Re: [PATCH] vpn-connection: lack of ipv4 config in remote VPN is not fatal



On 16/11/2015 18:12, Lubomir Rintel wrote:
On Thu, 2015-11-05 at 12:44 +0100, Rafaël Carré wrote:
Hello,

On 05/11/2015 12:31, Lubomir Rintel wrote:
Thanks for the patch, Rafaël.

I'm not sure it's correct, though. The VPN plugin probably should
probably only emit "Config" signal and not "IP4Config" when it has
no
IPv4 configuration.

You tell me :)

I've committed a slightly modified version of the patch to the NM-
openvpn master.

I'm wondering if you could try it out and see if it works for you?

Finally got to try it, it doesn't work, the helper fails with:

(process:25280): nm-openvpn-WARNING **: No IP4 netmask/prefix (missing
or invalid 'ifconfig_netmask')

(process:25280): nm-openvpn-WARNING **:
nm-openvpn-service-openvpn-helper did not receive a valid IPv4 or IPv6
configuration from openvpn


What configuration are you using the openvpn plugin in? A IPv6-only
setup?

static IPv4 only, the server does not send an IP.

Here is my local OpenVPN config:
-----------------------------------------------
client
dev tap
proto udp
remote vpn.example.com 1194
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
cipher none
auth-user-pass
ca ca.pem

comp-lzo

ifconfig 192.168.123.11 255.255.255.0

verb 4
mute 20
-----------------------------------------------

And here is the file created in /etc/NetworkManager/system-connections/
-----------------------------------------------
[connection]
id=VPN connection 1
uuid=d5fb8899-39e5-453d-8e72-21fa6606ad16
type=vpn
autoconnect=false
permissions=
secondaries=

[vpn]
connection-type=password
password-flags=1
remote=vpn.example.com
cipher=none
comp-lzo=yes
dev-type=tap
username=username
ca=/path/to/ca.pem
service-type=org.freedesktop.NetworkManager.openvpn

[ipv4]
address1=192.168.123.11/24
dns-search=
method=manual

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=ignore
-----------------------------------------------

As you see ipv4.address1 is set but NM is still expecting an ip to be
sent by the remote openvpn server instead of using that one.

Thanks,
Lubo



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]