Em Monday 27 February 2012, Volker Kuhlmann escreveu: > On Sun 26 Feb 2012 05:38:58 NZDT +1300, Lamarque V. Souza wrote: > > Which openvpn version do you use? > > openvpn-2.2.1-18.1.2.x86_64
I use 2.2.0 here.
> openSUSE 12.1
With Gentoo.
> > I am not aware of this problem (I am the responsible for Plasma NM, the > > > > KDE applet for NetworkManager). I have just check it here and my wifi > > connection stays in the plasmoid and the kcm (Manage Connections") lists > > after I disconnect it. > > For debugging all of this I intentionally disconnect the wifi connection > by clicking on the panel applet icon, which shows a connection summary > with connection list on the left and the configured NM connections and > fond APs on the right. Click on the white X with the red round > background in the top right corner of each connection drops the > connection, and removes the wifi connections (all of them) from the > right side. It happens every single time. Immediately after that, an > iwlist wlan0 scan shows the closest AP (mine) immediately, but the AP > list on the right is not populated again for quite some time afterwards. > As the list is empty, one can't click on it to start the connection > again. It's often faster to turn off "enable wireless" and turn it on > again immediately.
This look like kded4 or NetworkManager crashed when you disconnected the wifi connection. By the fact that the AP list is not populated for some time I guess it was NetworkManager. kded4 restarts itself when it crashes, so if it was kded4 the list should have been re-populated some seconds later. Can you send me NetworkManager's log and ~/.xsession-errors file?
> Wifi driver is broadcom wl (apologies, not one I'd have chosen).
I used to have my problems with broadcom drivers. Fortunately my broadcom card is now supported by native driver.
> > > Sure there is a security issue to deal with, but given that NM asks for > > > a root password each time there's a change to the connection settings I > > > don't see any security *problem* here. > > > > The problem is implemeting in NM all the checks to make sure the options > > > > are safe. NM cannot just pass them to openvpn daemon. > > Sorry, NM asks for the *root* password here. Safety checks no longer > exist.
Why do they no longer exist? Running as root does not mean the program should take any parameter without checking it.
> It's ironic that the insistence on checks leads to a less-secure program > that is incapable of putting in the one security option I insist I have > in there. openvpn warns loudly if it's missing. Keyword MITM.
Which option is that? If it is always required it should not even be an option.
> > auto-connect for VPN is not implemented in NM as far as I know. There > > > > are some scripts from users in this mailing list to do just that. I have > > never tested them though. > > The autoconnect tickbox is still there for VPN. Even if it didn't work, > I'd be happy to be able to manually click on the connection name to get > it started.
That works as long as you have another non-VPN connection already started.
> > I can delete routes. > > I'm all ears. What's the trick?
For my scenario above where I just do not want the VPN to set the default route you should do the following (all in the IPv4 tab in the connection editor):
. in Basic settings mark Method as "Automatic (VPN) addresses only". This option makes NM sets up only network address, netmask and IP address, and no routes.
. in Routes check "Use only for resources on this connection"
My VPN sets the local network 10.0.0.0/24 but I also need to access a different internal network (192.168.0.0/24), so I add a new route for it. That works for me, the problem is that I need to do two things and most people believe that just checking "Use only for resources on this connection" is enough to set up a VPN connection that does not set the default route.
> > > * NM starts openvpn with an openvpn option that causes the vpn to stop > > > dead halfway through the startup. Impossible to fix with NM. > > > > Which option is that? > > To be honest I'm reluctant to say, because it gains nothing. It's > pointless to deal with one particular option while ignoring the other 3.
If the option should not be used how do you think someone could remove it from NM without knowing each one it is?
> I've cranked up kvpnc, which is pretty annoyingly buggy, but differs > from NM in one crucial point: it gets the job done. The alternative is > to manually create an openvpn config file (done that by now) and a > 1-line script for convenience. Needs a root login (as does kvpnc), but > it's lightning fast to the alternatives.
Ok then, good that the other alternatives work.
-- Lamarque V. Souza KDE's Network Management maintainer http://planetkde.org/pt-br |