[network-manager-openvpn] add support for --float option
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openvpn] add support for --float option
- Date: Thu, 28 May 2015 10:20:48 +0000 (UTC)
commit 3233f420e59bdd0894208b3ae6053c71e4d0aa1d
Author: Carlos Alberto Lopez Perez <clopez igalia com>
Date: Tue Nov 2 18:04:59 2010 +0100
add support for --float option
Essentially, --float tells OpenVPN to accept authenticated packets from
any address, not only the address which was specified in the --remote
option. This allows remote peer to change its IP address and/or port
number. This is useful when you are connecting to a peer which holds
a dynamic address such as a dial-in user or DHCP client.
[thaller redhat com: rebased on current master]
[thaller redhat com: add import/export and tests]
[jklimes redhat com: fix shortcut clash]
https://mail.gnome.org/archives/networkmanager-list/2010-November/msg00014.html
https://bugzilla.gnome.org/show_bug.cgi?id=737108
properties/auth-helpers.c | 11 +++++++++++
properties/import-export.c | 14 ++++++++++++++
properties/nm-openvpn-dialog.ui | 22 ++++++++++++++++++++++
properties/tests/conf/tls.ovpn | 2 ++
properties/tests/test-import-export.c | 7 +++++++
src/nm-openvpn-service-defines.h | 1 +
src/nm-openvpn-service.c | 5 +++++
7 files changed, 62 insertions(+), 0 deletions(-)
---
diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c
index 084882c..be62e02 100644
--- a/properties/auth-helpers.c
+++ b/properties/auth-helpers.c
@@ -979,6 +979,7 @@ static const char *advanced_keys[] = {
NM_OPENVPN_KEY_PORT,
NM_OPENVPN_KEY_COMP_LZO,
NM_OPENVPN_KEY_MSSFIX,
+ NM_OPENVPN_KEY_FLOAT,
NM_OPENVPN_KEY_TUNNEL_MTU,
NM_OPENVPN_KEY_FRAGMENT_SIZE,
NM_OPENVPN_KEY_TAP_DEV,
@@ -1667,6 +1668,12 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_FLOAT);
+ if (value && !strcmp (value, "yes")) {
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "float_checkbutton"));
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
+ }
+
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_PROTO_TCP);
if (value && !strcmp (value, "yes")) {
widget = GTK_WIDGET (gtk_builder_get_object (builder, "tcp_checkbutton"));
@@ -1940,6 +1947,10 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_MSSFIX), g_strdup ("yes"));
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "float_checkbutton"));
+ if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
+ g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_FLOAT), g_strdup ("yes"));
+
widget = GTK_WIDGET (gtk_builder_get_object (builder, "tcp_checkbutton"));
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PROTO_TCP), g_strdup ("yes"));
diff --git a/properties/import-export.c b/properties/import-export.c
index 68909f2..9d1225a 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -52,6 +52,7 @@
#define KEYSIZE_TAG "keysize "
#define CLIENT_TAG "client"
#define COMP_TAG "comp-lzo"
+#define FLOAT_TAG "float"
#define DEV_TAG "dev "
#define DEV_TYPE_TAG "dev-type "
#define FRAGMENT_TAG "fragment "
@@ -439,6 +440,11 @@ do_import (const char *path, char **lines, GError **error)
continue;
}
+ if (!strncmp (*line, FLOAT_TAG, strlen (FLOAT_TAG))) {
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_FLOAT, "yes");
+ continue;
+ }
+
if (!strncmp (*line, RENEG_SEC_TAG, strlen (RENEG_SEC_TAG))) {
items = get_args (*line + strlen (RENEG_SEC_TAG), &nitems);
@@ -816,6 +822,7 @@ do_export (const char *path, NMConnection *connection, GError **error)
gboolean success = FALSE;
gboolean proto_udp = TRUE;
gboolean use_lzo = FALSE;
+ gboolean use_float = FALSE;
gboolean reneg_exists = FALSE;
guint32 reneg = 0;
gboolean keysize_exists = FALSE;
@@ -917,6 +924,10 @@ do_export (const char *path, NMConnection *connection, GError **error)
if (value && !strcmp (value, "yes"))
use_lzo = TRUE;
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FLOAT);
+ if (value && !strcmp (value, "yes"))
+ use_float = TRUE;
+
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER);
if (value && strlen (value))
cipher = value;
@@ -1024,6 +1035,9 @@ do_export (const char *path, NMConnection *connection, GError **error)
if (use_lzo)
fprintf (f, "comp-lzo yes\n");
+ if (use_float)
+ fprintf (f, "float\n");
+
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_MSSFIX);
if (value && strlen (value)) {
if (!strcmp (value, "yes"))
diff --git a/properties/nm-openvpn-dialog.ui b/properties/nm-openvpn-dialog.ui
index ab993eb..aea6282 100644
--- a/properties/nm-openvpn-dialog.ui
+++ b/properties/nm-openvpn-dialog.ui
@@ -1477,6 +1477,28 @@ config: remote-random</property>
<property name="position">8</property>
</packing>
</child>
+ <child>
+ <object class="GtkCheckButton" id="float_checkbutton">
+ <property name="label" translatable="yes">Accept authenticated packets from any address
(F_loat)</property>
+ <property name="use_action_appearance">False</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="tooltip_text" translatable="yes">Allow remote peer to change its IP
address and/or port number, such as due to DHCP (this is the default if --remote is not used). --float when
specified with --remote allows an OpenVPN session to initially connect to a peer at a known address,
however if packets arrive from a new address and pass all authentication tests, the new address will take
control of the session. This is useful when you are connecting to a peer which holds a dynamic address such
as a dial-in user or DHCP client.
