCop Howto. But there happens nothing when i >>>>>>>> try to connect. There are not any Logmessages in /var/log/message, >>>>>>>> there >>>>>>>> is no error message, simply no reaction. I have installed >>>>>>>> Network-Manager and network-Manager-OpenVpn and the >>>>>>>> Network-Manager-Applet. What could that be? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> You'll need to reboot after installing a new VPN plugin package. If you >>>>>>> do that, does anything different happen? >>>>>>> >>>>>>> Dan >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> No this does not change anything. It is just like network-manager >>>>>> was'nt there. But i can see the process whith 'ps ax'. And i can start >>>>>> the VPN using the 'openvpn' command from the commandline. >>>>>> >>>>>> >>>>>> >>>>> Have you configured the connection using nm-connection-editor in the VPN >>>>> tab? >>>>> >>>>> Dan >>>>> >>>>> >>>>> >>>>> >>>> Of course I have configured with nm-connection-editor . >>>> >>>> >>> Ok, and you're using the applet menu to start the openvpn connection? >>> If you do this, then choose your VPN from the applet, do you get any >>> messages? >>> >>> killall -TERM nm-openvpn-service >>> OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service >>> >>> If that doesn't work, can you attach your ~/.xsession-errors file so we >>> can see if it's a problem on the GUI side? >>> >>> Dan >>> >>> >>> >> No there is no reaction. >> >> r...@ligeti:~$ killall -TERM nm-openvpn-service >> nm-openvpn-service: no process found >> r...@ligeti:~$ OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service >> bash: /usr/libexec/nm-openvpn-service: No such file or directory >> > > Oh sorry... Debian-based distros put it elsewhere. Try this: > > killall -TERM nm-openvpn-service > OPENVPN_DEBUG=1 /usr/lib/network-manager-openvpn/nm-openvpn-service > > and then lets see what it prints out. If it's not there, then > > dpkg -L network-manager-openvpn | grep nm-openvpn-service > > will tell you where the binary is located. > > Dan > > OPENVPN_DEBUG=1 /usr/lib/network-manager-openvpn/nm-openvpn-service does nothing and has to be stopped with ^C. And here is what dpkg... says: r...@ligeti:~$ dpkg -L network-manager-openvpn |grep nm-openvpn-service /usr/lib/network-manager-openvpn/nm-openvpn-service /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper /etc/dbus-1/system.d/nm-openvpn-service.conf /etc/NetworkManager/VPN/nm-openvpn-service.name Might it be that the problem is that all these files are 'root-owned' and not executable from a simple user? Reinhard ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN Problem
On Thu, 2010-02-11 at 15:40 +0100, rh wrote: > > R.Hnat > > > Dan Williams schrieb: > > On Tue, 2010-02-09 at 07:03 +0100, rh wrote: > > > > > Dan Williams schrieb: > > > > > > > On Sat, 2010-01-30 at 10:00 +0100, rh wrote: > > > > > > > > > > > > > Dan Williams schrieb: > > > > > > > > > > > > > > > > On Fri, 2010-01-29 at 15:12 +0100, rh wrote: > > > > > > > > > > > > > > > > > > > > > > > > > I try to connect to an OpenVPN Server (Located on an IPCop) from > > > > > > > my > > > > > > > Ubuntu Box. I have Configured Netmanager with all necessary > > > > > > > parameters > > > > > > > Parameters following an IPCop Howto. But there happens nothing > > > > > > > when i > > > > > > > try to connect. There are not any Logmessages in > > > > > > > /var/log/message, there > > > > > > > is no error message, simply no reaction. I have installed > > > > > > > Network-Manager and network-Manager-OpenVpn and the > > > > > > > Network-Manager-Applet. What could that be? > > > > > > > > > > > > > > > > > > > > > > > > > > > You'll need to reboot after installing a new VPN plugin package. > > > > > > If you > > > > > > do that, does anything different happen? > > > > > > > > > > > > Dan > > > > > > > > > > > > > > > > > > > > > > > No this does not change anything. It is just like network-manager > > > > > was'nt there. But i can see the process whith 'ps ax'. And i can start > > > > > the VPN using the 'openvpn' command from the commandline. > > > > > > > > > > > > > > Have you configured the connection using nm-connection-editor in the VPN > > > > tab? > > > > > > > > Dan > > > > > > > > > > > > > > > Of course I have configured with nm-connection-editor . > > > > > > > Ok, and you're using the applet menu to start the openvpn connection? > > If you do this, then choose your VPN from the applet, do you get any > > messages? > > > > killall -TERM nm-openvpn-service > > OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service > > > > If that doesn't work, can you attach your ~/.xsession-errors file so we > > can see if it's a problem on the GUI side? > > > > Dan > > > > > No there is no reaction. > > r...@ligeti:~$ killall -TERM nm-openvpn-service > nm-openvpn-service: no process found > r...@ligeti:~$ OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service > bash: /usr/libexec/nm-openvpn-service: No such file or directory Oh sorry... Debian-based distros put it elsewhere. Try this: killall -TERM nm-openvpn-service OPENVPN_DEBUG=1 /usr/lib/network-manager-openvpn/nm-openvpn-service and then lets see what it prints out. If it's not there, then dpkg -L network-manager-openvpn | grep nm-openvpn-service will tell you where the binary is located. Dan > I attach xsession-errors. > > Regards > Reinhard > plain text document attachment (.xsession-errors) > /etc/gdm/Xsession: Beginning session setup... > Setting IM through im-switch for locale=de_AT. > Start IM through /home/rh/.xinput.d/de_AT linked to > /etc/X11/xinit/xinput.d/scim-bridge. > Smart Common Input Method 1.4.9 > > Launching a SCIM daemon with Socket FrontEnd... > Loading simple Config module ... > Creating backend ... > /usr/bin/xmodmap: unable to open file '/usr/share/apps/kxkb/ubuntu.xmodmap' > for reading > /usr/bin/xmodmap: 1 error encountered, aborting. > Loading socket FrontEnd module ... > Starting SCIM as daemon ... > Launching a SCIM process with x11... > Loading socket Config module ... > Creating backend ... > Loading x11 FrontEnd module ... > Unable to create /home/rh/.dbus/session-bus > GTK Panel of SCIM 1.4.9 > > Starting SCIM as daemon ... > SCIM has been successfully launched. > GNOME_KEYRING_SOCKET=/tmp/keyring-qGLfGJ/socket > SSH_AUTH_SOCK=/tmp/keyring-qGLfGJ/socket.ssh > > (gnome-settings-daemon:2355): GLib-CRITICAL **: g_propagate_erro
Re: OpenVPN Problem
