Re: openvpn and network manager



On Fri, 2008-05-30 at 11:59 +0300, Dimitris Zilaskos wrote:
> I have tried removing the ns-cert-type from the nm-openvpn-service.c file.
> Thus I have successfully connected to my openvpn server using x509 
> authentication. However I am facing another issue now: routes are not 
> pushed, or if they are, they are ignored Here is the log:


They are pushed, but ignored. Like the situation with openvpn TAP
connections, we don't have a way to push these server supplied routes
from the VPN plugin back into NetworkManager's core. It's on my TODO
list to get this working.

By default, NetworkManager will route all traffic through the VPN, so
the server supplied routes with a TUN connection are usually moot (as
long as the VPN gateway knows how to route things properly). If you
don't want to route all traffic through the VPN, you can manually
specify which subnets should be routed through the VPN in the advanced
properties dialog.


Dan: Attached is a patch (against svn rev 3712) which removes the
'--ns-cert-type server' argument from the openvpn service. I was not
able to test this. (Does NM require polkit, or can it be disabled?).


-casey

Index: NetworkManager/vpn-daemons/openvpn/src/nm-openvpn-service.c
===================================================================
--- NetworkManager.orig/vpn-daemons/openvpn/src/nm-openvpn-service.c
+++ NetworkManager/vpn-daemons/openvpn/src/nm-openvpn-service.c
@@ -474,8 +474,6 @@ nm_openvpn_start_openvpn_binary (NMOpenv
 	switch (connection_type) {
 	case NM_OPENVPN_CONTYPE_X509:
 		g_ptr_array_add (openvpn_argv, (gpointer) "--client");
-		g_ptr_array_add (openvpn_argv, (gpointer) "--ns-cert-type");
-		g_ptr_array_add (openvpn_argv, (gpointer) "server");
 
 		tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CA);
 		if (tmp) {
@@ -525,8 +523,6 @@ nm_openvpn_start_openvpn_binary (NMOpenv
 	case NM_OPENVPN_CONTYPE_PASSWORD:
 		/* Client mode */
 		g_ptr_array_add (openvpn_argv, (gpointer) "--client");
-		g_ptr_array_add (openvpn_argv, (gpointer) "--ns-cert-type");
-		g_ptr_array_add (openvpn_argv, (gpointer) "server");
 		/* Use user/path authentication */
 		g_ptr_array_add (openvpn_argv, (gpointer) "--auth-user-pass");
 
@@ -539,8 +535,6 @@ nm_openvpn_start_openvpn_binary (NMOpenv
 
 	case NM_OPENVPN_CONTYPE_X509USERPASS:
 		g_ptr_array_add (openvpn_argv, (gpointer) "--client");
-		g_ptr_array_add (openvpn_argv, (gpointer) "--ns-cert-type");
-		g_ptr_array_add (openvpn_argv, (gpointer) "server");
 
 		tmp = g_hash_table_lookup (properties, NM_OPENVPN_KEY_CA);
 		if (tmp) {


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]