Re: NM-OpenVPN 0.3.0

From: Ryan Skadberg <skadz1 gmail com>
To: tim niemueller de
Cc: NetworkManager-list gnome org
Subject: Re: NM-OpenVPN 0.3.0
Date: Mon, 5 Dec 2005 23:37:56 -0500

One more.

I seem to have to enter a password to unlock my PEM. If I just do straight cert, I get this:

Dec 5 20:09:59 codewarrior nm-openvpn[2928]: Cannot load private key file /home/skadz/Work/VPN/skadz.key: error:0906A068:PEM routines:PEM_do_header:bad password read: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

So, I tried running the command line that the plugin runs (switching the protocol to tcp) and then looked at the local management server, it asks for my password this way:

>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
>PASSWORD:Need 'Private Key' password

And I then need to send this:

password "Private Key" mypasswordhere

To which it responds:

SUCCESS: 'Private Key' password entered, but not yet verified

Looking at the code, NM doesn't seem to handle a private key, it just seems to handle a username/password combination that is then sent to the local management server.

Any chance we can get support for this added in? Wish I were a better C coder, but that should give you the information you might need. Please let me know if you need something more.

Thanks for all the work on this!
Skadz

On 12/5/05, Ryan Skadberg <skadz1 gmail com> wrote:

A quick request, can we add the ability to pick the protocol? Seems as if I use TCP and default is UDP and there is no option to pick TCP, so I can't seem to use this yet. I get a cannot connect to server error.

Skadz

On 12/5/05, Tim Niemueller < tim niemueller de> wrote:
I have just checked in NM-OpenVPN 0.3.0.

It contains support for a new connection type "X.509 with Password
Authentication" which basically merges the existing X.509 and Password
Authentications into one connection type as requested.

It also supports using the TAP device instead of TUN. Sorry Crispin, I
had already some code before I got your patch. Since I try to stick as
close as possible with the VPN parameters saved in GConf to the actual
OpenVPN option names I added a new parameter dev which now carries tun
or tap. Old configs will still work, if this parameter has not been set
(which is only possible if you used a version prior to 0.3.0 to
create/edit a configuration) it will default to tun.

I applied your other patch that fixes the problem that the GIOChannel
was not closed properly. Thanks for that! I have also added the syslog
parameter. It looks that I just thought that I used this as the code
looked before...

Please try again and let me know if it works for you. I will update my
Website with a new example configuration for the new mode now.

Tim

--
Tim Niemueller < tim niemueller de> www.niemueller.de
=================================================================
Imagination is more important than knowledge. (Albert Einstein)

_______________________________________________
NetworkManager-list mailing list
NetworkManager-list gnome org
http://mail.gnome.org/mailman/listinfo/networkmanager-list

Follow-Ups:
- Re: NM-OpenVPN 0.3.0
  - From: Tim Niemueller

References:
- NM-OpenVPN 0.3.0
  - From: Tim Niemueller
- Re: NM-OpenVPN 0.3.0
  - From: Ryan Skadberg

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]