Re: complex openvpn - can nm just launch?
On Wed, Apr 14, 2010 at 02:15:31PM -0700, Dan Williams wrote:
On Fri, 2010-04-09 at 09:43 +0200, Robert Vogelgesang wrote:
Dan,
On Thu, Apr 08, 2010 at 05:15:54PM -0700, Dan Williams wrote:
On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote:
On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote:
On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote:
I have an openvpn config file that works fine with openvpn. (ubuntu
lucid beta) As far as I can tell there is no way to create a like
config in the nm openvpn editor. I can make one somewhat similar and
export, but it doesn't look enough like mine to work.
Which options?
Hi Dan
this is my (short) list of missing options/features
- support for external dhcp on the server side, normally I configure
openvpn server to push only data that I can't provide via dhcp server.
So
ip/mask/dns is taken from dhcp and additional route from openvpn
This configuration works perfectly for windows machine, on certain
customer I have a dedicated openvpn only for me because I can't use
normal openvpn configuration :-(
Yeah, we need support for this internally. Right now we pretty much
assume a tunnel approach, not TAP. It's not that hard to fix that I
guess; but in general the real fix for this would be helped by some of
the activation changes that I'd like to do to fix the PPPoE issues that
people currently have.
I'd like to see this feature, too. Could you please elaborate on what
has to be done to support this?
Sorry, I forgot to mention that I'd like to use this in a Fedora 12
environment. Therefore I'd prefer to start with the source RPMs
for the current Fedora 12 update packages; or is there anything
that requires an update to the current GIT branches?
In case I should use the GIT versions: The relevant GIT branches
for Fedora 12 would be the master branches of NetworkManager and
network-manager-openvpn, correct?
1) add an method item to NetworkManagerVPN.h:
/* string: IP4 configuration method */
#define NM_VPN_PLUGIN_IP4_CONFIG_METHOD method
/* Values for NM_VPN_PLUGIN_IP4_CONFIG_METHOD */
#define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_DHCP dhcp
#define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_STATIC static
Hmm, should static mean parameters provided by static configuration
on the client side, or parameters provided by the peer via VPN
protocol data, or both?
if the plugin doesn't send 'method' in the config dict, or the item is a
zero-length string, 'static' is assumed.
2) In the openvpn plugin, if we're supposed to use DHCP (is tap always
used with DHCP, or are there cases where it's not?) then we add the
NM_VPN_PLUGIN_IP4_CONFIG_METHOD item to the returned IP4 config struct
with the value dhcp.
Openvpn has the server-bridge directive, which defines a pool of
IP addresses that the openvpn server assigns to its clients on tap
devices; so tap does not always mean DHCP. I'll look and see how we
could / should handle this.
Robert
3) Then we need to modify nm_vpn_connection_ip4_config_get() and split
it into two functions, one for DHCP and one for static. Take the stuff
at the bottom of that function (everything below print_vpn_config()) and
put that into a separate function that gets called by both the static
and dhcp processing bits. So you'll have something like:
nm_vpn_connection_ip4_config_get()
{
const char *method = static;
/* remove the timeout since the plugin replied */
g_source_remove (priv-ipconfig_timeout);
priv-ipconfig_timeout = 0;
val = g_hash_table_lookup (config_hash, NM_VPN_PLUGIN_IP4_CONFIG_METHOD);
if (val G_VALUE_HOLDS_STRING (val))
method = g_value_get_string (val);
if (!method || !strcmp (method, NM_VPN_PLUGIN_IP4_CONFIG_METHOD_STATIC)) {
if (handle_static_ip4_config (connection, config_hash))
return;
} else if (method !strcmp (method,
NM_VPN_PLUGIN_IP4_CONFIG_METHOD_DHCP)) {
if (handle_dhcp_ip4_config (connection, config_hash))
return;
} else
nm_log_err (LOGD_VPN, unknown vpn IP4 method '%s', method);
/* same error stuff as at the bottom of the function now */
}
For the DHCP4 bits, we'll want to build up the NMIP4Config object as
much as possible and cache that in priv-ip4_config while DHCP is
completing. We'll need to add a few things to teh NMVPNConnection
object's private data, like:
NMDHCPManager * dhcp_manager;
NMDHCPClient * dhcp4_client;
gulong dhcp4_state_sigid;
gulong dhcp4_timeout_sigid;
(see nm-device.c for DHCP stuff).
