GNOME Bugzilla – Bug 754754
Allow setting VPN per-connection timeout
Last modified: 2015-09-21 15:05:04 UTC
There are several cases where the default connection timeout value is simply not sufficient. The first documented case is in Bug #567083 where a congested wireless network may take longer to connect than the hard-coded timeout. The second case deals with OpenVPN connections taking longer than the hard-coded 40 seconds over slow links. You can find the details in Ubuntu's bug system and a short discussion in the mailing list: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/420411 https://mail.gnome.org/archives/networkmanager-list/2015-April/msg00007.html The third case is the one I am familiar with. I have an openconnect VPN that requires a One-Time Password (OTP) in addition to the username and password. The OTP is delivered via SMS which can often take more than 30 seconds to arrive. When the SMS message is delayed, Network Manager terminates the connection attempt prematurely. If I connect via the command line, the openconnect client waits more than enough time for the OTP. So I know it is not openconnect nor the VPN server timing out. Could you please add a configurable timeout value that can be set to different values for each connection? Thank you.
Good that you already throw in some use-cases. Let's first collect them to understand what this new setting should cover. Is one single timeout-setting sufficient for all these different uses-cases? Maybe they are independent features/settings and we would rather open separate bugs for each of them?
Thank you for your quick response. I'm looking at this from the point of view of a connection instance. Could we have just one global setting that sets the timeout on any connection attempt? Would that be sufficient to solve our individual problems? Yes, although it wouldn't be optimal. If one connection requires a 90 second timeout, forcing all other connections to have a 90 second timeout seems less than optimal. Ideally I think we would want a default timeout value, and the option to override it per connection instance. Are these different settings/features for each module? I don't believe so. This is a general connection property. It may be the case that each module (wired, wireless, openconnect, openvpn, etc.) would have to implement this new property in their own way, but I would still like to see this feature implemented across all the different connection types, just just across one or two. But, if the development cycle would be better served by creating different bugs, then go for it. I don't know if it's possible to assign the other bugs as sub-tasks of this bug. I hope this helped.
There are several timeouts when activating connections, like DHCP timeout, SLAAC timeout. There were discussions about them in the past, e.g. https://mail.gnome.org/archives/networkmanager-list/2010-January/msg00051.html But I think you are more interested in VPN connection timeout. Let's make the timeout configurable and increase the default value to 60 s. Branch jk/vpn-timeout-bgo754754.
(In reply to Jiri Klimes from comment #3) > Branch jk/vpn-timeout-bgo754754. LGTM!
Pushed to master: 32e783e merge: make VPN timeout configurable - vpn.timeout property (bgo #754754) 9f1e991 man: document that vpn.timeout property supports a default value bbc7725 vpn: use vpn.timeout property as timeout value for IP config (bgo #754754) 431cc8a cli: support vpn.timeout property in nmcli ffe16c9 libnm-core: add vpn.timeout property for establishing connections