+
+Essentially, --float tells OpenVPN to accept authenticated packets from any address, not only the address
which was specified in the --remote option.
+
+config: float</property>
+ <property name="use_underline">True</property>
+ <property name="xalign">0</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">9</property>
+ </packing>
+ </child>
</object>
</child>
<child type="tab">
diff --git a/properties/tests/conf/tls.ovpn b/properties/tests/conf/tls.ovpn
index 8309c89..f79bb5e 100644
--- a/properties/tests/conf/tls.ovpn
+++ b/properties/tests/conf/tls.ovpn
@@ -10,6 +10,8 @@ nobind
pull
tls-client
+float
+
ca keys/mg8.ca
cert keys/clee.crt
key keys/clee.key
diff --git a/properties/tests/test-import-export.c b/properties/tests/test-import-export.c
index bf93746..3fcdf1e 100644
--- a/properties/tests/test-import-export.c
+++ b/properties/tests/test-import-export.c
@@ -143,6 +143,7 @@ test_password_import (NMVpnPluginUiInterface *plugin, const char *dir)
test_item ("password-import-data", s_vpn, NM_OPENVPN_KEY_DEV, "tun");
test_item ("password-import-data", s_vpn, NM_OPENVPN_KEY_PROTO_TCP, NULL);
test_item ("password-import-data", s_vpn, NM_OPENVPN_KEY_COMP_LZO, NULL);
+ test_item ("password-import-data", s_vpn, NM_OPENVPN_KEY_FLOAT, NULL);
test_item ("password-import-data", s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, "0");
test_item ("password-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE, "test.server.com");
test_item ("password-import-data", s_vpn, NM_OPENVPN_KEY_PORT, "443");
@@ -273,6 +274,7 @@ test_tls_import (NMVpnPluginUiInterface *plugin, const char *dir)
test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_DEV, "tun");
test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_PROTO_TCP, NULL);
test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_COMP_LZO, "yes");
+ test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_FLOAT, "yes");
test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, NULL);
test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE, "173.8.149.245");
test_item ("tls-import-data", s_vpn, NM_OPENVPN_KEY_PORT, "1194");
@@ -388,6 +390,7 @@ test_pkcs12_import (NMVpnPluginUiInterface *plugin, const char *dir)
test_item ("pkcs12-import-data", s_vpn, NM_OPENVPN_KEY_DEV, "tun");
test_item ("pkcs12-import-data", s_vpn, NM_OPENVPN_KEY_PROTO_TCP, NULL);
test_item ("pkcs12-import-data", s_vpn, NM_OPENVPN_KEY_COMP_LZO, "yes");
+ test_item ("pkcs12-import-data", s_vpn, NM_OPENVPN_KEY_FLOAT, NULL);
test_item ("pkcs12-import-data", s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, NULL);
test_item ("pkcs12-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE, "173.8.149.245");
test_item ("pkcs12-import-data", s_vpn, NM_OPENVPN_KEY_PORT, "1194");
@@ -537,6 +540,7 @@ test_static_key_import (NMVpnPluginUiInterface *plugin, const char *dir)
test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_DEV, "tun");
test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_PROTO_TCP, NULL);
test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_COMP_LZO, NULL);
+ test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_FLOAT, NULL);
test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, NULL);
test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE, "10.11.12.13");
test_item ("static-key-import-data", s_vpn, NM_OPENVPN_KEY_PORT, NULL);
@@ -759,6 +763,7 @@ test_proxy_http_import (NMVpnPluginUiInterface *plugin, const char *dir)
test_item ("proxy-http-import-data", s_vpn, NM_OPENVPN_KEY_DEV, "tun");