R.Hnat Dan Williams schrieb: > On Tue, 2010-02-09 at 07:03 +0100, rh wrote: > >> Dan Williams schrieb: >> >>> On Sat, 2010-01-30 at 10:00 +0100, rh wrote: >>> >>> >>>> Dan Williams schrieb: >>>> >>>> >>>>> On Fri, 2010-01-29 at 15:12 +0100, rh wrote: >>>>> >>>>> >>>>> >>>>>> I try to connect to an OpenVPN Server (Located on an IPCop) from my >>>>>> Ubuntu Box. I have Configured Netmanager with all necessary parameters >>>>>> Parameters following an IPCop Howto. But there happens nothing when i >>>>>> try to connect. There are not any Logmessages in /var/log/message, there >>>>>> is no error message, simply no reaction. I have installed >>>>>> Network-Manager and network-Manager-OpenVpn and the >>>>>> Network-Manager-Applet. What could that be? >>>>>> >>>>>> >>>>>> >>>>> You'll need to reboot after installing a new VPN plugin package. If you >>>>> do that, does anything different happen? >>>>> >>>>> Dan >>>>> >>>>> >>>>> >>>> No this does not change anything. It is just like network-manager >>>> was'nt there. But i can see the process whith 'ps ax'. And i can start >>>> the VPN using the 'openvpn' command from the commandline. >>>> >>>> >>> Have you configured the connection using nm-connection-editor in the VPN >>> tab? >>> >>> Dan >>> >>> >>> >> Of course I have configured with nm-connection-editor . >> > > Ok, and you're using the applet menu to start the openvpn connection? > If you do this, then choose your VPN from the applet, do you get any > messages? > > killall -TERM nm-openvpn-service > OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service > > If that doesn't work, can you attach your ~/.xsession-errors file so we > can see if it's a problem on the GUI side? > > Dan > > No there is no reaction. r...@ligeti:~$ killall -TERM nm-openvpn-service nm-openvpn-service: no process found r...@ligeti:~$ OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service bash: /usr/libexec/nm-openvpn-service: No such file or directory I attach xsession-errors. Regards Reinhard /etc/gdm/Xsession: Beginning session setup... Setting IM through im-switch for locale=de_AT. Start IM through /home/rh/.xinput.d/de_AT linked to /etc/X11/xinit/xinput.d/scim-bridge. Smart Common Input Method 1.4.9 Launching a SCIM daemon with Socket FrontEnd... Loading simple Config module ... Creating backend ... /usr/bin/xmodmap: unable to open file '/usr/share/apps/kxkb/ubuntu.xmodmap' for reading /usr/bin/xmodmap: 1 error encountered, aborting. Loading socket FrontEnd module ... Starting SCIM as daemon ... Launching a SCIM process with x11... Loading socket Config module ... Creating backend ... Loading x11 FrontEnd module ... Unable to create /home/rh/.dbus/session-bus GTK Panel of SCIM 1.4.9 Starting SCIM as daemon ... SCIM has been successfully launched. GNOME_KEYRING_SOCKET=/tmp/keyring-qGLfGJ/socket SSH_AUTH_SOCK=/tmp/keyring-qGLfGJ/socket.ssh (gnome-settings-daemon:2355): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed (gnome-settings-daemon:2355): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed Unable to find a synaptics device. Checking for Xgl: not present. xset q doesn't reveal the location of the log file. Using fallback /var/log/Xorg.0.log Detected PCI ID for VGA: Checking for texture_from_pixmap: present. Checking for non power of two support: present. Checking for Composite extension: present. Checking screen 1Comparing resolution (1680x1050) to maximum 3D texture size (8192): Passed. Checking for Software Rasterizer: Not present. Checking for nVidia: present. Checking for FBConfig: present. Checking for Xgl: not present. Initializing trackerd... Tracker-Message: Checking XDG_DATA_HOME is writable and exists Tracker-Message: XDG_DATA_HOME is '(null)' Tracker-Message: XDG_DATA_HOME set to '/home/rh/.local/share' Tracker-Message: Path is OK Tracker-Message: Setting IO priority Tracker-Message: Setting up monitor for changes to config file:'/home/rh/.config/tracker/tracker.cfg' Tracker-Message: Loading defaults into GKeyFile... Tracker-Message: Legacy config option 'IndexEvolutionEmails' found Tracker-Message: This option has
Re: OpenVPN Problem
On Tue, 2010-02-09 at 07:03 +0100, rh wrote: > > Dan Williams schrieb: > > On Sat, 2010-01-30 at 10:00 +0100, rh wrote: > > > > > Dan Williams schrieb: > > > > > > > On Fri, 2010-01-29 at 15:12 +0100, rh wrote: > > > > > > > > > > > > > I try to connect to an OpenVPN Server (Located on an IPCop) from my > > > > > Ubuntu Box. I have Configured Netmanager with all necessary > > > > > parameters > > > > > Parameters following an IPCop Howto. But there happens nothing when i > > > > > try to connect. There are not any Logmessages in /var/log/message, > > > > > there > > > > > is no error message, simply no reaction. I have installed > > > > > Network-Manager and network-Manager-OpenVpn and the > > > > > Network-Manager-Applet. What could that be? > > > > > > > > > > > > > > You'll need to reboot after installing a new VPN plugin package. If you > > > > do that, does anything different happen? > > > > > > > > Dan > > > > > > > > > > > No this does not change anything. It is just like network-manager > > > was'nt there. But i can see the process whith 'ps ax'. And i can start > > > the VPN using the 'openvpn' command from the commandline. > > > > > > > Have you configured the connection using nm-connection-editor in the VPN > > tab? > > > > Dan > > > > > Of course I have configured with nm-connection-editor . Ok, and you're using the applet menu to start the openvpn connection? If you do this, then choose your VPN from the applet, do you get any messages? killall -TERM nm-openvpn-service OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service If that doesn't work, can you attach your ~/.xsession-errors file so we can see if it's a problem on the GUI side? Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN Problem
Dan Williams schrieb: > On Sat, 2010-01-30 at 10:00 +0100, rh wrote: > >> Dan Williams schrieb: >> >>> On Fri, 2010-01-29 at 15:12 +0100, rh wrote: >>> >>> >>>> I try to connect to an OpenVPN Server (Located on an IPCop) from my >>>> Ubuntu Box. I have Configured Netmanager with all necessary parameters >>>> Parameters following an IPCop Howto. But there happens nothing when i >>>> try to connect. There are not any Logmessages in /var/log/message, there >>>> is no error message, simply no reaction. I have installed >>>> Network-Manager and network-Manager-OpenVpn and the >>>> Network-Manager-Applet. What could that be? >>>> >>>> >>> You'll need to reboot after installing a new VPN plugin package. If you >>> do that, does anything different happen? >>> >>> Dan >>> >>> >> No this does not change anything. It is just like network-manager >> was'nt there. But i can see the process whith 'ps ax'. And i can start >> the VPN using the 'openvpn' command from the commandline. >> > > Have you configured the connection using nm-connection-editor in the VPN > tab? > > Dan > > Of course I have configured with nm-connection-editor . Reinhard ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN Problem
