Re: Problems with OpenVPN client conf having several remotes

Tue, 29 Jun 2021 07:30:10 -0700 

On Mon, 2021-06-14 at 17:52 +0000, Samuel Le Thiec via networkmanager-list 
wrote:
> Hello again:)
> 
> I encountered two problems with an openvpn client conf having several remotes.
> 
> The first problem occurs when importing a openvpn client config having 
> multiple remotes
> mixing udp & tcp and using the "implicit udp syntax":
> 
>  $ grep ^remote openvpn.conf
>  remote ovpn.mydomain.com
>  remote ovpn.mydomain.com 53
>  remote ovpn.mydomain.com 1194 tcp
> 
> When imported in Network Manager, this translates to (in the vpn settings: 
> Identity →
> General → Gateway) : 
>  ovpn.mydomain.com, ovpn.mydomain.com:53, ovpn.mydomain.com:1194:tcp
> 
> When I try to enable the vpn connection, it goes back to being disabled 
> immediately.
> Here
> is the error message I can see in the journal:
>  Options error: --explicit-exit-notify can only be used with --proto udp
> 
> Now, if I change the gateway vpn setting to:
>  ovpn.mydomain.com:1194:udp, ovpn.mydomain.com:53:udp, 
> ovpn.mydomain.com:1194:tcp

> 
> Then, I can enable the vpn and it looks like it's working...
> 
> **BUT**
> 
> When I look closer, the fallback/try on the other remotes does not seem to 
> work: on the
> journal, I can see the tries on the first remote (IPv6, then IPv4), then I 
> see this log
> entry:
> 
>  Jun 14 19:44:31 nsfw nm-openvpn-serv[333567]: Connect timer expired, 
> disconnecting.
> 
> This "fallback mechanism" works fine when invoking openvpn directly. Is there 
> something
> else to do to have it working with Network Manager?


Hello,

I just would like to make sure this message does not get lost in the way.

Let me summarise it, I think there is two problems with the openvpn 
functionnality within
Network Manager :
   1. When importing an openvpn config file: NM can't start a openvpn 
'connection' with a
      remote using implicit UDP notation and a tcp (server1:port1 
server2:port2:tcp) (see
      above)
   2. The fallback mechanism does not seem to work with NetworkManager, 
probably because
      it takes too long and NM tags the connection as failing: is there a way 
to force it
      to continue trying indefinitely?

Thank you,

samuel


> 
> Any help greatly appreciated!
> 
> Thanks,
> 
> samuel
> 
> PS: I'm using:
> 
>  $ NetworkManager --version
>  1.30.4-1.fc34
> 
> 
> _______________________________________________
> networkmanager-list mailing list
> networkmanager-list@gnome.org
> https://mail.gnome.org/mailman/listinfo/networkmanager-list


_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to