[Bug 332691] New: knetworkmanager: more options for openvpn connections ( route)
https://bugzilla.novell.com/show_bug.cgi?id=332691 Summary: knetworkmanager: more options for openvpn connections (route) Product: openSUSE 10.3 Version: Final Platform: i586 OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: bluedzins@wp.pl QAContact: qa@suse.de Found By: --- I cannot make one openvpn connection working. I suspect it is problem with route entries in my original script in openvpn. I don't see any such option in KNM. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 Cyril Hrubis <chrubis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |hschaa@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 Helmut Schaa <hschaa@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691#c1 Helmut Schaa <hschaa@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |bluedzins@wp.pl --- Comment #1 from Helmut Schaa <hschaa@novell.com> 2007-10-11 02:35:37 MST --- Some more details? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691#c2 Maciej Pilichowski <bluedzins@wp.pl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|bluedzins@wp.pl | --- Comment #2 from Maciej Pilichowski <bluedzins@wp.pl> 2007-10-11 08:05:35 MST --- If you run openvpn manually you can provide more options. So it would be great that KNM could provide some place to enter them. Without it, one of my openvpn connection is not possible. I could attach piece of config for it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691#c3 Helmut Schaa <hschaa@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |bluedzins@wp.pl --- Comment #3 from Helmut Schaa <hschaa@novell.com> 2007-10-19 04:59:25 MST --- Yes, please provide the config ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691#c4 Maciej Pilichowski <bluedzins@wp.pl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|bluedzins@wp.pl | --- Comment #4 from Maciej Pilichowski <bluedzins@wp.pl> 2007-10-19 07:33:05 MST --- Helmut, full config file: dev tun client remote vpn-gw.mat.uni.torun.pl 5100 nobind route remote_host 255.255.255.255 net_gateway route 158.75.2.0 255.255.255.0 route 158.75.12.0 255.255.255.0 route 192.168.128.0 255.255.255.0 ca cacert.pem cert cert.pem key key.pem verb 1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691#c5 Frank Fiene <ffiene@veka.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ffiene@veka.com --- Comment #5 from Frank Fiene <ffiene@veka.com> 2007-11-15 03:51:33 MST --- Me too. I've got an openVPN configuration file out of Astaros Firewall software and i am not able to setup the same thing with knetworkmanager. openvpn from command line with this files and kvpnc with importing this file is working fine. But i don't like to do this with root permissions, so i want to use knetworkmanager. I've tested a long time with the openvpn command issued by the networkmanager and need to add/remove these entries: add: --auth MD5 (listbox with [SHA1|MD5]) --tls-remote "<X.509-DN>" (textfield without entering "") remove: --ns-cert-type server (listbox with [none|server|client], with "none" the parameter must not be inserted!) I cannot see these entries in ~/kde3/share/config/knetworkmanagerrc so i think they are hardcoded in /usr/bin/nm-openvpn-service, that's really bad! How to solve this problem? Changing source by myself and recompiling nm-openvpn-service? Regards -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 User fred.blaise@gmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=332691#c6 Fred Blaise <fred.blaise@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fred.blaise@gmail.com --- Comment #6 from Fred Blaise <fred.blaise@gmail.com> 2008-03-18 12:19:32 MST --- I am also running astaro firewalls, and have the same issues as Frank. I am running gnome on opensuse 10.3. I tried to put the values in gconf, but it crashes the applet every time (v 0.6.5) (Adding other stuff, such as port worked, but not this one). --> rpm -aq |grep vpn openvpn-2.0.9-44 NetworkManager-openvpn-gnome-0.3.2cvs20060202-173 NetworkManager-openvpn-0.3.2cvs20060202-173 To me, this is not an enhancement bug, but rather at least a minor/normal bug concerning the NM-openvpn add-on, as it crashes the applet. Should I open another bug for this? Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 User hschaa@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=332691#c7 Helmut Schaa <hschaa@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |tambet@novell.com --- Comment #7 from Helmut Schaa <hschaa@novell.com> 2008-03-19 00:50:42 MST --- Fred, I don't think adding custom config-keys to gconf is supported but you're right, nm-applet should not crash in that case. Tambet, could you please comment on #6 please? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 User fred.blaise@gmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=332691#c8 --- Comment #8 from Fred Blaise <fred.blaise@gmail.com> 2008-03-19 02:50:20 MST --- Just for info, I am running also a ubuntu 7.04 box at home, with the following setting in nm-openvpn: # gconftool-2 -S vpn_data /system/networking/vpn_connections/Invik/vpn_data = [connection-type,x509userpass,dev,tun,remote,123.123.123.123,port,45678,proto,tcp-client,servercert-insecure,yes,ca,/home/fredb/.vpn/xxx.xxx.xxx.xxx.ca.crt,cert,/home/fredb/.vpn/xxx.xxx.xxx.xxx.user.crt,key,/home/fredb/.vpn/xxx.xxx.xxx.xxx.user.key,comp-lzo,yes,shared-key,,local-ip,,remote-ip,,username,fblaise,cipher,AES-256-CBC] (Frank, this works with Astaro ;)) It works peachy. Under opensuse, if i import them: # gconftool-2 -s /system/networking/vpn_connections/Invik/vpn_data --list-type string -t list "[connection-type,x509userpass,dev,tun,remote,123.123.123.123,port,45678,proto,tcp-client,servercert-insecure,yes,ca,/home/fredb/.vpn/xxx.xxx.xxx.xxx.ca.crt,cert,/home/fredb/.vpn/xxx.xxx.xxx.xxx.user.crt,key,/home/fredb/.vpn/xxx.xxx.xxx.xxx.user.key,comp-lzo,yes,shared-key,,local-ip,,remote-ip,,username,fblaise,cipher,AES-256-CBC]" NM applet crashes, and the most eloquent message in the NM log is: Mar 19 09:42:21 fredb-opensuse NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 6 -> 3. Mar 19 09:42:21 fredb-opensuse NetworkManager: <WARN> nm_vpn_service_process_signal(): VPN failed for service 'org.freedesktop.NetworkManager.openvpn', signal 'VPNConfigBad', with message 'The VPN login failed because the VPN configuration options were invalid.'. Mar 19 09:42:21 fredb-opensuse NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 3 -> 6. Maybe I really should open another bug, I am starting to pollute this one, originally for KNM... Sorry... :/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 User tambet@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=332691#c9 Tambet Ingo <tambet@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tambet@novell.com Status|NEEDINFO |ASSIGNED Info Provider|tambet@novell.com | --- Comment #9 from Tambet Ingo <tambet@novell.com> 2008-03-19 08:17:51 MST --- Commenting #6. Modifying gconf entries manually isn't a supported operation and if something breaks, you get to keep both pieces. NetworkManager allows a subset of openvpn configuration options because of security concerns - there are flags to run random files on the local disk as root. But that doesn't necessarily mean new options can't be added, it means to add new options, changes to code (as opposed to gconf) are needed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 User fred.blaise@gmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=332691#c10 --- Comment #10 from Fred Blaise <fred.blaise@gmail.com> 2008-03-19 08:26:32 MST --- Agreed. However, since some options are definitely needed (ie: at least port, tls-remote or servercert-insecure at least in my case and Frank's case) to make it work in many environment configurations, it'd be nice to see these options in. In my current opensuse 10.3, NM-openvpn plug-in is definitly useless. On ubuntu, options port is present in the GUI, and adding servercert-insecure manually to gconf works. Adding tls-remote, however, makes it also crash. Then, I guess a request for new options (advanced tab options maybe, including port, and tls-remote) should be made to make the plug-in actually usable in most environments. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 User ffiene@veka.com added comment https://bugzilla.novell.com/show_bug.cgi?id=332691#c11 --- Comment #11 from Frank Fiene <ffiene@veka.com> 2008-03-19 08:36:30 MST --- Yes, that is what i mentioned! For example: same options as kvpnd has! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 Andreas Jaeger <aj@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |zoz@novell.com Status|ASSIGNED |NEW -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 User zoz@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=332691#c13 Christian Zoz <zoz@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |helmut.schaa@gmail.com, wstephenson@novell.com AssignedTo|zoz@novell.com |anaumov@novell.com Component|Network |Network Priority|P5 - None |P4 - Low Product|openSUSE 10.3 |openSUSE 11.1 Version|Final |Beta 2 --- Comment #13 from Christian Zoz <zoz@novell.com> 2008-10-21 05:32:44 MDT --- This will not change for 10.3 and 11.0 anymore. But it maybe still could be done for 11.1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332691 Christian Zoz <zoz@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Network |KDE3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com