On Sat, 2010-01-30 at 10:00 +0100, rh wrote: > > Dan Williams schrieb: > > On Fri, 2010-01-29 at 15:12 +0100, rh wrote: > > > > > I try to connect to an OpenVPN Server (Located on an IPCop) from my > > > Ubuntu Box. I have Configured Netmanager with all necessary parameters > > > Parameters following an IPCop Howto. But there happens nothing when i > > > try to connect. There are not any Logmessages in /var/log/message, there > > > is no error message, simply no reaction. I have installed > > > Network-Manager and network-Manager-OpenVpn and the > > > Network-Manager-Applet. What could that be? > > > > > > > You'll need to reboot after installing a new VPN plugin package. If you > > do that, does anything different happen? > > > > Dan > > > No this does not change anything. It is just like network-manager > was'nt there. But i can see the process whith 'ps ax'. And i can start > the VPN using the 'openvpn' command from the commandline. Have you configured the connection using nm-connection-editor in the VPN tab? Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN Problem
Dan Williams schrieb: > On Fri, 2010-01-29 at 15:12 +0100, rh wrote: > >> I try to connect to an OpenVPN Server (Located on an IPCop) from my >> Ubuntu Box. I have Configured Netmanager with all necessary parameters >> Parameters following an IPCop Howto. But there happens nothing when i >> try to connect. There are not any Logmessages in /var/log/message, there >> is no error message, simply no reaction. I have installed >> Network-Manager and network-Manager-OpenVpn and the >> Network-Manager-Applet. What could that be? >> > > You'll need to reboot after installing a new VPN plugin package. If you > do that, does anything different happen? > > Dan > No this does not change anything. It is just like network-manager was'nt there. But i can see the process whith 'ps ax'. And i can start the VPN using the 'openvpn' command from the commandline. Greetings Reinhard ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN Problem
On Fri, 2010-01-29 at 15:12 +0100, rh wrote: > I try to connect to an OpenVPN Server (Located on an IPCop) from my > Ubuntu Box. I have Configured Netmanager with all necessary parameters > Parameters following an IPCop Howto. But there happens nothing when i > try to connect. There are not any Logmessages in /var/log/message, there > is no error message, simply no reaction. I have installed > Network-Manager and network-Manager-OpenVpn and the > Network-Manager-Applet. What could that be? You'll need to reboot after installing a new VPN plugin package. If you do that, does anything different happen? Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: OpenVPN Problem
Reinhard, On Fri, Jan 29, 2010 at 9:12 AM, rh wrote: > try to connect. There are not any Logmessages in /var/log/message, there > is no error message, simply no reaction. I have installed Are there any messages in /var/log/syslog? Or do you mean this is the file that you checked already? / Matt ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
OpenVPN Problem
I try to connect to an OpenVPN Server (Located on an IPCop) from my Ubuntu Box. I have Configured Netmanager with all necessary parameters Parameters following an IPCop Howto. But there happens nothing when i try to connect. There are not any Logmessages in /var/log/message, there is no error message, simply no reaction. I have installed Network-Manager and network-Manager-OpenVpn and the Network-Manager-Applet. What could that be? Thanks in advance Reinhard ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
[Patch] Enable pkcs12 auth for NetworkManager-openvpn
Hi All, I was working on https://bugzilla.gnome.org/show_bug.cgi?id=534219, which enables pkcs12 key for nm-openvpn. I have attached a patch to the bz, which seems to work for me. Hope this patch is committed soon. Thanks. Regards, Huzaifa Sidhpurwala. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: PATCH: passwordless TLS openvpn fails to connect with "no VPN secrets"
On Wed, 2010-01-20 at 21:26 -0300, Federico Heinz wrote: > On 20/01/2010, Dan Williams wrote: > > On Mon, 2009-12-21 at 02:10 -0300, Federico Heinz wrote: > > > The openVPN plugin for NetworkManager fails to connect to a passwordless > > > TLS > > > server, complaining of "no VPN secrets". This happened because the code > > > assumes that only static-key servers use no secrets, which isn't true. > > > Only > > > password and password+TLS require secrets. > > > https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/453807 > > We'd need a bit more than that unfortunately. First, openvpn assumes > > that the TLS private key will have a password protecting it, in which > > case the patch isn't required. > > Indeed, this is true: if the key is password-protected, the connection > succeeds. > > > Second, if we do want to allow unencrypted private keys (a security hole) > > The security hole is relative, and it depends on the details of how the key is > stored. A password does not provide much security beyond that of storing the > file in an ecryptfs-encrypted directory, for instance. > > In any case, if you do decide that you don't want to enable non-encrypted > keys, > then at least the program should fail with a more informative message. The > current "No secrets" message is hard to decypher for a normal user, something > along the lines of "Private key needs to be password-protected" would be much > more helpful. Better yet, the UI should not let the enter a plain text key in > the dialog, instead of allowing such a "misconfiguration" and then refusing to > use it. > > > then we'd need code to verify that the private key the user has picked is > > indeed unencrypted before letting the UI enable the OK button. Any chance > > you'd be willing to work on that patch? Most of the code to do that is > > lying > > around since nm-applet needs to do the same thing for 802.1x TLS. > > I might, but first I'd hate to do the work to have it later rejected because > the guardians of the project decided to do it differently (not accepting > plaintext keys at all, for instance). If there is a clear decision about what > the desired behaviour is, I'll look into it. Honestly I don't care. I'm fine with some code in the NM-openvpn UI to check the certificate file and determine if a private key password is required or not. I believe DER-format keys are always unencrypted (because they simply don't have the ability to specify the information necessary for decryption) but we can easily figure out of PEM format keys are encrypted or not by looking for the DEK-Info and Proc-Type tags in the OpenSSL header. We need remember to scan more than 10K or so of the file in case the private key is at the bottom of a bunch of certificates. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: PATCH: passwordless TLS openvpn fails to connect with "no VPN secrets"
