After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 774727 - ifconfig option should not be exclusive to static key connection type
ifconfig option should not be exclusive to static key connection type
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: VPN: openvpn
git master
Other Linux
: Normal normal
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks: nm-openvpn-options
 
 
Reported: 2016-11-19 17:56 UTC by David Rosca
Modified: 2017-05-27 20:07 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Don't make ifconfig exclusive to static key connection type (2.38 KB, patch)
2016-11-19 17:57 UTC, David Rosca
none Details | Review
Patch that appends '--ifconfig' to TLS client parameters (1008 bytes, patch)
2016-11-25 09:58 UTC, Luis Manuel
none Details | Review

Description David Rosca 2016-11-19 17:56:55 UTC
My openvpn config is not working, because it uses "tls" connection type with ifconfig settings.
In "src/nm-openvpn-service.c" the ifconfig option is used only when connection type is static key, which is wrong.

my-openvpn.conf:

client
remote test.com
tls-client
dev tap0
ifconfig 111.11.111.11 255.255.255.0
keepalive 10 120
mute 10
ca ca.crt
cert cert.crt
key key.key
comp-lzo
verb 3
link-mtu 500
Comment 1 David Rosca 2016-11-19 17:57:42 UTC
Created attachment 340318 [details] [review]
Don't make ifconfig exclusive to static key connection type
Comment 2 Luis Manuel 2016-11-25 09:58:28 UTC
Created attachment 340739 [details] [review]
Patch that appends '--ifconfig' to TLS client parameters

With this patch, the connection works with a remote OpenVPN server that was started with this command:

openvpn --dev tun1 --ifconfig 10.9.8.1 10.9.8.2 --tls-server --dh keys/dh2048.pem --ca keys/ca.crt --cert keys/server.crt --key keys/server.key
Comment 3 Luis Manuel 2016-11-25 10:00:27 UTC
The attached patch fixes this issue by appending '--ifconfig' when the parameters 'local-ip' and 'remote-ip' are defined in the section [vpn]. Here an example of a working connection:

[vpn]
service-type=org.freedesktop.NetworkManager.openvpn
connection-type=tls
auth=SHA1
remote=192.168.1.31
cipher=BF-CBC
cert-pass-flags=0
dev-type=tun
cert=clientname.crt
dev=tun1
key=clientname.key
ca=ca.crt
local-ip=10.9.8.2
remote-ip=10.9.8.1

Regards,

Luis
Comment 4 David Rosca 2017-05-26 09:03:21 UTC
Ping, can this be please commited?