Re: openvpn and network manager

[Dan Williams <dcbw redhat com>]

On Fri, 2008-05-30 at 09:37 -0500, Casey Harkins wrote:
> On Fri, 2008-05-30 at 11:59 +0300, Dimitris Zilaskos wrote:
> > I have tried removing the ns-cert-type from the nm-openvpn-service.c file.
> > Thus I have successfully connected to my openvpn server using x509 
> > authentication. However I am facing another issue now: routes are not 
> > pushed, or if they are, they are ignored Here is the log:
> 
> 
> They are pushed, but ignored. Like the situation with openvpn TAP
> connections, we don't have a way to push these server supplied routes
> from the VPN plugin back into NetworkManager's core. It's on my TODO
> list to get this working.

Tambet's got a patch cleaning up the route stuff in the NMIP4Config
object.  What's left is if the plugin has routes, we should add another
key to the dict that the plugin sends back to NM to hold the routes from
the VPN concentrator.

> By default, NetworkManager will route all traffic through the VPN, so
> the server supplied routes with a TUN connection are usually moot (as
> long as the VPN gateway knows how to route things properly). If you
> don't want to route all traffic through the VPN, you can manually
> specify which subnets should be routed through the VPN in the advanced
> properties dialog.
> 
> 
> Dan: Attached is a patch (against svn rev 3712) which removes the
> '--ns-cert-type server' argument from the openvpn service. I was not

r3713, thanks!

> able to test this. (Does NM require polkit, or can it be disabled?).

We're going to require PK for lockdown and authorization of editing
system connections and such, and eventually for checking whether the
user actually has authorization to change network connections at all...
so yeah.  Are you on Slackware or something?

Dan