Hello, I am missing an option to pass the "--float" parameter to OpenVPN from network-manager-openvpn so I cooked a small patch that adds a checkbox under advanced options. "--float" when specified with "--remote" allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new address will take control of the session. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client. Could you merge it upstream? Thanks in advance! Regards.
From bf1d3f07b35e83ac4a54ce06bf8bd580c972f483 Mon Sep 17 00:00:00 2001
From: Carlos Alberto Lopez Perez <clopez igalia com>
Date: Tue, 2 Nov 2010 18:04:59 +0100
Subject: [PATCH] Add checkbox to pass the --float option in OpenVPN
* Essentially, --float tells OpenVPN to accept authenticated packets from
any address, not only the address which was specified in the --remote
option. This allows remote peer to change its IP address and/or port
number. This is useful when you are connecting to a peer which holds
a dynamic address such as a dial-in user or DHCP client.
---
properties/auth-helpers.c | 11 +++++++++++
properties/nm-openvpn-dialog.glade | 14 ++++++++++++++
src/nm-openvpn-service.c | 5 +++++
src/nm-openvpn-service.h | 1 +
4 files changed, 31 insertions(+), 0 deletions(-)
diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c
index 631be2b..09b7a0e 100644
--- a/properties/auth-helpers.c
+++ b/properties/auth-helpers.c
@@ -841,6 +841,7 @@ static const char *advanced_keys[] = {
NM_OPENVPN_KEY_PORT,
NM_OPENVPN_KEY_COMP_LZO,
NM_OPENVPN_KEY_MSSFIX,
+ NM_OPENVPN_KEY_FLOAT,
NM_OPENVPN_KEY_TUNNEL_MTU,
NM_OPENVPN_KEY_FRAGMENT_SIZE,
NM_OPENVPN_KEY_TAP_DEV,
@@ -1389,6 +1390,12 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_FLOAT);
+ if (value && !strcmp (value, "yes")) {
+ widget = glade_xml_get_widget (xml, "float_checkbutton");
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
+ }
+
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_PROTO_TCP);
if (value && !strcmp (value, "yes")) {
widget = glade_xml_get_widget (xml, "tcp_checkbutton");
@@ -1581,6 +1588,10 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog, GError **error)
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_MSSFIX), g_strdup ("yes"));
+ widget = glade_xml_get_widget (xml, "float_checkbutton");
+ if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
+ g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_FLOAT), g_strdup ("yes"));
+
widget = glade_xml_get_widget (xml, "tcp_checkbutton");
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, g_strdup (NM_OPENVPN_KEY_PROTO_TCP), g_strdup ("yes"));
diff --git a/properties/nm-openvpn-dialog.glade b/properties/nm-openvpn-dialog.glade
index 78cc383..1f9e5d9 100644
--- a/properties/nm-openvpn-dialog.glade
+++ b/properties/nm-openvpn-dialog.glade
@@ -1107,6 +1107,20 @@
<property name="position">7</property>
</packing>
</child>
+ <child>
+ <widget class="GtkCheckButton" id="float_checkbutton">
+ <property name="label" translatable="yes">Accept authenticated packets from any address (_Float)</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="use_underline">True</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="position">8</property>
+ </packing>
+ </child>
</widget>
</child>
<child>
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 8ac0d26..bb3326f 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -99,6 +99,7 @@ static ValidProperty valid_properties[] = {
{ NM_OPENVPN_KEY_CIPHER, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_COMP_LZO, G_TYPE_BOOLEAN, 0, 0, FALSE },
{ NM_OPENVPN_KEY_CONNECTION_TYPE, G_TYPE_STRING, 0, 0, FALSE },
+ { NM_OPENVPN_KEY_FLOAT, G_TYPE_BOOLEAN, 0, 0, FALSE },
{ NM_OPENVPN_KEY_FRAGMENT_SIZE, G_TYPE_INT, 0, G_MAXINT, FALSE },
{ NM_OPENVPN_KEY_KEY, G_TYPE_STRING, 0, 0, FALSE },
{ NM_OPENVPN_KEY_LOCAL_IP, G_TYPE_STRING, 0, 0, TRUE },
@@ -802,6 +803,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
if (tmp && !strcmp (tmp, "yes"))
add_openvpn_arg (args, "--comp-lzo");
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_FLOAT);
+ if (tmp && !strcmp (tmp, "yes"))
+ add_openvpn_arg (args, "--float");
+
add_openvpn_arg (args, "--nobind");
/* Device, either tun or tap */
diff --git a/src/nm-openvpn-service.h b/src/nm-openvpn-service.h
index d503f4e..655280f 100644
--- a/src/nm-openvpn-service.h
+++ b/src/nm-openvpn-service.h
@@ -44,6 +44,7 @@
#define NM_OPENVPN_KEY_CIPHER "cipher"
#define NM_OPENVPN_KEY_COMP_LZO "comp-lzo"
#define NM_OPENVPN_KEY_CONNECTION_TYPE "connection-type"
+#define NM_OPENVPN_KEY_FLOAT "float"
#define NM_OPENVPN_KEY_FRAGMENT_SIZE "fragment-size"
#define NM_OPENVPN_KEY_KEY "key"
#define NM_OPENVPN_KEY_LOCAL_IP "local-ip" /* ??? */
--
1.7.1
Attachment:
signature.asc
Description: OpenPGP digital signature