Hi Thomas, thanks for the explanation. It generally matches my understanding of the world :-)
The odd thing is: this is a vanilla client connection, all the details are in ovpn file, I am connecting to OpenVPN servers. Import works, but the connection fails to connect. Debugging it is, um, nontrivial. It clearly tries, but it hasn't imported some setting or secret right. You are right, NM starts the libexec binary. I've tried to debug connections in the past, and the best I could do was to replace /usr/libexec/nm-openvpn-server with a shell wrapper that logged the debug output. It is a pita if you're not an NM developer. Is there a way in which openvpn, called from the commandline, can call /usr/libexec/nm-openvpn-service-openvpn-helper ? :-) probably not, and you'll tell me I'm misguided. :-} cheers, martin On Tue, Jun 14, 2016 at 5:20 AM, Thomas Haller <thal...@redhat.com> wrote: > On Mon, 2016-06-13 at 12:46 -0400, Martin Langhoff wrote: >> Hi List! >> >> is there a practical way to get openvpn commandline to talk to NM to >> have NM update resolv.conf with the DNS settings coming from the VPN >> endpoint? >> >> I regularly find in the field openvpn setups which refuse to work >> well >> with NM's openvpn support. Sometimes I can file the relevant bugs, >> chase the whole thing down, etc. Sometimes I can't. I am not sure >> what >> complexities prevent a more straightforward import of ovpn files that >> 'just works', I can only bear witness that it has very rarely Just >> Worked for me. >> >> openvpn cli luckily always works. Is there a way to tell it to send >> the right dbus msg? >> >> thank you, > > Hi, > > when you use openvpn directly, you configure all it's options > explicitly, either via command line or .ovpn configration file. > > When you use nm-openvpn plugin, you create a "connection" (profile) via > one of the client tools (nm-connection-editor, nmcli) or via import > from ovpn file. In any case, this does not understand every option, > because some are not implemented and others don't make sense in the > context of NetworkManager (e.g. running as server). Also, NM wants to > configure IP addressing and DNS itself, it does not allow openvpn to do > that. > Then, nm-openvpn spawns openvpn with command line arguments based on > the connection. openvpn doesn't communitcate via D-Bus. It gets > executed by nm-openvpn-service with command line options, and it calls > back to NM via > --up /usr/libexec/nm-openvpn-service-openvpn-helper > > > If something doesn't work, then there is no other way then to open a bug > about it and fix it in nm-openvpn/NetworkManager. > > > That said, import of ovpn file is supposed to just work. What didn't work for > you there? > > > Thomas -- martin.langh...@gmail.com - ask interesting questions ~ http://linkedin.com/in/martinlanghoff - don't be distracted ~ http://github.com/martin-langhoff by shiny stuff _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