test_item ("proxy-http-import-data", s_vpn, NM_OPENVPN_KEY_PROTO_TCP, "yes");
test_item ("proxy-http-import-data", s_vpn, NM_OPENVPN_KEY_COMP_LZO, NULL);
+ test_item ("proxy-http-import-data", s_vpn, NM_OPENVPN_KEY_FLOAT, NULL);
test_item ("proxy-http-import-data", s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, "0");
test_item ("proxy-http-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE, "test.server.com");
test_item ("proxy-http-import-data", s_vpn, NM_OPENVPN_KEY_PORT, "443");
@@ -841,6 +846,7 @@ test_proxy_http_with_auth_import (NMVpnPluginUiInterface *plugin, const char *di
test_item ("proxy-http-with-auth-import-data", s_vpn, NM_OPENVPN_KEY_DEV, "tun");
test_item ("proxy-http-with-auth-import-data", s_vpn, NM_OPENVPN_KEY_PROTO_TCP, "yes");
test_item ("proxy-http-with-auth-import-data", s_vpn, NM_OPENVPN_KEY_COMP_LZO, NULL);
+ test_item ("proxy-http-with-auth-import-data", s_vpn, NM_OPENVPN_KEY_FLOAT, NULL);
test_item ("proxy-http-with-auth-import-data", s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, "0");
test_item ("proxy-http-with-auth-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE, "test.server.com");
test_item ("proxy-http-with-auth-import-data", s_vpn, NM_OPENVPN_KEY_PORT, "443");
@@ -883,6 +889,7 @@ test_proxy_socks_import (NMVpnPluginUiInterface *plugin, const char *dir)
test_item ("proxy-socks-import-data", s_vpn, NM_OPENVPN_KEY_DEV, "tun");
test_item ("proxy-socks-import-data", s_vpn, NM_OPENVPN_KEY_PROTO_TCP, "yes");
test_item ("proxy-socks-import-data", s_vpn, NM_OPENVPN_KEY_COMP_LZO, NULL);
+ test_item ("proxy-socks-import-data", s_vpn, NM_OPENVPN_KEY_FLOAT, NULL);
test_item ("proxy-socks-import-data", s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS, "0");
test_item ("proxy-socks-import-data", s_vpn, NM_OPENVPN_KEY_REMOTE, "test.server.com");
test_item ("proxy-socks-import-data", s_vpn, NM_OPENVPN_KEY_PORT, "443");
diff --git a/src/nm-openvpn-service-defines.h b/src/nm-openvpn-service-defines.h
index 8abdaf5..7c61218 100644
--- a/src/nm-openvpn-service-defines.h
+++ b/src/nm-openvpn-service-defines.h
@@ -34,6 +34,7 @@
#define NM_OPENVPN_KEY_KEYSIZE "keysize"
#define NM_OPENVPN_KEY_COMP_LZO "comp-lzo"
#define NM_OPENVPN_KEY_CONNECTION_TYPE "connection-type"
+#define NM_OPENVPN_KEY_FLOAT "float"
#define NM_OPENVPN_KEY_FRAGMENT_SIZE "fragment-size"
#define NM_OPENVPN_KEY_KEY "key"
#define NM_OPENVPN_KEY_LOCAL_IP "local-ip" /* ??? */
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 64ac1ff..918490f 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -107,6 +107,7 @@ static ValidProperty valid_properties[] = {
{ NM_OPENVPN_KEY_KEYSIZE, G_TYPE_INT, 1, 65535, FALSE },
{ NM_OPENVPN_KEY_COMP_LZO, G_TYPE_BOOLEAN, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CONNECTION_TYPE, G_TYPE_STRING, 0, 0, FALSE },
+ { NM_OPENVPN_KEY_FLOAT, G_TYPE_BOOLEAN, 0, 0, FALSE },
{ NM_OPENVPN_KEY_FRAGMENT_SIZE, G_TYPE_INT, 0, G_MAXINT, FALSE },
{ NM_OPENVPN_KEY_KEY, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_LOCAL_IP, G_TYPE_STRING, 0, 0, TRUE },
@@ -1028,6 +1029,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
if (tmp && !strcmp (tmp, "yes"))
add_openvpn_arg (args, "--comp-lzo");
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FLOAT);
+ if (tmp && !strcmp (tmp, "yes"))
+ add_openvpn_arg (args, "--float");
+
add_openvpn_arg (args, "--nobind");
/* Device and device type, defaults to tun */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
