https://bugs.kde.org/show_bug.cgi?id=372086
Bug ID: 372086
Summary: Make configuration option for LZO compression of
OpenVPN connection tri-state
Product: plasma-nm
Version: 5.8.3
Platform: unspecified
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: editor
Assignee: lu...@kde.org
Reporter: matthias.h.na...@gmail.com
CC: jgrul...@redhat.com
Target Milestone: ---
The graphical editor has a checkbox to either enable or disable the LZO
compression of OpenVPN connections. This option is translats to "comp-lzo=no"
or "comp-lzo=yes" respectively in the corresponding configuration file under
/etc/NetworkManager/. At the level of OpenVPN this corresponds to the equally
named option.
Howerver, this option is tri-state and can be left unconfigured which has a
different meaning than "yes" or "no". See man page of OpenVPN.
If at the client side either "comp-lzo=no" or "comp-lzo=yes" and at the server
side the configuration is left unspecified under certain conditions the
connection can be successfully established but become useless due to LZO errors
Nov 03 21:09:56 nm-openvpn[17410]: OpenVPN 2.3.12 x86_64-pc-linux-gnu [SSL
(OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 30 2016
Nov 03 21:09:56 nm-openvpn[17410]: library versions: OpenSSL 1.0.2j 26 Sep
2016, LZO 2.08
Nov 03 21:09:57 nm-openvpn[17410]: NOTE: the current --script-security setting
may allow this configuration to call user-defined scripts
Nov 03 21:09:57 nm-openvpn[17410]: NOTE: UID/GID downgrade will be delayed
because of --client, --pull, or --up-delay
Nov 03 21:09:57 nm-openvpn[17410]: Attempting to establish TCP connection with
[AF_INET]193.197.62.25:1194 [nonblock]
Nov 03 21:09:58 nm-openvpn[17410]: TCP connection established with
[AF_INET]193.197.62.25:1194
Nov 03 21:09:58 nm-openvpn[17410]: TCPv4_CLIENT link local: [undef]
Nov 03 21:09:58 nm-openvpn[17410]: TCPv4_CLIENT link remote:
[AF_INET]193.197.62.25:1194
Nov 03 21:09:59 nm-openvpn[17410]: WARNING: 'comp-lzo' is present in local
config but missing in remote config, local='comp-lzo'
Nov 03 21:09:59 nm-openvpn[17410]: [openvpn.scc.kit.edu] Peer Connection
Initiated with [AF_INET]193.197.62.25:1194
Nov 03 21:10:01 nm-openvpn[17410]: TUN/TAP device tap0 opened
Nov 03 21:10:01 nm-openvpn[17410]:
/usr/libexec/nm-openvpn-service-openvpn-helper --debug 0 17403 --bus-name
org.freedesktop.NetworkManager.openvpn.Connection_1 --tap -- tap0 1500 1592
141.3.200.95 255.255.255.0 init
Nov 03 21:10:01 nm-openvpn[17410]: GID set to nm-openvpn
Nov 03 21:10:01 nm-openvpn[17410]: UID set to nm-openvpn
Nov 03 21:10:01 nm-openvpn[17410]: Initialization Sequence Completed
Nov 03 21:10:01 nm-openvpn[17410]: Bad LZO decompression header byte: 255
Nov 03 21:10:01 nm-openvpn[17410]: Bad LZO decompression header byte: 255
Nov 03 21:10:01 nm-openvpn[17410]: Bad LZO decompression header byte: 255
Nov 03 21:10:01 nm-openvpn[17410]: Bad LZO decompression header byte: 51
....
This behaviour is expected and reproducible.
If one edits the configuration file under /etc/NetworkManager/ manually be
means of a text editor and removes the "comp-lzo=<yes|no>" directive from the
configuration file, everything works as expected. However, as soon as one opens
the connection in the graphical connection editor again, the "comp-lzo"
directive is re-inserted into the configuration file and set to whatever the
checkbox state is in. After that the OpenVPN connection does not work and one
must edit the configuration file again.
Proposed solution: Make the checkbox tri-state.
--
You are receiving this mail because:
You are watching all bug changes.
