GNOME Bugzilla – Bug 759811
Not working with static key and tcp
Last modified: 2016-01-11 13:01:10 UTC
Created attachment 317818 [details] [review] Use tcp-client instead of tcp This bug is a copy of https://bugzilla.redhat.com/show_bug.cgi?id=1288711 On RHEL 7.2, I found that using a static key and the openvpn plugin do not work. The nm openvpn plugin generate a incorrect command line to start openvpn. Since some unscpecified version, openvpn requires to have --proto tcp-client or --proto tcp-server when using a static key. And the plugin just give --proto tcp as argument. I found the code adding it: https://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service.c#n1038 And propose the attached patch to fix that. (it is for now untested)
I confirm this problem on version 1.0.6 on Fedora23. This is the error which shows up on `journalctl -n`: Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client The openvpn configuration file (foo.conf), imported in NetworkManager, doesn't work, while it works correctly if I copy foo.conf to /etc/openvpn and run: systemctl start openvpn@foo.service
I finally was motivated to test the patch in real life (ie, with a annoying firewallà), and it worked fine.
Note that the openvpn manual states: --remote host [port] [proto] proto indicates the protocol to use when connecting with the remote, and may be "tcp" or "udp". So, this sets an undocumented option. It only affects static-key, because all other modes set --client (which implies proto=tcp-client: https://github.com/OpenVPN/openvpn/blob/36f3a479a7d5ab01c30e8ca1a99bd2430b30893f/src/openvpn/options.c#L2364 ) Patch applied: master: https://git.gnome.org/browse/network-manager-openvpn/commit/?id=03ad88a8678f2204784ba38dfe60c6f8410a9ffe nm-1-0: https://git.gnome.org/browse/network-manager-openvpn/commit/?id=90489e9dc5851b3546e6f2579dad42ab3d86096a Thanks Michael.