When the NMVPNConnection is initialized, lets grab a reference to the
DHCP manager in nm_vpn_connection_init():
priv-dhcp_manager = nm_dhcp_manager_get ();
and then in handle_dhcp_ip4_config() we'll do something like:
static gboolean
handle_dhcp_ip4_config
Re: complex openvpn - can nm just launch?
On Thu, 2010-04-15 at 11:13 +0200, Robert Vogelgesang wrote:
On Wed, Apr 14, 2010 at 02:15:31PM -0700, Dan Williams wrote:
On Fri, 2010-04-09 at 09:43 +0200, Robert Vogelgesang wrote:
Dan,
On Thu, Apr 08, 2010 at 05:15:54PM -0700, Dan Williams wrote:
On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote:
On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote:
On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote:
I have an openvpn config file that works fine with openvpn.
(ubuntu
lucid beta) As far as I can tell there is no way to create a like
config in the nm openvpn editor. I can make one somewhat similar
and
export, but it doesn't look enough like mine to work.
Which options?
Hi Dan
this is my (short) list of missing options/features
- support for external dhcp on the server side, normally I configure
openvpn server to push only data that I can't provide via dhcp
server. So
ip/mask/dns is taken from dhcp and additional route from openvpn
This configuration works perfectly for windows machine, on certain
customer I have a dedicated openvpn only for me because I can't use
normal openvpn configuration :-(
Yeah, we need support for this internally. Right now we pretty much
assume a tunnel approach, not TAP. It's not that hard to fix that I
guess; but in general the real fix for this would be helped by some of
the activation changes that I'd like to do to fix the PPPoE issues that
people currently have.
I'd like to see this feature, too. Could you please elaborate on what
has to be done to support this?
Sorry, I forgot to mention that I'd like to use this in a Fedora 12
environment. Therefore I'd prefer to start with the source RPMs
for the current Fedora 12 update packages; or is there anything
that requires an update to the current GIT branches?
I actually have f12-updates-testing based on current git, since F12's
versions were so old (2009/09). So you might as well start with
those :) F12 periodically gets updated to very recent snapshots anyway.
In case I should use the GIT versions: The relevant GIT branches
for Fedora 12 would be the master branches of NetworkManager and
network-manager-openvpn, correct?
This is the very recent build for updates-testing:
https://admin.fedoraproject.org/updates/NetworkManager-0.8.0-6.git20100408.fc12,ModemManager-0.3-9.git20100409.fc12
So if you like you could base your work off that, or use git master.
1) add an method item to NetworkManagerVPN.h:
/* string: IP4 configuration method */
#define NM_VPN_PLUGIN_IP4_CONFIG_METHOD method
/* Values for NM_VPN_PLUGIN_IP4_CONFIG_METHOD */
#define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_DHCP dhcp
#define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_STATIC static
Hmm, should static mean parameters provided by static configuration
on the client side, or parameters provided by the peer via VPN
protocol data, or both?
Since these key/value pairs only come from teh VPN plugin, they always
mean parameters provided by the peer via VPN protocol data. The user
overrides are figured in later (the merge_ip4_config function in
nm_vpn_connection_ip4_config_get() handles this).
if the plugin doesn't send 'method' in the config dict, or the item is a
zero-length string, 'static' is assumed.
2) In the openvpn plugin, if we're supposed to use DHCP (is tap always
used with DHCP, or are there cases where it's not?) then we add the
NM_VPN_PLUGIN_IP4_CONFIG_METHOD item to the returned IP4 config struct
with the value dhcp.
Openvpn has the server-bridge directive, which defines a pool of
IP addresses that the openvpn server assigns to its clients on tap
devices; so tap does not always mean DHCP. I'll look and see how we
could / should handle this.
Ok; basically if there's a way we can figure out whether or not we need
DHCP automatically from the openvpn plugin, that's great. If not (yay
again for openvpn and automatic configuration, NOT) then we'll need to
add some UI option for this.
