Re: Setting openVPN options

From: Dan Williams <dcbw redhat com>
To: Volker Kuhlmann <list0570 paradise net nz>
Cc: networkmanager-list gnome org
Subject: Re: Setting openVPN options
Date: Fri, 24 Feb 2012 14:15:34 -0600

On Wed, 2012-02-22 at 00:16 +1300, Volker Kuhlmann wrote:
> On Tue 21 Feb 2012 16:12:52 NZDT +1300, Bin Li wrote:
> 
> Hi,
> 
> > > Network manager dies trying to establish an openVPN connection because
> > > it uses the wrong openVPN options. How can I change the openVPN options
> > > used by NM? I need to add some and remove some.
> > Which option? Some options could be set in nm-connection-editor.
> 
> There appears to be no nm-connection-editor program. If you mean the 

Are you using KDE or some other desktop environment?
nm-connection-editor is the GTK-based NM configuration program, so it
probably wouldn't be installed on a non-GNOME system.  Ideally the DE
you're running has the same functionality though.

> pop-up from a click on the panel applet and then "manage connections", 
> what can be edited in there is poor compared with what openvpn
> understands. Critically, there is no text input pane that accepts any
> option.
> 
> Back to the question: Is there any other way for me to set options with
> which nm runs openvpn?

Other than the options that are provided in the UI, you can edit the
configuration file in which the VPN connection settings are stored.
Otherwise there is no other way; there is intentionally no text entry
for arbitrary options, because openvpn runs as root, and that's a pretty
big security risk to allow unprivileged users to enter whatever options
they want that get read by a root-level daemon.  Even if/when we do
switch to doing something like sandboxing the daemon, having a text edit
box isn't great UI and isn't very helpful for users.  Instead, we take a
more measured approach; if there's a setting that people need, we figure
out how to add it to the UI in a logical and usable manner.

> > > And is it possible to get the output from openVPN properly? What it
> > > writes to syslog is no where near sufficient and basically not useful
> > > for debugging this sort of problem.
> > http://live.gnome.org/NetworkManager/Debugging
> > Hope it helpful.
> 
> It shows the arguments to openvpn that are actually used - good. But
> what's needed it the *openvpn* output with verb 3 or 4, because that's
> what's failing to establish connection, not nm.

Running nm-openvpn-service --persist --debug will run openvpn with
"--verb 10" which will also show the verb3/verb4 output.  Is that nto
working for you?

Dan

Follow-Ups:
- Re: Setting openVPN options
  - From: Volker Kuhlmann

References:
- Setting openVPN options
  - From: Volker Kuhlmann
- Re: Setting openVPN options
  - From: Bin Li
- Re: Setting openVPN options
  - From: Volker Kuhlmann

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]