On 20/01/2010, Dan Williams wrote: > On Mon, 2009-12-21 at 02:10 -0300, Federico Heinz wrote: > > The openVPN plugin for NetworkManager fails to connect to a passwordless TLS > > server, complaining of "no VPN secrets". This happened because the code > > assumes that only static-key servers use no secrets, which isn't true. Only > > password and password+TLS require secrets. > > https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/453807 > We'd need a bit more than that unfortunately. First, openvpn assumes > that the TLS private key will have a password protecting it, in which > case the patch isn't required. Indeed, this is true: if the key is password-protected, the connection succeeds. > Second, if we do want to allow unencrypted private keys (a security hole) The security hole is relative, and it depends on the details of how the key is stored. A password does not provide much security beyond that of storing the file in an ecryptfs-encrypted directory, for instance. In any case, if you do decide that you don't want to enable non-encrypted keys, then at least the program should fail with a more informative message. The current "No secrets" message is hard to decypher for a normal user, something along the lines of "Private key needs to be password-protected" would be much more helpful. Better yet, the UI should not let the enter a plain text key in the dialog, instead of allowing such a "misconfiguration" and then refusing to use it. > then we'd need code to verify that the private key the user has picked is > indeed unencrypted before letting the UI enable the OK button. Any chance > you'd be willing to work on that patch? Most of the code to do that is lying > around since nm-applet needs to do the same thing for 802.1x TLS. I might, but first I'd hate to do the work to have it later rejected because the guardians of the project decided to do it differently (not accepting plaintext keys at all, for instance). If there is a clear decision about what the desired behaviour is, I'll look into it. Fede ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
RE: openvpn parameters
On Tue, 2009-11-24 at 22:09 +, Joseph L. Casale wrote: > >NM doesn't store OpenVPN config files--it actually constructs a > >complete OpenVPN command line, with all the required options, every > >time it starts the daemon. > > Oh, that’s good to know... > > >You'll need to set your OpenVPN options via the NM GUI. I don't > >remember off the top of my head whether 'auth-user-pass' is actually > >supported or not, though. If it's supported, you'll find a check-box > >or control of some kind in the GUI settings. > > > >If that option isn't support by the NM OpenVPN plugin, you'll have to > >file a bug report, or write a patch. > > Yup, it's not there, I'll file a request... You need to choose the "Password" or "Password/TLS" options in the GUI or set the correct "connection type". auth-user-pass isn't in GConf as an explicit option, it's sent to openvpn or not sent based on the connection type (one of TLS, Password, Password/TLS, or Static). Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: PATCH: passwordless TLS openvpn fails to connect with "no VPN secrets"
On Mon, 2009-12-21 at 02:10 -0300, Federico Heinz wrote: > The openVPN plugin for NetworkManager fails to connect to a passwordless TLS > server, complaining of "no VPN secrets". This happened because the code > assumes > that only static-key servers use no secrets, which isn't true. Only password > and password+TLS require secrets. > > https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/453807 We'd need a bit more than that unfortunately. First, openvpn assumes that the TLS private key will have a password protecting it, in which case the patch isn't required. Second, if we do want to allow unencrypted private keys (a security hole) then we'd need code to verify that the private key the user has picked is indeed unencrypted before letting the UI enable the OK button. Any chance you'd be willing to work on that patch? Most of the code to do that is lying around since nm-applet needs to do the same thing for 802.1x TLS. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: openvpn pkcs12 support
On Wed, 2009-12-23 at 13:50 +0100, richard -rw- weinberger wrote: > hi, > > are there any plans to support pkcs12 certificates? > technically nm only has to push "--pkcs12" instead of "--key", > "--cert" and "--ca" to openvpn. Yes, I've asked somebody to look into this. I think there's a gnome bugzilla bug about it as well. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
openvpn pkcs12 support
hi, are there any plans to support pkcs12 certificates? technically nm only has to push "--pkcs12" instead of "--key", "--cert" and "--ca" to openvpn. thanks, //richard p.s: please cc me, i'm not subscribed. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
PATCH: passwordless TLS openvpn fails to connect with "no VPN secrets"
The openVPN plugin for NetworkManager fails to connect to a passwordless TLS server, complaining of "no VPN secrets". This happened because the code assumes that only static-key servers use no secrets, which isn't true. Only password and password+TLS require secrets. https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/453807 The attached patch makes the problem go away. Fede --- network-manager-openvpn/src/nm-openvpn-service.c 2009-12-21 01:54:27.0 -0300 +++ network-manager-openvpn-0.8~a~git.20091008t123607.7c184a9/src/nm-openvpn-service.c 2009-12-20 13:36:24.0 -0300 @@ -1000,8 +1000,9 @@ if (!nm_openvpn_properties_validate (s_vpn, error)) return FALSE; - /* Static Key doesn't need secrets; the rest do */ - if (strcmp (connection_type, NM_OPENVPN_CONTYPE_STATIC_KEY)) { + /* Only PASSWORD_* connection types need secrets */ + if ( !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) + || !strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS)) { if (!nm_openvpn_secrets_validate (s_vpn, error)) return FALSE; } ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: network-manager-openvpn
