Bug 332691

Some more details?

If you run openvpn manually you can provide more options. So it would be great that KNM could provide some place to enter them. Without it, one of my openvpn connection is not possible.

I could attach piece of config for it.

Yes, please provide the config ;)

Helmut, full config file:

dev tun

client

remote vpn-gw.mat.uni.torun.pl 5100
nobind
route remote_host 255.255.255.255 net_gateway
route 158.75.2.0 255.255.255.0
route 158.75.12.0 255.255.255.0
route 192.168.128.0 255.255.255.0

ca cacert.pem
cert cert.pem
key key.pem

verb 1

Me too.

I've got an openVPN configuration file out of Astaros Firewall software and i am not able to setup the same thing with knetworkmanager.

openvpn from command line with this files and kvpnc with importing this file is working fine. But i don't like to do this with root permissions, so i want to use knetworkmanager.

I've tested a long time with the openvpn command issued by the networkmanager and need to add/remove these entries:

add:
--auth MD5 (listbox with [SHA1|MD5])
--tls-remote "<X.509-DN>" (textfield without entering "")


remove:
--ns-cert-type server (listbox with [none|server|client], with "none" the parameter must not be inserted!)

I cannot see these entries in ~/kde3/share/config/knetworkmanagerrc so i think they are hardcoded in /usr/bin/nm-openvpn-service, that's really bad!

How to solve this problem? Changing source by myself and recompiling nm-openvpn-service?

Regards

I am also running astaro firewalls, and have the same issues as Frank. I am running gnome on opensuse 10.3. I tried to put the values in gconf, but it crashes the applet every time (v 0.6.5) (Adding other stuff, such as port worked, but not this one).

--> rpm -aq |grep vpn
openvpn-2.0.9-44
NetworkManager-openvpn-gnome-0.3.2cvs20060202-173
NetworkManager-openvpn-0.3.2cvs20060202-173

To me, this is not an enhancement bug, but rather at least a minor/normal bug concerning the NM-openvpn add-on, as it crashes the applet.

Should I open another bug for this? Thanks.

Fred, I don't think adding custom config-keys to gconf is supported but you're right, nm-applet should not crash in that case.

Tambet, could you please comment on #6 please?

Just for info, I am running also a ubuntu 7.04 box at home, with the following setting in nm-openvpn:

# gconftool-2 -S vpn_data
 /system/networking/vpn_connections/Invik/vpn_data = [connection-type,x509userpass,dev,tun,remote,123.123.123.123,port,45678,proto,tcp-client,servercert-insecure,yes,ca,/home/fredb/.vpn/xxx.xxx.xxx.xxx.ca.crt,cert,/home/fredb/.vpn/xxx.xxx.xxx.xxx.user.crt,key,/home/fredb/.vpn/xxx.xxx.xxx.xxx.user.key,comp-lzo,yes,shared-key,,local-ip,,remote-ip,,username,fblaise,cipher,AES-256-CBC]

(Frank, this works with Astaro ;))

It works peachy. Under opensuse, if i import them:

# gconftool-2 -s /system/networking/vpn_connections/Invik/vpn_data --list-type string -t list "[connection-type,x509userpass,dev,tun,remote,123.123.123.123,port,45678,proto,tcp-client,servercert-insecure,yes,ca,/home/fredb/.vpn/xxx.xxx.xxx.xxx.ca.crt,cert,/home/fredb/.vpn/xxx.xxx.xxx.xxx.user.crt,key,/home/fredb/.vpn/xxx.xxx.xxx.xxx.user.key,comp-lzo,yes,shared-key,,local-ip,,remote-ip,,username,fblaise,cipher,AES-256-CBC]"

NM applet crashes, and the most eloquent message in the NM log is:
Mar 19 09:42:21 fredb-opensuse NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 6 -> 3.
Mar 19 09:42:21 fredb-opensuse NetworkManager: <WARN>  nm_vpn_service_process_signal(): VPN failed for service 'org.freedesktop.NetworkManager.openvpn', signal 'VPNConfigBad', with message 'The VPN login failed because the VPN configuration options were invalid.'.
Mar 19 09:42:21 fredb-opensuse NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 3 -> 6.

Maybe I really should open another bug, I am starting to pollute this one, originally for KNM... Sorry... :/

Commenting #6. Modifying gconf entries manually isn't a supported operation and if something breaks, you get to keep both pieces. NetworkManager allows a subset of openvpn configuration options because of security concerns - there are flags to run random files on the local disk as root. But that doesn't necessarily mean new options can't be added, it means to add new options, changes to code (as opposed to gconf) are needed.

Agreed. 

However, since some options are definitely needed (ie: at least port, tls-remote or servercert-insecure at least in my case and Frank's case) to make it work in many environment configurations, it'd be nice to see these options in.

In my current opensuse 10.3, NM-openvpn plug-in is definitly useless. On ubuntu, options port is present in the GUI, and adding servercert-insecure manually to gconf works. Adding tls-remote, however, makes it also crash.

Then, I guess a request for new options (advanced tab options maybe, including port, and tls-remote) should be made to make the plug-in actually usable in most environments.

Yes, that is what i mentioned!
For example: same options as kvpnd has!

This will not change for 10.3 and 11.0 anymore. But it maybe still could be done for 11.1.

KNetworkManager for KDE3 is not maintained any longer. Therefore I resolve all bugs that are still open as WONTFIX without looking at each single bug report.
If this bug deals already with KDE4 and is still in progress, then please apologize the mistake and feel free to reopen it.