Re: Problems with OpenVPN client conf having several remotes

From: Samuel Le Thiec <sltrash posteo net>
To: networkmanager-list gnome org
Subject: Re: Problems with OpenVPN client conf having several remotes
Date: Tue, 29 Jun 2021 14:29:51 +0000

On Mon, 2021-06-14 at 17:52 +0000, Samuel Le Thiec via networkmanager-list wrote:

Hello again:)

I encountered two problems with an openvpn client conf having several remotes.

The first problem occurs when importing a openvpn client config having multiple remotes
mixing udp & tcp and using the "implicit udp syntax":

$ grep ^remote openvpn.conf
remote ovpn.mydomain.com
remote ovpn.mydomain.com 53
remote ovpn.mydomain.com 1194 tcp

When imported in Network Manager, this translates to (in the vpn settings: Identity →
General → Gateway) :
ovpn.mydomain.com, ovpn.mydomain.com:53, ovpn.mydomain.com:1194:tcp

When I try to enable the vpn connection, it goes back to being disabled immediately. Here
is the error message I can see in the journal:
Options error: --explicit-exit-notify can only be used with --proto udp

Now, if I change the gateway vpn setting to:
ovpn.mydomain.com:1194:udp, ovpn.mydomain.com:53:udp, ovpn.mydomain.com:1194:tcp

Then, I can enable the vpn and it looks like it's working...

**BUT**

When I look closer, the fallback/try on the other remotes does not seem to work: on the
journal, I can see the tries on the first remote (IPv6, then IPv4), then I see this log
entry:

Jun 14 19:44:31 nsfw nm-openvpn-serv[333567]: Connect timer expired, disconnecting.

This "fallback mechanism" works fine when invoking openvpn directly. Is there something
else to do to have it working with Network Manager?

Hello,

I just would like to make sure this message does not get lost in the way.

Let me summarise it, I think there is two problems with the openvpn functionnality within Network Manager :

When importing an openvpn config file: NM can't start a openvpn 'connection' with a remote using implicit UDP notation and a tcp (server1:port1 server2:port2:tcp) (see above)
The fallback mechanism does not seem to work with NetworkManager, probably because it takes too long and NM tags the connection as failing: is there a way to force it to continue trying indefinitely?

Thank you,

samuel

Any help greatly appreciated!

Thanks,

samuel

PS: I'm using:

$ NetworkManager --version
1.30.4-1.fc34

_______________________________________________
networkmanager-list mailing list
networkmanager-list gnome org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

References:
- Problems with OpenVPN client conf having several remotes
  - From: Samuel Le Thiec

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]