Better said, please include proxy support into NM-OpenVPN plugin.

Do you mean the openvpn 'http-proxy' config directive?

Yes.

*** Bug 538316 has been marked as a duplicate of this bug. ***

Hi, this feature is quite important, but it need to be complete with also this stuff:

* please add also the possibility to use a proxy with authentication (important, a lot of proxy requires authentication)
* add the directive http-proxy-retry (which permit to retry if proxy connection fails) (not high priority)
* http-proxy-option (which permit to add option to proxy connection) (important, cause if you need to pass through a deep inspection proxy)
* http-proxy-timeout (set the maximum timeout for proxy) (important, cause some proxy may be slow and without the connection is breaking out)

If you want, there are also the socks-* directive.

Thanks a lot for your work.
Luca

I have another idea. 

A great job is to give the possibility to read from system proxy settings. Some software allow you to 
 * use your own configuration (Manual) 
 * read configuration from system (System Config)
 * automatic configuration (optional, I don't think is always required)

thanks a lot

Luca

IMO the best solution would be to allow for a per-connection proxy setup. This might make the gnome-network-properties application superfluous, or, at least, it would establish a correlation between the current connection and the "Location" specified in gnome-network-properties.

I'm no UI designer, but it looks to me like the connection properties dialog for all connections could include a new tab called "Proxy", which would look very much like the gnome-network-properties application, including the "Location" dropdown - that way, multiple connections could be considered to be at the same "Location", meaning that they receive the same proxy configuration.

Hoping to see this soon!

P.S.: The "Proxy" tab could include an option not present in gnome-network-properties: detecting a proxy. If I've skimmed the above discussion correctly, it looks like OpenVPN supports proxy "detection", that is, it communicates proxy information to the client.

NM could read info/config from gnome-network-properties (proxy) and gstm (gnome ssh tunnel manager) to setup proxy and ssh tunnels per-connection profile. This would be awesome! :)

Created attachment 151930 [details] [review]
patch against ubuntu package: network-manager-openvpn-0.8~a~git.20091008t123607.7c184a9

https://launchpad.net/~nail-nodomain/+archive/ppa/+packages

package:

network-manager-openvpn - 0.8~a~git.20091008t123607.7c184a9-0ubuntu3~nail2 

 hope this help

reg.

t.

Now that I've seen the changes needed from the diff Tomas provided, please also include socks proxy support, like this, this ticket should be renamed to [enh] Proxy Support.

The required changes to the diff shouldn't be that many.

A few comments, thanks!

1) we should drop NM_OPENVPN_KEY_HTTP_PROXY_AUTH and instead have a HTTP_PROXY_USER option in the 'data' elements, and an HTTP_PROXY_PASSWORD in the 'secrets' elements.

When the user clicks the "This proxy server requires authentication" checkbox, the Username and Password entries would be enabled.  If the username and password are filled in, then the OK button is sensitive, and then the NM-openvpn daemon passes 'auto' as the auth method and responds to proxy auth queries on the openvpn management port by submitting the user/pass to openvpn.

2) I think we should rename "Use http proxy _authentication" to "This proxy server requires authentication"

3) I think we should rename "Use _http proxy retry" to "Ignore proxy server errors"

4) I'd rather use the same port spinner that's on the first tab in the Advanced dialog instead of a freeform entry for the proxy port

5) can we change the tab title to "HTTP Proxy"?


thanks!

For SOCKS support, I'd do the following too:

1) Change the tab title to "Proxies"

2) Use a dropdown menu to choose between "None", "HTTP", and "SOCKS".  If NONE was selected, then all the proxy keys would be cleared out when the advanced dialog returns.  If HTTP was selected, then the address/port and retry entry widgets fill the appropriate HTTP key, same thing for SOCKs.  Of course authentication should be hidden when SOCKS is enabled since it doesnt' appear that openvpn supports SOCKS auth?  Or maybe I'm unfamiliar with SOCKS and it doesn't have auth capability.

3) add NM_OPENVPN_KEY_SOCKS_PROXY, NM_OPENVPN_KEY_SOCKS_PROXY_PORT, and NM_OPENVPN_KEY_SOCKS_PROXY_RETRY

Created attachment 151969 [details] [review]
Cleanly applying version of original

Hi Pedro,
You still interesting in working on this?
If not i can take over :)

(In reply to comment #11)
> Now that I've seen the changes needed from the diff Tomas provided, please also
> include socks proxy support, like this, this ticket should be renamed to [enh]
> Proxy Support.

Right, in the meantime I created a bug report for generic proxy support: bug #621767.

Can be marked as duplicate if this one is renamed.

Although this one seems to be more about nm-openvpn... so maybe it should be "http support on network-manager-openvpn" and continue the generic support in bug #621767.

Created attachment 167890 [details] [review]
New patch for 0.8.1

can also help out if needed

Thanks for the updated patch; I've cleaned it up and reworked it a bunch (added import of proxy username/password, UI improvements, and renaming of a few keys) and committed it as:

2eee51aedace28af0f39349baee130f4121428e7 (master)
95ce6e99307a8822774cecf98b79acbe0183a5a7 (0.8.x)

One thing I forgot and am not going to do tonight is support for the proxy password in the auth dialog; but that's not a huge problem as long as you fill in the proxy password in the connection editor.

I just added SOCKS proxy support in:

fe98554f02a198437d4cad87d0bf31bcf8d3b44b (master)
84062eab6e5445fc4e31dad0a868ae8b0805918d (0.8.x)

Haven't added testcases for import/export yet though.  Testing appreciated.

> I just added SOCKS proxy support in:

Just to be clear, this is for *HTTP* support.

If all proxy support is fixed, then please close bug #621767.

Additional updates and fixes for import/export have been pushed to master and NM_0_8.

This isn't for *all* proxy support, which is what bug #621767 is about (having the GNOME desktop proxy settings switch when you change network connections); this is only about OpenVPN since that's the component this bug is filed against.

I think that when #621767 is fixed, network-manager-openvpn should also have an option to override "global" proxy settings.

Use case:
- You are in a network which has only internet access via a proxy
- You manage to get a vpn through it ;-)
- The vpn server sets redirect-gateway
- All internet access except the vpn connection should go through the vpn