Re: openvpn cmdline communication to NM

From: Martin Langhoff <martin langhoff gmail com>
To: Thomas Haller <thaller redhat com>
Cc: networkmanager-list gnome org
Subject: Re: openvpn cmdline communication to NM
Date: Tue, 14 Jun 2016 08:22:58 -0400

Hi Thomas,

thanks for the explanation. It generally matches my understanding of
the world :-)

The odd thing is: this is a vanilla client connection, all the details
are in ovpn file, I am connecting to OpenVPN servers. Import works,
but the connection fails to connect. Debugging it is, um, nontrivial.
It clearly tries, but it hasn't imported some setting or secret right.

You are right, NM starts the libexec binary.

I've tried to debug connections in the past, and the best I could do
was to replace /usr/libexec/nm-openvpn-server with a shell wrapper
that logged the debug output. It is a pita if you're not an NM
developer.

Is there a way in which openvpn, called from the commandline, can call
 /usr/libexec/nm-openvpn-service-openvpn-helper ? :-) probably not,
and you'll tell me I'm misguided.

:-}

cheers,



martin





On Tue, Jun 14, 2016 at 5:20 AM, Thomas Haller <thaller redhat com> wrote:

On Mon, 2016-06-13 at 12:46 -0400, Martin Langhoff wrote:

Hi List!

is there a practical way to get openvpn commandline to talk to NM to
have NM update resolv.conf with the DNS settings coming from the VPN
endpoint?

I regularly find in the field openvpn setups which refuse to work
well
with NM's openvpn support. Sometimes I can file the relevant bugs,
chase the whole thing down, etc. Sometimes I can't. I am not sure
what
complexities prevent a more straightforward import of ovpn files that
'just works', I can only bear witness that it has very rarely Just
Worked for me.

openvpn cli luckily always works. Is there a way to tell it to send
the right dbus msg?

thank you,


Hi,

when you use openvpn directly, you configure all it's options
explicitly, either via command line or .ovpn configration file.

When you use nm-openvpn plugin, you create a "connection" (profile) via
one of the client tools (nm-connection-editor, nmcli) or via import
from ovpn file. In any case, this does not understand every option,
because some are not implemented and others don't make sense in the
context of NetworkManager (e.g. running as server). Also, NM wants to
configure IP addressing and DNS itself, it does not allow openvpn to do
that.
Then, nm-openvpn spawns openvpn with command line arguments based on
the connection. openvpn doesn't communitcate via D-Bus. It gets
executed by nm-openvpn-service with command line options, and it calls
back to NM via
  --up /usr/libexec/nm-openvpn-service-openvpn-helper


If something doesn't work, then there is no other way then to open a bug about it and fix it in 
nm-openvpn/NetworkManager.


That said, import of ovpn file is supposed to just work. What didn't work for you there?


Thomas




-- 
 martin langhoff gmail com
 - ask interesting questions  ~  http://linkedin.com/in/martinlanghoff
 - don't be distracted        ~  http://github.com/martin-langhoff
   by shiny stuff

Follow-Ups:
- Re: openvpn cmdline communication to NM
  - From: Thomas Haller

References:
- openvpn cmdline communication to NM
  - From: Martin Langhoff
- Re: openvpn cmdline communication to NM
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]