On Wed, 2009-12-16 at 14:33 -0500, Matt Wilks wrote: > > On Wed, 2009-12-16 at 12:43 PM, Dan Williams wrote: > >> On Tue, 2009-12-15 at 11:08 -0500, Matt Wilks wrote: > >> What prompted my initial query was the lack of support for, > >> and directives (supported in OpenVPN since 2.1-beta7, Nov > >> 2005). They allow you to specify the key files directly in the > >> configuration file, making it a self-contained configuration for a > >> connection using keys to authenticate. NetworkManager also seemed to > >> miss the fact that my config required both keys and a password; not > >> hard to manually set but it wasn't caught by the import. > > > > I do believe those have been in the NM openvpn configuration for a > > long time. What specific version of NM-openvpn are you using? I'm > > certainly using a CA certificate right now to write this mail. If you > > pick "Certificates (TLS)" or "Passwords with Certificates" from the > > dropdown you should be able to use the certificates and keys of your > > choice. This has been the case for at least a year and a half, since > > before NM 0.7.x was released. > > Keys are supported, but you have to specify them in the NetworkManager > config through a file browser dialog. The , etc directives I'm > talking about go in the config file and you include the actual text of > the key, something like: > > > -BEGIN CERTIFICATE- > asdlgkyladkhajf;lkawur;iolw789uafjdslkafjsd;fkj > dflkajsdlfkaylkxcjfasmjelasjruklasfdjflkasdjrlk > fasdlfka;wo347;afalk4nasdlfksaydlkaihf3a94rsldj > -END CERTIFICATE- > > > and so on with and . I have NM (and NM-openvpn) version 0.8 > on Ubuntu Karmic and it didn't work for me. Aha, yes that is not yet supported; it wouldn't be too hard to grab the data out of there and stuff it into its own file in ~/.pki or such; you don't really want to be storing certificate data in GConf or elsewhere. In the end, we need a certificate store like Windows or Mac OS X has, but for now we'll need to use files I guess. One caveat is to ensure that the user's private key is written out in encrypted form if it's not already encrypted in the config. Dan > > The whitelisting is for security. As a user, if you download a > > configuration file and want to use it, what's to say it doesn't include > > some options that make things less-secure or are malicious? Depending > > on the plugin you could send a config option for "run this script after > > connection" and since the VPN plugins currently run as root, that script > > gets run as root. The configuration data cannot /necessarily/ be > > trusted especially if it comes from the user session. At the same time, > > you don't want to /necessarily/ lock users out completely (that's the > > discretion of the sysadmin if there is one). > > Ah, this security concern settles it for me. The reason that other > clients can offer the config file management paradigm is that you must > have admin privileges to run the program in the first place. Not so > with NM. > > Thanks again for your time. Much appreciated. > ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: network-manager-openvpn
On Wed, 2009-12-16 at 12:43 PM, Dan Williams wrote: On Tue, 2009-12-15 at 11:08 -0500, Matt Wilks wrote: What prompted my initial query was the lack of support for, and directives (supported in OpenVPN since 2.1-beta7, Nov 2005). They allow you to specify the key files directly in the configuration file, making it a self-contained configuration for a connection using keys to authenticate. NetworkManager also seemed to miss the fact that my config required both keys and a password; not hard to manually set but it wasn't caught by the import. I do believe those have been in the NM openvpn configuration for a long time. What specific version of NM-openvpn are you using? I'm certainly using a CA certificate right now to write this mail. If you pick "Certificates (TLS)" or "Passwords with Certificates" from the dropdown you should be able to use the certificates and keys of your choice. This has been the case for at least a year and a half, since before NM 0.7.x was released. Keys are supported, but you have to specify them in the NetworkManager config through a file browser dialog. The , etc directives I'm talking about go in the config file and you include the actual text of the key, something like: -BEGIN CERTIFICATE- asdlgkyladkhajf;lkawur;iolw789uafjdslkafjsd;fkj dflkajsdlfkaylkxcjfasmjelasjruklasfdjflkasdjrlk fasdlfka;wo347;afalk4nasdlfksaydlkaihf3a94rsldj -END CERTIFICATE- and so on with and . I have NM (and NM-openvpn) version 0.8 on Ubuntu Karmic and it didn't work for me. The whitelisting is for security. As a user, if you download a configuration file and want to use it, what's to say it doesn't include some options that make things less-secure or are malicious? Depending on the plugin you could send a config option for "run this script after connection" and since the VPN plugins currently run as root, that script gets run as root. The configuration data cannot /necessarily/ be trusted especially if it comes from the user session. At the same time, you don't want to /necessarily/ lock users out completely (that's the discretion of the sysadmin if there is one). Ah, this security concern settles it for me. The reason that other clients can offer the config file management paradigm is that you must have admin privileges to run the program in the first place. Not so with NM. Thanks again for your time. Much appreciated. -- Matt Wilks Colossians 2:6-7 University of TorontoInformation Security, I+TS (416) 978-3328 m...@madhaus.cns.utoronto.ca 4 Bancroft Ave., Rm. 102 Toronto, ON M5S 1C1 ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: network-manager-openvpn
On Tue, 2009-12-15 at 11:08 -0500, Matt Wilks wrote: > On 09-12-14 06:09 PM, Dan Williams wrote: > > On Mon, 2009-12-14 at 09:24 -0500, Matt Wilks wrote: > >> This must have been discussed before on this list, but I'm curious the > >> reasoning behind making network-manager-openvpn have its own GUI for > >> configuration in the first place. Why not offer functionality similar > >> to the Windows/Mac clients that simply manage your connections via > >> configuration files? You'd get all the flexibility of OpenVPN with none > >> of the overhead of constantly having to write patches to support / > >> debate the inclusion of individual options. > > > > For a number of reasons; > > Thanks for your response Dan, I appreciate you taking the time to do so. > Allow me to make a few comments. > > > 1) not everyone wants to use configuration files, > > 2) not everyone is aware of (or cares about) the intricacies of > > configuration options, some cannot be used with others, some require > > others to be turned on, > > Granted. However, I would think that anyone who is attempting to > connect to a work/school VPN is more likely to have a configuration file > handed to them then a set of OpenVPN parameters. That is how we do it > with the VPN I am responsible for. Again, the config file can be imported into NM, so the process you have still works exactly the same way. > > 3) GUI interfaces are often more approachable and do not preclude > > advanced users from using config files anyway, and > > I think you are making an incorrect distinction here between advanced > and beginner users. Using a config file does not necessarily mean that > a user is advanced. In our case, we distribute a config file precisely > because so many of our users are not advanced and we don't want them > having to fiddle around with options on various clients. > > > 4) handling random config files is often problematic, > > I'm not sure I understand why. Using