Dan
Robert
3) Then we need to modify nm_vpn_connection_ip4_config_get() and split
it into two functions, one for DHCP and one for static. Take the stuff
at the bottom of that function (everything below print_vpn_config()) and
put that into a separate function that gets called by both the static
and dhcp processing bits. So you'll have something like:
nm_vpn_connection_ip4_config_get()
{
const char *method = static;
/* remove the timeout since the plugin replied */
g_source_remove (priv-ipconfig_timeout);
priv-ipconfig_timeout = 0;
val = g_hash_table_lookup (config_hash, NM_VPN_PLUGIN_IP4_CONFIG_METHOD);
if (val G_VALUE_HOLDS_STRING (val))
method = g_value_get_string (val);
if (!method || !strcmp (method,
Re: complex openvpn - can nm just launch?
On Fri, 2010-04-09 at 09:43 +0200, Robert Vogelgesang wrote:
Dan,
On Thu, Apr 08, 2010 at 05:15:54PM -0700, Dan Williams wrote:
On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote:
On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote:
On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote:
I have an openvpn config file that works fine with openvpn. (ubuntu
lucid beta) As far as I can tell there is no way to create a like
config in the nm openvpn editor. I can make one somewhat similar and
export, but it doesn't look enough like mine to work.
Which options?
Hi Dan
this is my (short) list of missing options/features
- support for external dhcp on the server side, normally I configure
openvpn server to push only data that I can't provide via dhcp server. So
ip/mask/dns is taken from dhcp and additional route from openvpn
This configuration works perfectly for windows machine, on certain
customer I have a dedicated openvpn only for me because I can't use
normal openvpn configuration :-(
Yeah, we need support for this internally. Right now we pretty much
assume a tunnel approach, not TAP. It's not that hard to fix that I
guess; but in general the real fix for this would be helped by some of
the activation changes that I'd like to do to fix the PPPoE issues that
people currently have.
I'd like to see this feature, too. Could you please elaborate on what
has to be done to support this?
1) add an method item to NetworkManagerVPN.h:
/* string: IP4 configuration method */
#define NM_VPN_PLUGIN_IP4_CONFIG_METHOD method
/* Values for NM_VPN_PLUGIN_IP4_CONFIG_METHOD */
#define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_DHCP dhcp
#define NM_VPN_PLUGIN_IP4_CONFIG_METHOD_STATIC static
if the plugin doesn't send 'method' in the config dict, or the item is a
zero-length string, 'static' is assumed.
2) In the openvpn plugin, if we're supposed to use DHCP (is tap always
used with DHCP, or are there cases where it's not?) then we add the
NM_VPN_PLUGIN_IP4_CONFIG_METHOD item to the returned IP4 config struct
with the value dhcp.
3) Then we need to modify nm_vpn_connection_ip4_config_get() and split
it into two functions, one for DHCP and one for static. Take the stuff
at the bottom of that function (everything below print_vpn_config()) and
put that into a separate function that gets called by both the static
and dhcp processing bits. So you'll have something like:
nm_vpn_connection_ip4_config_get()
{
const char *method = static;
/* remove the timeout since the plugin replied */
g_source_remove (priv-ipconfig_timeout);
priv-ipconfig_timeout = 0;
val = g_hash_table_lookup (config_hash, NM_VPN_PLUGIN_IP4_CONFIG_METHOD);
if (val G_VALUE_HOLDS_STRING (val))
method = g_value_get_string (val);
if (!method || !strcmp (method, NM_VPN_PLUGIN_IP4_CONFIG_METHOD_STATIC)) {
if (handle_static_ip4_config (connection, config_hash))
return;
} else if (method !strcmp (method, NM_VPN_PLUGIN_IP4_CONFIG_METHOD_DHCP))
{
if (handle_dhcp_ip4_config (connection, config_hash))
return;
} else
nm_log_err (LOGD_VPN, unknown vpn IP4 method '%s', method);
/* same error stuff as at the bottom of the function now */
}
For the DHCP4 bits, we'll want to build up the NMIP4Config object as
much as possible and cache that in priv-ip4_config while DHCP is
completing. We'll need to add a few things to teh NMVPNConnection
object's private data, like:
NMDHCPManager * dhcp_manager;
NMDHCPClient * dhcp4_client;
gulong dhcp4_state_sigid;
gulong dhcp4_timeout_sigid;
(see nm-device.c for DHCP stuff).
