After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 712710 - Multiple remote gateways fail due to incorrect parsing
Multiple remote gateways fail due to incorrect parsing
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: VPN: openvpn
git master
Other Linux
: Normal normal
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
: 712720 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2013-11-19 20:03 UTC by TJ
Modified: 2014-07-11 07:20 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description TJ 2013-11-19 20:03:59 UTC
there is a bug in the parsing of multiple remote gateway specifications.

The tooltip says:

po/id.po:402:msgid "Remote host name or IP address. You can specify multiple items for redundancy (use commas to separate the entries).
config: remote"

But the code separate on spaces as well as commas (src/nm-openvpn-service.c::nm_openvpn_start_openvpn_binary()):

    tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE);
    if (tmp && strlen (tmp)) {
        char *tok;
        while ((tok = strsep((char**)&tmp, " ,")) != NULL) {
            if (strlen(tok)) {
                add_openvpn_arg (args, "--remote");
                add_openvpn_arg (args, tok);
            }
        }
    }

So the following entry in the Gateway text-box "a.bc.d 1194 udp, e.f.g.h 443 tcp"

which is stored in /etc/NetworkManager/system-connections/server as:

 remote=a.b.c.d 1194 udp, e.f.g.h 443 tcp

results in trying to start the process using this:

/usr/sbin/openvpn --remote a.b.c.d --remote 1194 --remote udp --remote e.f.g.h --remote 443 --remote tcp --comp-lzo --nobind --dev tun --proto udp --port 1194 ...

which fails miserably.

the fix is to remove the space from the strsep() match string.

After applying the fix the resulting process command-line is:

/usr/sbin/openvpn --remote a.b.c.d 1194 udp --remote e.f.g.h 443 tcp --comp-lzo --nobind --dev tun --proto udp --port 1194 ...

and the connection is successful.
Comment 1 TJ 2013-11-20 00:24:42 UTC
Please pull my proposed fix from:

  git://iam.tj/network-manager-openvpn.git gnome712710
Comment 2 TJ 2013-11-20 00:38:46 UTC
This fix is step 1 in a 2-step patch set, see bug #712720.

  git://iam.tj/network-manager-openvpn.git gnome712720
Comment 3 Jiri Klimes 2014-06-26 11:15:03 UTC
*** Bug 712720 has been marked as a duplicate of this bug. ***
Comment 4 Jiri Klimes 2014-06-26 11:29:03 UTC
Originally, only one gateway was allowed, without port or protocol (they could be overridden in the advanced dialog).
When multiple gateways was introduced, port/proto support was not added. I implement that now as host[:port][:proto].
Examples:
vpn.corp.com vpn2.corp.com:1234:tcp vpn2.corp.com:1234:udp vpn.corp2.com::tcp

delimiters: space and/or tabulator and/or comma

jk/multiple-remotes-port-proto branch
Comment 5 Thomas Haller 2014-06-30 19:06:00 UTC
(In reply to comment #4)
> jk/multiple-remotes-port-proto branch

LGTM, pushed whitespace fixup
Comment 6 Jiri Klimes 2014-07-11 07:20:02 UTC
Pushed to master as:
bf459e7 service: fix a memory leak on an error
c55ba4e core/ui: allow specifying port and protocol for gateways (bgo #712710)