RE: How to setup NM VPN ?

From: Dan Williams <dcbw redhat com>
To: Miguel Rozsas <marozsas hotmail com>
Cc: networkmanager-list <networkmanager-list gnome org>
Subject: RE: How to setup NM VPN ?
Date: Fri, 13 Feb 2009 11:36:47 -0500

On Fri, 2009-02-13 at 11:12 -0300, Miguel Rozsas wrote:
> > 
> > Ideally you wouldn't have to do that, we just need to do some work
> in
> > the NM-openvpn configuration dialog to detect that a PKCS#12
> certificate
> > has been loaded, and disable the other certificate options since the
> > PKCS#12 file contains all 3 required things.
> > 
> Yes. One big problem with this setup is there is no more need to type
> a pass-phrase to open the PKCS file anymore, and now, anyone which has
> access to this laptop could connect our VPN - no passwords are
> required !

The nm-openvpn plugin should  have support for asking for the private
key password every time if you encrypt the private key using OpenSSL.
If you do that, don't fill in the password in the configuration page,
but leave it blank.  The plugin should then ask you for the private key
password each time you connect to the VPN.

> > > and I had to setup the DNS by hand. NM did not updated the
> nameservers
> > > as informed by SW, using the defaults on IPV4 Settings tab. I had
> to
> > > change to "Automatic (VPN) addresses only to enable the DNS
> servers
> > > text field and I put the internal DNS servers for this VPN
> connection.
> > > The default router and IP address were set just fine.
> > 
> > DNS needs to be set up correctly on the OpenVPN server, which
> usually
> > gets passed through to the openvpn client using the "foreign-option"
> > environment variable.
> > 
> > If you've got a bit of time, could you dump the environment that
> openvpn
> > calls the helper script with so I can fix this bug? Basically the
> > following:
> > 
> 
> I am sorry for this. My mistake. I did what you told me and I could
> see in the "foreign-option" line what I did wrong. I used the char ":"
> as separator for the 2 dns server on SW/Zerina setup and it is not
> allowed ! (I didn't figure out yet what is the right separator but for
> sure it is not ":") - I removed the second dns server from SW/Zerina
> config page and NM-openvpn wrote a new /etc/resolv.conf as expected. 

Does using spaces work?  The nm-openvpn plugin will correctly parse a
foreign dhcp option where the DNS server addresses are space-separated.

> But, I had another NM issue related with DNS, not VPN. I hope you
> could help me to debug and to fix this too:
> Only when I connect to the internet using a GSM connection (USB modem
> Huawei E226) to out local GSM Internet provider (Claro), NM
> auto-detects and auto-configure the GSM conection and it conects with
> no problem, BUT the DNS servers are set wrong. This provider sends 2
> WINS servers and 3 DNS servers; The problem is NM use the WINS ip 

This could be a problem with pppd.  What version are you using?
ppp-2.4.5 is known to fix some DNS/WINS issues.

Dan

Follow-Ups:
- RE: How to setup NM VPN ?
  - From: Miguel Rozsas

References:
- How to setup NM VPN ?
  - From: Miguel Rozsas
- Re: How to setup NM VPN ?
  - From: Dan Williams
- RE: How to setup NM VPN ?
  - From: Miguel Rozsas
- RE: How to setup NM VPN ?
  - From: Dan Williams
- RE: How to setup NM VPN ?
  - From: Miguel Rozsas

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]