When the NMVPNConnection is initialized, lets grab a reference to the
DHCP manager in nm_vpn_connection_init():
priv-dhcp_manager = nm_dhcp_manager_get ();
and then in handle_dhcp_ip4_config() we'll do something like:
static gboolean
handle_dhcp_ip4_config (NMVPNConnection *vpn, GHashTable *config)
{
NMVPNConnectionPrivate *priv = NM_VPN_CONNECTION_GET_PRIVATE (vpn);
NMSettingConnection *s_con;
NMSettingIP4Config *s_ip4;
const char *uuid;
get as much stuff from the 'config' as possible and stuff that
into priv-ip4_config, see nm_vpn_connection_ip4_config_get() for
how to do this
s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (priv-connection,
NM_TYPE_SETTING_CONNECTION));
s_ip4 = NM_SETTING_IP4_CONFIG (nm_connection_get_setting (priv-connection,
NM_TYPE_SETTING_IP4_CONFIG));
priv-dhcp4_client = nm_dhcp_manager_start_ip4 (priv-dhcp_manager,
tap interface name from
plugin 'config' hash table,
nm_setting_connection_get_uuid (s_con),
s_ip4,
dhcp timeout in seconds,
Re: complex openvpn - can nm just launch?
On Thu, 2010-04-08 at 17:15 -0700, Dan Williams wrote: On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote: On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Hi Dan this is my (short) list of missing options/features - support for external dhcp on the server side, normally I configure openvpn server to push only data that I can't provide via dhcp server. So ip/mask/dns is taken from dhcp and additional route from openvpn This configuration works perfectly for windows machine, on certain customer I have a dedicated openvpn only for me because I can't use normal openvpn configuration :-( Yeah, we need support for this internally. Right now we pretty much assume a tunnel approach, not TAP. It's not that hard to fix that I guess; but in general the real fix for this would be helped by some of the activation changes that I'd like to do to fix the PPPoE issues that people currently have. - support for multiple remote server Yeah; the trick there is going to be pulling out the IP of the current server and using that to update the routing table, since we have to add a host route to the VPN server over the underlying hardware interface. Maybe that already works just fine for multi-server case, not sure. I was talking about one openvpn server with multiple ip, with openvpn you can use remote several times or even better support for connection, but also multiple vpn concurrently is an interesting case Dan Dan I've tried importing/exporting a tweaking, but the wizard thing just isn't flexible enough. (the xml-ization aka 'registry-ization' of just standard config files seems to bite me in various aspects of computing) I'd like to launch openvpn with my config file from nm. Is there a way? Short of that is there a way to make dbus or whatever think of I have network without launching from nm? Thanks! -Scott ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list -- Cordiali Saluti Alessandro Bono ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
Dan, On Thu, Apr 08, 2010 at 05:15:54PM -0700, Dan Williams wrote: On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote: On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Hi Dan this is my (short) list of missing options/features - support for external dhcp on the server side, normally I configure openvpn server to push only data that I can't provide via dhcp server. So ip/mask/dns is taken from dhcp and additional route from openvpn This configuration works perfectly for windows machine, on certain customer I have a dedicated openvpn only for me because I can't use normal openvpn configuration :-( Yeah, we need support for this internally. Right now we pretty much assume a tunnel approach, not TAP. It's not that hard to fix that I guess; but in general the real fix for this would be helped by some of the activation changes that I'd like to do to fix the PPPoE issues that people currently have. I'd like to see this feature, too. Could you please elaborate on what has to be done to support this? If it's not too much work, I'd give it a try over the next few weekends (I'd like to use this feature mid-May ;-)). Robert - support for multiple remote server Yeah; the trick there is going to be pulling out the IP of the current server and using that to update the routing table, since we have to add a host route to the VPN server over the underlying hardware interface. Maybe that already works just fine for multi-server case, not sure. Dan Dan I've tried importing/exporting a tweaking, but the wizard thing just isn't flexible enough. (the xml-ization aka 'registry-ization' of just standard config files seems to bite me in various aspects of computing) I'd like to launch openvpn with my config file from nm. Is there a way? Short of that is there a way to make dbus or whatever think of I have network without launching from nm? Thanks! -Scott ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Tue, 2010-04-06 at 22:01 +, Alessandro Bono wrote: On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Hi Dan this is my (short) list of missing options/features - support for external dhcp on the server side, normally I configure openvpn server to push only data that I can't provide via dhcp server. So ip/mask/dns is taken from dhcp and additional route from openvpn This configuration works perfectly for windows machine, on certain customer I have a dedicated openvpn only for me because I can't use normal openvpn configuration :-( Yeah, we need support for this internally. Right now we pretty much assume a tunnel approach, not TAP. It's not that hard to fix that I guess; but in general the real fix for this would be helped by some of the activation changes that I'd like to do to fix the PPPoE issues that people currently have. - support for multiple remote server Yeah; the trick there is going to be pulling out the IP of the current server and using that to update the routing table, since we have to add a host route to the VPN server over the underlying hardware interface. Maybe that already works just fine for multi-server case, not sure. Dan Dan I've tried importing/exporting a tweaking, but the wizard thing just isn't flexible enough. (the xml-ization aka 'registry-ization' of just standard config files seems to bite me in various aspects of computing) I'd like to launch openvpn with my config file from nm. Is there a way? Short of that is there a way to make dbus or whatever think of I have network without launching from nm? Thanks! -Scott ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
complex openvpn - can nm just launch?
I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. I've tried importing/exporting a tweaking, but the wizard thing just isn't flexible enough. (the xml-ization aka 'registry-ization' of just standard config files seems to bite me in various aspects of computing) I'd like to launch openvpn with my config file from nm. Is there a way? Short of that is there a way to make dbus or whatever think of I have network without launching from nm? Thanks! -Scott ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Dan I've tried importing/exporting a tweaking, but the wizard thing just isn't flexible enough. (the xml-ization aka 'registry-ization' of just standard config files seems to bite me in various aspects of computing) I'd like to launch openvpn with my config file from nm. Is there a way? Short of that is there a way to make dbus or whatever think of I have network without launching from nm? Thanks! -Scott ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On 04/06/2010 10:25 AM, Dan Williams wrote: On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Dan I suspect there will always be a new option to chase. Here is mine: dev tun remote 127.0.0.1 41927 tcp-client proto tcp-client ifconfig 192.168.56.2 192.168.56.1 route 0.0.0.0 128.0.0.0 route 128.0.0.0 128.0.0.0 socket-flags TCP_NODELAY ping 10 dhcp-option DNS 192.168.56.1 There is no encryption, data is sent in cleartext. This is appropriate for use with Azilink on Android phones. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Tue, 2010-04-06 at 11:28 -0600, Scott Serr wrote: On 04/06/2010 10:25 AM, Dan Williams wrote: On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Dan I suspect there will always be a new option to chase. Probably, but at some point we reach the set of options that 95% of people use. There are seriously so many options with openvpn that it's not funny, and the program is completely incapable of auto-negotiating them, which is also not funny. It's downright sad. Here is mine: dev tun remote 127.0.0.1 41927 tcp-client proto tcp-client ifconfig 192.168.56.2 192.168.56.1 route 0.0.0.0 128.0.0.0 route 128.0.0.0 128.0.0.0 socket-flags TCP_NODELAY ping 10 dhcp-option DNS 192.168.56.1 There is no encryption, data is sent in cleartext. This is appropriate for use with Azilink on Android phones. The only thing I can see that's not yet supported is the no encryption part, which (not to be pedantic) isn't really a VPN. But I suppose that's something we can add. