GNOME Bugzilla – Bug 484315
[enh] support additional options (tun-mtu, fragment, mssfix)
Last modified: 2010-02-25 20:47:39 UTC
I was hoping that i can edit the configuration directly from Gconf-editor in /system/networking/vpn_connections but if I put some extra option (to be more specific, I want to send nobind with the openvpn command) directly here, I got an error and NetworkManager die. the syslog says "Oct 7 00:34:16 guilherme NetworkManager: file nm-vpn-service.c: line 475 (nm_vpn_service_stage3_connect_cb): assertion failed: (service != NULL)" right before. I dont know if this is exactly a bug, or I was supposed not to directly edit the gconf key.
Hello, I've got the same problem. Our OpenVPN server uses the following options which cannot be set using the Network Manager: tun-mtu 1500 fragment 1300 mssfix Without these settings we cannot use the Network Manager to connect. Maybe it would make sense to add a freetext field with extra options that are passed directly to openvpn: --tun-mtu 1500 --fragment 1300 --mssfix Kind Regards, Stefan
No, if there are required options we should add those in the UI as necessary, not add a field to pass random stuff to the binary. We'd have to security-check the random stuff anyway, and at that point we should just do the right thing and make them real options like the rest. Note that --nobind is always passed with latest SVN.
What's the best way to move this one forward? With OpenVPN, the network configuration options are vast, and getting the configuration exactly matching is usually necessary. (and Network admins used to giving their users .conf files are unlikely to restructure their VPN's to fit nm-openvpn) Would a taxonomy of OpenVPN client options be the next step, so they could be logically grouped for a GUI pane? (I came here looking for a way to add mute-replay-warnings)
*** Bug 564196 has been marked as a duplicate of this bug. ***
Opened by Matthieu Loll (reporter, points: 1) 2008-12-12 00:11 UTC [reply] The default value used by OpenVPN for "reneg-sec" is 3600 seconds. Currently there is no way to change this value in the OpenVPN plugin for NetworkManager. Also, the option "auth-retry" should be possible to be set to "interact". These 2 settings are needed in case of OpenVPN used with an RSA token, for proper renewal of authentication. With these 2 options missing, the result is that the openvpn daemon tries to renegotiate authentication after 3600 seconds without prompting the user for new credentials, which fails and ends in the VPN being disconnected. Setting "reneg-sec" to a much higher value would also avoid re-entering the credentials too often (a sane default would be 43200)
Found a problem in OpenVPN associated with the inability to manually set the size of MTU. I am connected to the Internet via L2TP channel from the provider. Connecting to the office via OpenVPN. These are the double encapsulation. Network Manager unable to correctly set itself the necessary size of MTU.
I would like to see a support either for more config options or the possbility to upload config files and their values passed throught too. At the moment hotsplots.de a free vpn-provider can not be used with network manager because it does not support the option "fragment 1300" "mssfix" (according to their support).
I have exactly the same problems like Stefan with my corporate network. I think importing/exporting configuration and adding additional parameters would be sufficent, but maybe not really user friendly. Please add mssfix,mtu and fragment options if tcp is not selected (some options are only valid using udp). Thank you!
96df84baa08011baa74b2a416450b884da8119e5 (master) dd2e4ed147a596bf73ff32f7abea03ba49f6bf3e (0.7.x)