the model of OpenVPN-GUI or > Tunnelblick (Windows and Mac GUIs respectively) however, you would just > have NetworkManager monitor a directory for config files. Could be a > directory in the user's home (ala Tunnelblick) or a system directory > (ala OpenVPN-GUI). Even if the user were able to specify arbitrary > configuration file locations, how is this any more problematic then the > dialogs to specify the ca, key and user cert that currently exist in the > NetworkManager GUI? 1) The config file is stored separately from the rest of the configuration data like IP address, routing information, DNS, etc. If it's not available (user downloads it into ~/Downloads and then it gets deleted when FF quits) then it's no longer available 2) root daemons accessing files in users' directories is often not allowed by security software like SELinux or AppArmor, for good reason; it's really hard to contain a binary and limit the attack points when you have to allow the binary to read from all over the hard drive 3) it's a security risk on daemons that require a password in the config file when not using stdin (ex vpnc) 4) using a config file can create temporary files that require cleanup which doesn't always get done; if we do need to substitute certain values (like we do with dhclient) then we need to create a temporary config file that has to be cleaned up after the transaction is complete, which is more housekeeping and more trouble. > > 5) it wasnt' integrated into the consistent NetworkManager > > configuration system. > > I have to admit ignorance about the standards for configuring > NetworkManager, but I imagine that they say something about storing > configuration internally rather than referencing external files? http://live.gnome.org/NetworkManagerConfiguration The NM configuration system actually produces an abstraction over various distro and desktop-specific configuration systems so taht you can use your preferred configuration system. For example, GConf, KConfig, /etc/network/interfaces, keyfiles, ifcfg files, etc, all are transformed into a standard format that clients can read and handle. That allows you, from a client, to actually figure out what's going on in a standard way instead of having to code logic for each and every configuration system. NM doesn't store config /internally/, but the user-settings and system-settings services do use configuration systems like GConf or system config files that you might consider to store the config "internally", at least in a different format than the native config file for openvpn. That has some benefits; as the admin you can use tools, behaviors, processes, and knowledge that you already have for your distro&
Re: network-manager-openvpn
On 09-12-14 06:09 PM, Dan Williams wrote: On Mon, 2009-12-14 at 09:24 -0500, Matt Wilks wrote: This must have been discussed before on this list, but I'm curious the reasoning behind making network-manager-openvpn have its own GUI for configuration in the first place. Why not offer functionality similar to the Windows/Mac clients that simply manage your connections via configuration files? You'd get all the flexibility of OpenVPN with none of the overhead of constantly having to write patches to support / debate the inclusion of individual options. For a number of reasons; Thanks for your response Dan, I appreciate you taking the time to do so. Allow me to make a few comments. 1) not everyone wants to use configuration files, 2) not everyone is aware of (or cares about) the intricacies of configuration options, some cannot be used with others, some require others to be turned on, Granted. However, I would think that anyone who is attempting to connect to a work/school VPN is more likely to have a configuration file handed to them then a set of OpenVPN parameters. That is how we do it with the VPN I am responsible for. 3) GUI interfaces are often more approachable and do not preclude advanced users from using config files anyway, and I think you are making an incorrect distinction here between advanced and beginner users. Using a config file does not necessarily mean that a user is advanced. In our case, we distribute a config file precisely because so many of our users are not advanced and we don't want them having to fiddle around with options on various clients. 4) handling random config files is often problematic, I'm not sure I understand why. Using the model of OpenVPN-GUI or Tunnelblick (Windows and Mac GUIs respectively) however, you would just have NetworkManager monitor a directory for config files. Could be a directory in the user's home (ala Tunnelblick) or a system directory (ala OpenVPN-GUI). Even if the user were able to specify arbitrary configuration file locations, how is this any more problematic then the dialogs to specify the ca, key and user cert that currently exist in the NetworkManager GUI? 5) it wasnt' integrated into the consistent NetworkManager configuration system. I have to admit ignorance about the standards for configuring NetworkManager, but I imagine that they say something about storing configuration internally rather than referencing external files? Now that we have good import/export capability for openvpn, it's not actually that hard to use your own configs. If there's options that people use, we can also whitelist them and add them to import/export even if they aren't shown in the GUI. What prompted my initial query was the lack of support for , and directives (supported in OpenVPN since 2.1-beta7, Nov 2005). They allow you to specify the key files directly in the configuration file, making it a self-contained configuration for a connection using keys to authenticate. NetworkManager also seemed to miss the fact that my config required both keys and a password; not hard to manually set but it wasn't caught by the import. Just because there's a GUI doesn't preclude you from writing a config file and importing it of course. That's true, and apart from the missing config I mentioned above, I found it to be a relatively painless process. Kudos! However I don't see how this benefits the NetworkManager developers. Writing a plugin that used external config files would be a one-time job. As it stands now, each new option must be whitelisted and incorporated into the plugin. Again, thanks for taking the time to respond. Much appreciated. -- Matt Wilks Colossians 2:6-7 University of TorontoInformation Security, I+TS (416) 978-3328 m...@madhaus.cns.utoronto.ca 4 Bancroft Ave., Rm. 102 Toronto, ON M5S 1C1 ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: network-manager-openvpn
