GNOME Bugzilla – Bug 737108
OpenVPN: Support --float parameter
Last modified: 2015-05-28 10:22:27 UTC
As of 0.9.10.0 the GUI does not have an option to pass the --float parameter to OpenVPN.
Created attachment 300722 [details] [review] patch for nm support of openvpn float an old patch, at least illustrates how it can be done
patch is from: https://mail.gnome.org/archives/networkmanager-list/2010-November/msg00014.html
Created attachment 300734 [details] [review] Add checkbox to pass the --float option in OpenVPN Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the --remote option. This allows remote peer to change its IP address and/or port number. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client. [thaller@redhat.com: rebased on current master] [thaller@redhat.com: add import/export and tests] https://mail.gnome.org/archives/networkmanager-list/2010-November/msg00014.html
the original patch attachment 300722 [details] [review] applies on commit 0cfd6b966c80de0e689badedf9d6ad50dd355e4f. I rebased it on master, and added test,import and export.
Created attachment 300739 [details] [review] Add checkbox to pass the --float option in OpenVPN Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the --remote option. This allows remote peer to change its IP address and/or port number. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client. [thaller@redhat.com: rebased on current master] [thaller@redhat.com: add import/export and tests] https://mail.gnome.org/archives/networkmanager-list/2010-November/msg00014.html
(In reply to Thomas Haller from comment #5) > Created attachment 300739 [details] [review] [review] > Add checkbox to pass the --float option in OpenVPN hmpf, v1 in attachment 300734 [details] [review] had bugs... v2 here... AFAIU, --float only has relevance together with --remote. Since there is no UI for --remote, maybe should not have --float there either(?)
The setting used for --remote is the gateway address; check NM_OPENVPN_KEY_REMOTE.
(In reply to Thomas Haller from comment #5) > Created attachment 300739 [details] [review] [review] > Add checkbox to pass the --float option in OpenVPN > > Essentially, --float tells OpenVPN to accept authenticated packets from > any address, not only the address which was specified in the --remote > option. This allows remote peer to change its IP address and/or port > number. This is useful when you are connecting to a peer which holds > a dynamic address such as a dial-in user or DHCP client. > > [thaller@redhat.com: rebased on current master] > [thaller@redhat.com: add import/export and tests] > > https://mail.gnome.org/archives/networkmanager-list/2010-November/msg00014. > html The patch look and work fine for me. I will just attach a fixup to fix a mnemonics key clash, and addition of 'float' to nm-import-openvpn script. (In reply to Thomas Haller from comment #6) > (In reply to Thomas Haller from comment #5) > AFAIU, --float only has relevance together with --remote. Since there is no > UI for --remote, maybe should not have --float there either(?) As Jan says above, '--remote' is the "Gateway" entry and it is mandatory.
Created attachment 304125 [details] [review] [PATCH] fix clash in mnemonic keys (F_loat)
Created attachment 304126 [details] [review] [PATCH] support 'float' in nm-import-openvpn script
pushed to NM-openvpn master as: https://git.gnome.org/browse/network-manager-openvpn/commit/?id=3233f420e59bdd0894208b3ae6053c71e4d0aa1d Pushed the fix from comment 10 to NM master as http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=a5e43ab51080bb09237afeb3f3c1c855e0127379