Re: Fedora 10; openvpn plugin, treat tun devices as tap devices in relation to netmask (do not hardcode tun to /32)

From: Jonathan Petersson <Jonathan Petersson Sun COM>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org, Ove Everlid <ove everlid Sun COM>
Subject: Re: Fedora 10; openvpn plugin, treat tun devices as tap devices in relation to netmask (do not hardcode tun to /32)
Date: Mon, 23 Mar 2009 10:35:29 -0700

Hi Dan,

Just to follow up on the same thread (jpetersson garnser se), I justdid a quick bash-script requesting the $ifconfig_netmask variable uponconnection. This is successfully set, in our case we're using a /24subnet mask making $ifconfig_netmask result in 255.255.255.0 asexpected.

Hopefully I'll have some feedback from OpenVPN Technologies todayverifying the manual miss-print.


/Jonathan

On Mar 23, 2009, at 10:34 AM, Ove Everlid wrote:

Dan Williams wrote:
On Mon, 2009-03-23 at 02:07 +0100, Ove Everlid wrote:
Hi!
To connect to an OpenVPN server that uses tun-devices with a non /32 netmask one need this patch. I'm using NetworkManager underFedora 10 (same issues still exists in F11 alpha/rawhide).
So you're 100% sure that the server is configured to use tun mode,andthat it's sending a netmask, right? The OpenVPN manpage indicatesthat
'ifconfig_netmask' is only used with TAP mode.  Is the manpage not
correct?
Jonathan (CC) has contacted OpenVPN folks to have this verifieddirectly from them.The TUN interface has support for more features today,such as a non /32 netmask and I would suspect the manual page is lagging.
Ove
Dan
The patch is the quick fix but the special treatment of tun/taprelative network mask can be removed.
Question; will removing the tun /32 netmask hard coding causeother issues.
Ove
[root oehplap NetworkManager]# diff -c nm-openvpn-service-openvpn-helper.c nm-openvpn-service-openvpn-helper.c.fc10.orig*** nm-openvpn-service-openvpn-helper.c 2009-03-2222:13:35.227415799 +0100--- nm-openvpn-service-openvpn-helper.c.fc10.orig 2009-01-2818:38:30.000000000 +0100
***************
*** 339,345 ****
* TAP devices pass back the netmask, while TUN devices alwaysuse /32
  	 * since they are point-to-point.
  	 */
! 	if (tapdev || 1) {
  		tmp = getenv ("ifconfig_netmask");
  		if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) {
  			GValue *val;
--- 339,345 ----
* TAP devices pass back the netmask, while TUN devices alwaysuse /32
  	 * since they are point-to-point.
  	 */
! 	if (tapdev) {
  		tmp = getenv ("ifconfig_netmask");
  		if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) {
  			GValue *val;
[root oehplap NetworkManager]#
--
Ove Everlid
MySQL Senior Systems Architect
Mobile: +46706662363
Office: +4618174410 (Time Zone MET)
Skype handle: oveeve

References:
- Re: NM stops and doesn't connect
  - From: Cliff McDiarmid
- Fedora 10; openvpn plugin, treat tun devices as tap devices in relation to netmask (do not hardcode tun to /32)
  - From: Ove Everlid
- Re: Fedora 10; openvpn plugin, treat tun devices as tap devices in relation to netmask (do not hardcode tun to /32)
  - From: Dan Williams
- Re: Fedora 10; openvpn plugin, treat tun devices as tap devices in relation to netmask (do not hardcode tun to /32)
  - From: Ove Everlid

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]