knetworkmanager + openvpn connexion failed

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

knetworkmanager + openvpn connexion failed

Bruno Friedmann-2
Hi all,

we have to use a openvpn connexion with no username/password just x509 certificates
Options needed are the following

here the configuration : ( there's no value for the ta-key cert and direction is wrong 2 instead of 1 )

tab required settings
gateway : vpn.ioda,net
Connect type : x509 certificates
CA file : ca_public.pem
Certificate : c-3po..pem
Key : c-3po.ukey.pm

tab optionnl settings
Gateway port : auto
use lzo compression checked
use tcp connection not-checked
use tap connection not-checked

tab optionnal security
Cipher : AES-256-CBC
Hmac : SHA-1

tab optionnal TLS settings ( you need to click on the right > in order to see it )
check : use additionnal tls authentification
key : ta-key.pem
Key direction : 1 ( for client , 0 is normally serveur ) no other value possible

here the resulted config file : which is incomplete

[connection]
autoconnect=false
icon=nm-vpn-connecting13
id=ioda-VPN
timestamp=-4713,1,1,0,0,0
type=vpn
uuid={3beb3f70-bcc3-436c-a13f-a487511f7665}

[vpn]
Data=auth,SHA1,ca,file:///home/bruno/.openvpn/ioda_ca.public.pem,cert,file:///home/bruno/.openvpn/c-3po.pem,cipher,AES-256-CBC,comp-lzo,yes,connection-type,tls,key,file:///home/bruno/.openvpn/c-3po.ukey.pem,proto-tcp,no,remote,vpn.ioda.net,ta-dir,2,tap-dev,no
PluginName=networkmanagement_openvpnui
ServiceType=org.freedesktop.NetworkManager.openvpn
UserName=



here the result in NetworkManager.log when we try to setup the connexion.

ep 23 07:53:48 c-3po NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Sep 23 07:53:48 c-3po NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started
(org.freedesktop.NetworkManager.openvpn), PID 32749
Sep 23 07:53:48 c-3po NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating
connections
Sep 23 07:53:48 c-3po NetworkManager: <info>  VPN plugin state changed: 3
Sep 23 07:53:48 c-3po NetworkManager: <info>  VPN connection 'sigeom-VPN' (Connect) reply received.
Sep 23 07:53:48 c-3po NetworkManager: <WARN>  nm_vpn_connection_connect_cb(): VPN connection 'sigeom-VPN' failed to connect:
'invalid integer property 'ta-dir' or out of range [0 -> 1]'.
Sep 23 07:53:48 c-3po NetworkManager: <WARN>  connection_state_changed(): Could not process the request because no VPN
connection was active.
Sep 23 07:53:48 c-3po NetworkManager: <debug> [1253685228.068716] run_netconfig(): Spawning '/sbin/netconfig modify --service
NetworkManager'
Sep 23 07:53:48 c-3po NetworkManager: <debug> [1253685228.085836] write_to_netconfig(): Writing to netconfig: INTERFACE='eth0'
Sep 23 07:53:48 c-3po NetworkManager: <debug> [1253685228.086139] write_to_netconfig(): Writing to netconfig:
DNSSEARCH='vellerat.ioda.net vellerat.ioda.net'
Sep 23 07:53:48 c-3po NetworkManager: <debug> [1253685228.086338] write_to_netconfig(): Writing to netconfig:
DNSSERVERS='192.168.105.129 213.251.137.104 213.251.136.104'
Sep 23 07:53:48 c-3po NetworkManager: <info>  Clearing nscd hosts cache.
Sep 23 07:53:48 c-3po NetworkManager: <info>  Policy set 'System eth0' (eth0) as default for routing and DNS.
Sep 23 07:54:00 c-3po NetworkManager: <debug> [1253685240.074873] ensure_killed(): waiting for vpn service pid 32749 to exit
Sep 23 07:54:00 c-3po NetworkManager: <debug> [1253685240.075062] ensure_killed(): vpn service pid 32749 cleaned up


here the list of used packages ( today updated )
NetworkManager-0.7.0.r4359-15.2.2
NetworkManager-glib-0.7.0.r4359-15.2.2
NetworkManager-pptp-0.7.0.r4274-2.9
NetworkManager-vpnc-kde4-0.9.svn1023237-108.1
NetworkManager-kde4-lang-0.9.svn1023237-108.1
cnetworkmanager-0.8.0.1-0.1.1
NetworkManager-openvpn-0.7.0.r4274-1.21
NetworkManager-pptp-gnome-0.7.0.r4274-2.9
NetworkManager-kde4-libs-0.9.svn1023237-108.1
NetworkManager-openvpn-kde4-0.9.svn1023237-108.1
NetworkManager-kde4-0.9.svn1023237-108.1
NetworkManager-vpnc-0.7.0.r4274-1.23

on a opensuse 11.1 with kde factory.

I will give it a try also on the 11.2 M7 test machine this afternoon.