On Mon, 2009-12-14 at 09:24 -0500, Matt Wilks wrote: > >> Read slowly, im not talking about routes here, talking about all the > >> openvpn parameters that are not yet configurable/importable with the > >> current graphical interface. They could just be configured through or > >> imported into a single listbox as described above. > > > > But that's *horrible* UI and not something I'd like to condone. I'd > > rather add the options on an as-needed basis to ensure we don't just > > dump everything in, and find out that we overloaded the UI with 50 > > options that almost nobody uses. Which I suspect is true for at least > > half of openvpn's options, because they did absolutely no work in > > consolidating them and asking the people who requested the options > > what they were actually trying to accomplish to constrain the number > > of switches that openvpn supports. I'm interested in making it work > > for 90 - 95% of use-cases, but I don't think we should be designing > > for that last 5%, especially when it makes things nearly unusable for > > the other 90. > > This must have been discussed before on this list, but I'm curious the > reasoning behind making network-manager-openvpn have its own GUI for > configuration in the first place. Why not offer functionality similar > to the Windows/Mac clients that simply manage your connections via > configuration files? You'd get all the flexibility of OpenVPN with none > of the overhead of constantly having to write patches to support / > debate the inclusion of individual options. For a number of reasons; 1) not everyone wants to use configuration files, 2) not everyone is aware of (or cares about) the intricacies of configuration options, some cannot be used with others, some require others to be turned on, 3) GUI interfaces are often more approachable and do not preclude advanced users from using config files anyway, and 4) handling random config files is often problematic, and 5) it wasnt' integrated into the consistent NetworkManager configuration system. Now that we have good import/export capability for openvpn, it's not actually that hard to use your own configs. If there's options that people use, we can also whitelist them and add them to import/export even if they aren't shown in the GUI. Just because there's a GUI doesn't preclude you from writing a config file and importing it of course. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: network-manager-openvpn
Read slowly, im not talking about routes here, talking about all the openvpn parameters that are not yet configurable/importable with the current graphical interface. They could just be configured through or imported into a single listbox as described above. But that's *horrible* UI and not something I'd like to condone. I'd rather add the options on an as-needed basis to ensure we don't just dump everything in, and find out that we overloaded the UI with 50 options that almost nobody uses. Which I suspect is true for at least half of openvpn's options, because they did absolutely no work in consolidating them and asking the people who requested the options what they were actually trying to accomplish to constrain the number of switches that openvpn supports. I'm interested in making it work for 90 - 95% of use-cases, but I don't think we should be designing for that last 5%, especially when it makes things nearly unusable for the other 90. This must have been discussed before on this list, but I'm curious the reasoning behind making network-manager-openvpn have its own GUI for configuration in the first place. Why not offer functionality similar to the Windows/Mac clients that simply manage your connections via configuration files? You'd get all the flexibility of OpenVPN with none of the overhead of constantly having to write patches to support / debate the inclusion of individual options. Matt ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
RE: openvpn parameters
>NM doesn't store OpenVPN config files--it actually constructs a >complete OpenVPN command line, with all the required options, every >time it starts the daemon. Oh, that’s good to know... >You'll need to set your OpenVPN options via the NM GUI. I don't >remember off the top of my head whether 'auth-user-pass' is actually >supported or not, though. If it's supported, you'll find a check-box >or control of some kind in the GUI settings. > >If that option isn't support by the NM OpenVPN plugin, you'll have to >file a bug report, or write a patch. Yup, it's not there, I'll file a request... Thanks, jlc ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: openvpn parameters
Hi, Joseph: On Tue, Nov 24, 2009 at 14:23, Joseph L. Casale wrote: > I need to add an auth-user-pass directive to my configuration, where does nm > store the config files for OpenVPN connections? NM doesn't store OpenVPN config files--it actually constructs a complete OpenVPN command line, with all the required options, every time it starts the daemon. You'll need to set your OpenVPN options via the NM GUI. I don't remember off the top of my head whether 'auth-user-pass' is actually supported or not, though. If it's supported, you'll find a check-box or control of some kind in the GUI settings. If that option isn't support by the NM OpenVPN plugin, you'll have to file a bug report, or write a patch. -Ryan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
openvpn parameters
I need to add an auth-user-pass directive to my configuration, where does nm store the config files for OpenVPN connections? Thanks! jlc ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: nm-applet / vpnc / pptp / openvpn
On Wed, 2009-11-18 at 15:23 +0100, Geronimo Wheeler wrote: > Hi, > > I've succesfullly installed Networkmanager and nm-applet with all the > plugins under Gnome / Kde-4-3 using the instructions can be found at > gentoo-wiki. It is working perfectly for wired and wireless LAN but > not for any VPN (this part of the applet is grey > > I was searching the archive and googled this thing but I cannot find a > solution, so I decided to ask you :) > > I suppose this is some problem with the dbus registration of the > plugins, but I'm not sure The plugins don't actually need any dbus registration to be found by the applet. All they do is drop a ".name" file in /etc/NetworkManager/VPN so NM knows they are there. But you'll need to restart NetworkManager after installing a VPN plugin since it doesn't yet recognize new VPN plugins on-the-fly. Dan > This is my versions > > [I] sys-apps/dbus > Available versions: 1.2.3-r1 ~1.2.12 ~1.3.0 ~1.3.0-r1 {X debug > doc selinux test} > Installed versions: 1.2.3-r1(16.09.48 2009-11-17)(X -debug -doc > -selinux) > > [I] net-misc/networkmanager > Available versions: *0.6.5_p20070823 0.6.6 ~0.7.1-r3 0.7.1-r6 > ~0.7.1_p20090824 [M]**0.8.0_pre20090824 [M]**0.8.0_pre20091105 {avahi > bluetooth connection-sharing crypt debug dhclient dhcpcd doc gnome > gnutls nss resolvconf} > Installed versions: 0.7.1-r6(18.16.04 2009-10-19)(gnutls > resolvconf -avahi -connection-sharing -dhclient -dhcpcd -doc -nss) > Homepage: > http://www.gnome.org/projects/NetworkManager/ > Description: Network configuration and management in an > easy way. Desktop environment independent. > > [D] net-misc/networkmanager-openvpn > Available versions: ~0.3.2_p20070621 ~0.7.1-r1 {crypt debug doc > gnome} > Installed versions: 0.7.1-r1(16.02.50 2009-11-17)(-gnome) > Homepage: > http://www.gnome.org/projects/NetworkManager/ > Description: NetworkManager OpenVPN plugin. > > [D] net-misc/networkmanager-pptp > Available versions: ~0.1.0_p20070726 ~0.7.0 ~0.7.1 {crypt debug > doc gnome} > Installed versions: 0.7.1(16.03.03 2009-11-17)(-gnome) > Homepage: > http://www.gnome.org/projects/NetworkManager/ > Description: NetworkManager PPTP plugin. > > [D] net-misc/networkmanager-vpnc > Available versions: ~0.6.4_p20070621 ~0.7.0 ~0.7.1 {crypt debug > doc gnome} > Installed versions: 0.7.1(16.03.15 2009-11-17)(-gnome) > Homepage: > http://www.gnome.org/projects/NetworkManager/ > Description: NetworkManager VPNC plugin. > > Do you have any idea? > > Thank you > L: > > ___ > NetworkManager-list mailing list > NetworkManager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: nm-applet / vpnc / pptp / openvpn
I think all the required components installed [I] net-dialup/pptpclient Available versions: 1.7.1-r1!t 1.7.2-r1!t {tk} Installed versions: 1.7.2-r1!t(22.05.15 2009-10-12)(tk) Homepage:http://pptpclient.sourceforge.net/ Description: Linux client for PPTP I] net-misc/vpnc Available versions: 0.5.3 ~0.5.3_p449 {bindist hybrid-auth resolvconf} Installed versions: 0.5.3(01.26.42 2009-10-10)(hybrid-auth resolvconf -bindist) Homepage:http://www.unix-ag.uni-kl.de/~massar/vpnc/ Description: Free client for Cisco VPN routing software My "distro" is Gentoo Thanks L: 2009/11/18 Trey Nolen > It looks like you have the applets, but do you have the underlying > programs that provide those features? > > For instance, for the nm-pptp applet to work, you need pptp to be > installed. In Debian and Ubuntu that packages is called pptp-linux. You > didn't mention your distro, but I'm assuming it is not one of those two > since they would have automatically installed the prerequisites. > > Similarly, there is a package called vpnc that is needed to make the > nm-vpnc work and openvpn has to be installed for Network Manager to be able > to control openvpn connections. > > Trey Nolen > > > > Geronimo Wheeler wrote: > > Hi, > > I've succesfullly installed Networkmanager and nm-applet with all the > plugins under Gnome / Kde-4-3 using the instructions can be found at > gentoo-wiki. It is working perfectly for wired and wireless LAN but not for > any VPN (this part of the applet is grey > > I was searching the archive and googled this thing but I cannot find a > solution, so I decided to ask you :) > > I suppose this is some problem with the dbus registration of the plugins, > but I'm not sure > > This is my versions > > [I] sys-apps/dbus > Available versions: 1.2.3-r1 ~1.2.12 ~1.3.0 ~1.3.0-r1 {X debug doc > selinux test} > Installed versions: 1.2.3-r1(16.09.48 2009-11-17)(X -debug -doc > -selinux) > > [I] net-misc/networkmanager > Available versions: *0.6.5_p20070823 0.6.6 ~0.7.1-r3 0.7.1-r6 > ~0.7.1_p20090824 [M]**0.8.0_pre20090824 [M]**0.8.0_pre20091105 {avahi > bluetooth connection-sharing crypt debug dhclient dhcpcd doc gnome gnutls > nss resolvconf} > Installed versions: 0.7.1-r6(18.16.04 2009-10-19)(gnutls resolvconf > -avahi -connection-sharing -dhclient -dhcpcd -doc -nss) > Homepage:http://www.gnome.org/projects/NetworkManager/ > Description: Network configuration and management in an easy > way. Desktop environment independent. > > [D] net-misc/networkmanager-openvpn > Available versions: ~0.3.2_p20070621 ~0.7.1-r1 {crypt debug doc > gnome} > Installed versions: 0.7.1-r1(16.02.50 2009-11-17)(-gnome) > Homepage:http://www.gnome.org/projects/NetworkManager/ > Description: NetworkManager OpenVPN plugin. > > [D] net-misc/networkmanager-pptp > Available versions: ~0.1.0_p20070726 ~0.7.0 ~0.7.1 {crypt debug doc > gnome} > Installed versions: 0.7.1(16.03.03 2009-11-17)(-gnome) > Homepage:http://www.gnome.org/projects/NetworkManager/ > Description: NetworkManager PPTP plugin. > > [D] net-misc/networkmanager-vpnc > Available versions: ~0.6.4_p20070621 ~0.7.0 ~0.7.1 {crypt debug doc > gnome} > Installed versions: 0.7.1(16.03.15 2009-11-17)(-gnome) > Homepage:http://www.gnome.org/projects/NetworkManager/ > Description: NetworkManager VPNC plugin. > > Do you have any idea? > > Thank you > L: > > -- > > ___ > NetworkManager-list mailing > listnetworkmanager-l...@gnome.orghttp://mail.gnome.org/mailman/listinfo/networkmanager-list > > ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
nm-applet / vpnc / pptp / openvpn
Hi, I've succesfullly installed Networkmanager and nm-applet with all the plugins under Gnome / Kde-4-3 using the instructions can be found at gentoo-wiki. It is working perfectly for wired and wireless LAN but not for any VPN (this part of the applet is grey I was searching the archive and googled this thing but I cannot find a solution, so I decided to ask you :) I suppose this is some problem with the dbus registration of the plugins, but I'm not sure This is my versions [I] sys-apps/dbus Available versions: 1.2.3-r1 ~1.2.12 ~1.3.0 ~1.3.0-r1 {X debug doc selinux test} Installed versions: 1.2.3-r1(16.09.48 2009-11-17)(X -debug -doc -selinux) [I] net-misc/networkmanager Available versions: *0.6.5_p20070823 0.6.6 ~0.7.1-r3 0.7.1-r6 ~0.7.1_p20090824 [M]**0.8.0_pre20090824 [M]**0.8.0_pre20091105 {avahi bluetooth connection-sharing crypt debug dhclient dhcpcd doc gnome gnutls nss resolvconf} Installed versions: 0.7.1-r6(18.16.04 2009-10-19)(gnutls resolvconf -avahi -connection-sharing -dhclient -dhcpcd -doc -nss) Homepage:http://www.gnome.org/projects/NetworkManager/ Description: Network configuration and management in an easy way. Desktop environment independent. [D] net-misc/networkmanager-openvpn Available versions: ~0.3.2_p20070621 ~0.7.1-r1 {crypt debug doc gnome} Installed versions: 0.7.1-r1(16.02.50 2009-11-17)(-gnome) Homepage:http://www.gnome.org/projects/NetworkManager/ Description: NetworkManager OpenVPN plugin. [D] net-misc/networkmanager-pptp Available versions: ~0.1.0_p20070726 ~0.7.0 ~0.7.1 {crypt debug doc gnome} Installed versions: 0.7.1(16.03.03 2009-11-17)(-gnome) Homepage:http://www.gnome.org/projects/NetworkManager/ Description: NetworkManager PPTP plugin. [D] net-misc/networkmanager-vpnc Available versions: ~0.6.4_p20070621 ~0.7.0 ~0.7.1 {crypt debug doc gnome} Installed versions: 0.7.1(16.03.15 2009-11-17)(-gnome) Homepage:http://www.gnome.org/projects/NetworkManager/ Description: NetworkManager VPNC plugin. Do you have any idea? Thank you L: ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list