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On 04/06/2010 12:10 PM, Dan Williams wrote: On Tue, 2010-04-06 at 11:28 -0600, Scott Serr wrote: On 04/06/2010 10:25 AM, Dan Williams wrote: On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Dan I suspect there will always be a new option to chase. Probably, but at some point we reach the set of options that 95% of people use. There are seriously so many options with openvpn that it's not funny, and the program is completely incapable of auto-negotiating them, which is also not funny. It's downright sad. Here is mine: dev tun remote 127.0.0.1 41927 tcp-client proto tcp-client ifconfig 192.168.56.2 192.168.56.1 route 0.0.0.0 128.0.0.0 route 128.0.0.0 128.0.0.0 socket-flags TCP_NODELAY ping 10 dhcp-option DNS 192.168.56.1 There is no encryption, data is sent in cleartext. This is appropriate for use with Azilink on Android phones. The only thing I can see that's not yet supported is the no encryption part, which (not to be pedantic) isn't really a VPN. But I suppose that's something we can add. Dan Thanks for the info Dan. On Ubuntu Lucid Beta, there are some issues saving other options. I was going to attempt to hack up the xml and take out the key/user/pass. Do you think this would work? I wonder how easy it would be to have an ad-hoc sort of connection in nm. Where nm would not care about much other that running a start and stop script and telling dbus networking is up. For Azilink users: If you wish to use dbus-aware apps like Empathy, I've been successful now with /etc/init.d/network-manager stop. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Tue, 2010-04-06 at 14:31 -0600, Scott Serr wrote: On 04/06/2010 12:10 PM, Dan Williams wrote: On Tue, 2010-04-06 at 11:28 -0600, Scott Serr wrote: On 04/06/2010 10:25 AM, Dan Williams wrote: On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Dan I suspect there will always be a new option to chase. Probably, but at some point we reach the set of options that 95% of people use. There are seriously so many options with openvpn that it's not funny, and the program is completely incapable of auto-negotiating them, which is also not funny. It's downright sad. Here is mine: dev tun remote 127.0.0.1 41927 tcp-client proto tcp-client ifconfig 192.168.56.2 192.168.56.1 route 0.0.0.0 128.0.0.0 route 128.0.0.0 128.0.0.0 socket-flags TCP_NODELAY ping 10 dhcp-option DNS 192.168.56.1 There is no encryption, data is sent in cleartext. This is appropriate for use with Azilink on Android phones. The only thing I can see that's not yet supported is the no encryption part, which (not to be pedantic) isn't really a VPN. But I suppose that's something we can add. Dan Thanks for the info Dan. On Ubuntu Lucid Beta, there are some issues saving other options. I was going to attempt to hack up the xml and take out the key/user/pass. Do you think this would work? The routes and the DNS option would go into the IPv4 tab, which may not actually get imported by the current import code. This is basically like a static key connection, except without the key. I wonder how easy it would be to have an ad-hoc sort of connection in nm. Where nm would not care about much other that running a start and stop script and telling dbus networking is up. That doesn't really work automatically, for the most part, and it's also a security issue since openvpn runs as 'root' and you're basically giving it unfiltered commands which will also get run as root. In the end, it's not that hard to support additional options, but we need people willing to write the patches. I can't do everything at once of course, and while others (Huzaifa for example) have been very good about picking issues out of bugzilla and fixing them, this isn't one that's been reported before and thus we haven't looked at it yet... Random question though, what exactly is Azilink and what are you using it for? Dan For Azilink users: If you wish to use dbus-aware apps like Empathy, I've been successful now with /etc/init.d/network-manager stop. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: complex openvpn - can nm just launch?
On Tue, 06 Apr 2010 09:25:44 -0700, Dan Williams wrote: On Tue, 2010-04-06 at 10:05 -0600, Scott Serr wrote: I have an openvpn config file that works fine with openvpn. (ubuntu lucid beta) As far as I can tell there is no way to create a like config in the nm openvpn editor. I can make one somewhat similar and export, but it doesn't look enough like mine to work. Which options? Hi Dan this is my (short) list of missing options/features - support for external dhcp on the server side, normally I configure openvpn server to push only data that I can't provide via dhcp server. So ip/mask/dns is taken from dhcp and additional route from openvpn This configuration works perfectly for windows machine, on certain customer I have a dedicated openvpn only for me because I can't use normal openvpn configuration :-( - support for multiple remote server Dan I've tried importing/exporting a tweaking, but the wizard thing just isn't flexible enough. (the xml-ization aka 'registry-ization' of just standard config files seems to bite me in various aspects of computing) I'd like to launch openvpn with my config file from nm. Is there a way? Short of that is there a way to make dbus or whatever think of I have network without launching from nm? Thanks! -Scott ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list -- Cordiali saluti Alessandro Bono ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