--

     Bruno Friedmann

Ioda-Net Sàrl
  2830 Vellerat - Switzerland

--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: knetworkmanager + openvpn connexion failed

Bruno Friedmann-2
Bruno Friedmann wrote:

> Hi all,
>
> we have to use a openvpn connexion with no username/password just x509 certificates
> Options needed are the following
>
> here the configuration : ( there's no value for the ta-key cert and direction is wrong 2 instead of 1 )
>
> tab required settings
> gateway : vpn.ioda,net
> Connect type : x509 certificates
> CA file : ca_public.pem
> Certificate : c-3po..pem
> Key : c-3po.ukey.pm
>
> tab optionnl settings
> Gateway port : auto
> use lzo compression checked
> use tcp connection not-checked
> use tap connection not-checked
>
> tab optionnal security
> Cipher : AES-256-CBC
> Hmac : SHA-1
>
> tab optionnal TLS settings ( you need to click on the right > in order to see it )
> check : use additionnal tls authentification
> key : ta-key.pem
> Key direction : 1 ( for client , 0 is normally serveur ) no other value possible
>
> here the resulted config file : which is incomplete
>
> [connection]
> autoconnect=false
> icon=nm-vpn-connecting13
> id=ioda-VPN
> timestamp=-4713,1,1,0,0,0
> type=vpn
> uuid={3beb3f70-bcc3-436c-a13f-a487511f7665}
>
> [vpn]
> Data=auth,SHA1,ca,file:///home/bruno/.openvpn/ioda_ca.public.pem,cert,file:///home/bruno/.openvpn/c-3po.pem,cipher,AES-256-CBC,comp-lzo,yes,connection-type,tls,key,file:///home/bruno/.openvpn/c-3po.ukey.pem,proto-tcp,no,remote,vpn.ioda.net,ta-dir,2,tap-dev,no
> PluginName=networkmanagement_openvpnui
> ServiceType=org.freedesktop.NetworkManager.openvpn
> UserName=
>
>
>
> here the result in NetworkManager.log when we try to setup the connexion.
>
> ep 23 07:53:48 c-3po NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
> Sep 23 07:53:48 c-3po NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started
> (org.freedesktop.NetworkManager.openvpn), PID 32749
> Sep 23 07:53:48 c-3po NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating
> connections
> Sep 23 07:53:48 c-3po NetworkManager: <info>  VPN plugin state changed: 3
> Sep 23 07:53:48 c-3po NetworkManager: <info>  VPN connection 'sigeom-VPN' (Connect) reply received.
> Sep 23 07:53:48 c-3po NetworkManager: <WARN>  nm_vpn_connection_connect_cb(): VPN connection 'sigeom-VPN' failed to connect:
> 'invalid integer property 'ta-dir' or out of range [0 -> 1]'.
> Sep 23 07:53:48 c-3po NetworkManager: <WARN>  connection_state_changed(): Could not process the request because no VPN
> connection was active.
> Sep 23 07:53:48 c-3po NetworkManager: <debug> [1253685228.068716] run_netconfig(): Spawning '/sbin/netconfig modify --service
> NetworkManager'
> Sep 23 07:53:48 c-3po NetworkManager: <debug> [1253685228.085836] write_to_netconfig(): Writing to netconfig: INTERFACE='eth0'
> Sep 23 07:53:48 c-3po NetworkManager: <debug> [1253685228.086139] write_to_netconfig(): Writing to netconfig:
> DNSSEARCH='vellerat.ioda.net vellerat.ioda.net'
> Sep 23 07:53:48 c-3po NetworkManager: <debug> [1253685228.086338] write_to_netconfig(): Writing to netconfig:
> DNSSERVERS='192.168.105.129 213.251.137.104 213.251.136.104'
> Sep 23 07:53:48 c-3po NetworkManager: <info>  Clearing nscd hosts cache.
> Sep 23 07:53:48 c-3po NetworkManager: <info>  Policy set 'System eth0' (eth0) as default for routing and DNS.
> Sep 23 07:54:00 c-3po NetworkManager: <debug> [1253685240.074873] ensure_killed(): waiting for vpn service pid 32749 to exit
> Sep 23 07:54:00 c-3po NetworkManager: <debug> [1253685240.075062] ensure_killed(): vpn service pid 32749 cleaned up
>
>
> here the list of used packages ( today updated )
> NetworkManager-0.7.0.r4359-15.2.2
> NetworkManager-glib-0.7.0.r4359-15.2.2
> NetworkManager-pptp-0.7.0.r4274-2.9
> NetworkManager-vpnc-kde4-0.9.svn1023237-108.1
> NetworkManager-kde4-lang-0.9.svn1023237-108.1
> cnetworkmanager-0.8.0.1-0.1.1
> NetworkManager-openvpn-0.7.0.r4274-1.21
> NetworkManager-pptp-gnome-0.7.0.r4274-2.9
> NetworkManager-kde4-libs-0.9.svn1023237-108.1
> NetworkManager-openvpn-kde4-0.9.svn1023237-108.1
> NetworkManager-kde4-0.9.svn1023237-108.1
> NetworkManager-vpnc-0.7.0.r4274-1.23
>
> on a opensuse 11.1 with kde factory.
>
> I will give it a try also on the 11.2 M7 test machine this afternoon.
>
>
>
>

Could anybody tell me how we can have svn1028493 into the kde package ( especially for the kde-Networkmanager )
I would confirm the https://bugs.kde.org/show_bug.cgi?id=205894 as status closed.

actually (update yesterday ) have only NetworkManager-vpnc-kde4-0.9.svn1028043-111.1
in repository ...


--

     Bruno Friedmann

--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]