GNOME Bugzilla – Bug 774727
ifconfig option should not be exclusive to static key connection type
Last modified: 2017-05-27 20:07:10 UTC
My openvpn config is not working, because it uses "tls" connection type with ifconfig settings. In "src/nm-openvpn-service.c" the ifconfig option is used only when connection type is static key, which is wrong. my-openvpn.conf: client remote test.com tls-client dev tap0 ifconfig 111.11.111.11 255.255.255.0 keepalive 10 120 mute 10 ca ca.crt cert cert.crt key key.key comp-lzo verb 3 link-mtu 500
Created attachment 340318 [details] [review] Don't make ifconfig exclusive to static key connection type
Created attachment 340739 [details] [review] Patch that appends '--ifconfig' to TLS client parameters With this patch, the connection works with a remote OpenVPN server that was started with this command: openvpn --dev tun1 --ifconfig 10.9.8.1 10.9.8.2 --tls-server --dh keys/dh2048.pem --ca keys/ca.crt --cert keys/server.crt --key keys/server.key
The attached patch fixes this issue by appending '--ifconfig' when the parameters 'local-ip' and 'remote-ip' are defined in the section [vpn]. Here an example of a working connection: [vpn] service-type=org.freedesktop.NetworkManager.openvpn connection-type=tls auth=SHA1 remote=192.168.1.31 cipher=BF-CBC cert-pass-flags=0 dev-type=tun cert=clientname.crt dev=tun1 key=clientname.key ca=ca.crt local-ip=10.9.8.2 remote-ip=10.9.8.1 Regards, Luis
Ping, can this be please commited?
Patch from comment 1 applied, thanks! https://git.gnome.org/browse/network-manager-openvpn/commit/?id=1e36488d3442732dd9b0c03f2b69589d53085066