Bug 656214 – No way to set certain config options using the nm-openvpn gui

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 656214 - No way to set certain config options using the nm-openvpn gui


Summary:	No way to set certain config options using the nm-openvpn gui


Status:	RESOLVED FIXED

Product:	NetworkManager
Classification:	Platform
Component:	VPN: openvpn
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Dan Williams
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:	nm-openvpn-options

Reported:	2011-08-09 13:01 UTC by lsof
Modified:	2016-03-31 11:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description lsof 2011-08-09 13:01:06 UTC

(I'm reporting a bunch of bugs that I had today with nm. NetworkManager-0.8.9997-6.git20110721.fc15.x86_64)

I could find no way to set the following settings, which are recommended by openvpn for keeping a vpn connection reliable, in the gui:

keepalive 10 60
ping-timer-rem
persist-tun
persist-key

I could also not find a way to set:

redirect-gateway def1

Luckily I have control over the openvpn server and can push the options, but I doubt everyone can do this too.

There is a second problem that I have no idea which options nm has accepted from options pushed to the client.

Comment 1 Federico Mena Quintero 2015-05-28 22:57:42 UTC

The persist-tun and persist-key options are turned on by default; there is no need to set them explicitly.

See bug #651657 for a semi-hacky patch to hard-code the keepalive option.

Comment 2 Thomas Haller 2016-03-31 11:46:18 UTC

(In reply to lsof from comment #0)
> (I'm reporting a bunch of bugs that I had today with nm.
> NetworkManager-0.8.9997-6.git20110721.fc15.x86_64)
> 
> I could find no way to set the following settings, which are recommended by
> openvpn for keeping a vpn connection reliable, in the gui:
> 
> keepalive 10 60

This is now supported.

> ping-timer-rem

Does this even make sense for client-mode? nm-openvpn can only act as client.


> persist-tun
> persist-key

As Frederico said, those two settings are always enabled. There is currently no way to disable that (and it probably doesn't make sense).


> I could also not find a way to set:
> 
> redirect-gateway def1

With nm-openvpn, the openvpn process doesn't configure any addresses/routes itself, but tells them to NetworkManager -- which then does the configuration depending on it's configuration.

This setting doesn't make sense for nm-openvpn.

It's better to ask what IP configuration you want, and how nm-openvpn can be configured to achieve what you want.


> Luckily I have control over the openvpn server and can push the options, but
> I doubt everyone can do this too.
> 
> There is a second problem that I have no idea which options nm has accepted
> from options pushed to the client.

openvpn is started by nm-openvpn with --up "/usr/libexec/nm-openvpn-service-openvpn-helper ..." argument. Openvpn will invoke this script when something changes, the script will obtain the information via environmnet variables (see "Environmental Variables" in `man openvpn`).
Then it will pass part of the information on to nm-openvpn-service, which then passes it on to NetworkManager.

I cannot answer your question because there are a gazillion of options and I don't know which of them make sense for nm-openvpn. It's better to ask the other way around: what do you want to do, and then let's see how to achive that.


Closing this bug as fixed. Please open a new bug for any follow up issues that you still have. Thank you.