Re: Add OpenVPN support
On Mon, Nov 22, 2010 at 04:15:19PM +0800, Zheng, Jeff wrote: > > > > Can you please ran this log output throught the test/backtrace script? > > > > backtrace > [0]: vpn_newlink() [vpn.c:147] > [1]: connman_rtnl_add_newlink_watch() [rtnl.c:244] > [2]: vpn_notify() [vpn.c:171] > [3]: task_filter() [task.c:402] > [4]: message_dispatch() [mainloop.c:80] > [5]: main() [main.c:262] > [6]: _start() [iptables.c:0] > --- Thanks. Don't know if I have time today to look at it. In case you have time to fix it, please go ahaid :) It looks like a NULL pointer thing to me. daniel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
RE: Add OpenVPN support
> > Can you please ran this log output throught the test/backtrace script? > backtrace [0]: vpn_newlink() [vpn.c:147] [1]: connman_rtnl_add_newlink_watch() [rtnl.c:244] [2]: vpn_notify() [vpn.c:171] [3]: task_filter() [task.c:402] [4]: message_dispatch() [mainloop.c:80] [5]: main() [main.c:262] [6]: _start() [iptables.c:0] --- ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN support
Hi Jeff, On Mon, Nov 22, 2010 at 03:55:52PM +0800, Zheng, Jeff wrote: > > > > On Thu, Nov 18, 2010 at 04:28:22PM +0100, Daniel Wagner wrote: > > > Hi Jeff, > > > > > > On Thu, Nov 18, 2010 at 11:07:13PM +0800, Zheng, Jeff wrote: > > > > Do you mean openvpn plugin? If this way, I will check next week > > > > (I'll annual leave Friday). I just used the rpm that Martin built for > > > > MeeGo. > > > > > > Ah, okay. Which version has been packeged? OpenVPN is in 0.63. > > > > "OpenVPN is in 0.63" = The support for OpenVPN is in connman > > version > 0.63. > > Though I used 0.63, but OpenVPN might not be built. > > I built from latest code(74558dc6e1), but connmand crashed: > > connmand[6323]: Removing default gateway route failed (No such process) > connmand[6323]: Aborting (signal 11) > connmand[6323]: backtrace > connmand[6323]: [0]: [0xb773d400] > connmand[6323]: [1]: ./connmand() [0x806e007] > connmand[6323]: [2]: ./connmand(connman_rtnl_add_newlink_watch+0xc4) > [0x80905c4] > connmand[6323]: [3]: ./connmand() [0x806df71] > connmand[6323]: [4]: ./connmand() [0x8073078] > connmand[6323]: [5]: /lib/libdbus-1.so.3(dbus_connection_dispatch+0x38b) > [0x1664bb] > connmand[6323]: [6]: ./connmand() [0x8051fc0] > connmand[6323]: [7]: /lib/libglib-2.0.so.0() [0xd349cd] > connmand[6323]: [8]: /lib/libglib-2.0.so.0(g_main_context_dispatch+0x1b7) > [0xd337f9] > connmand[6323]: [9]: /lib/libglib-2.0.so.0() [0xd33e20] > connmand[6323]: [10]: /lib/libglib-2.0.so.0(g_main_loop_run+0x221) [0xd343b7] > connmand[6323]: [11]: ./connmand() [0x8071d4c] > connmand[6323]: [12]: /lib/libc.so.6(__libc_start_main+0xe7) [0xac8bb7] > connmand[6323]: [13]: ./connmand() [0x8051b61] > connmand[6323]: +++ > > Attached is detailed log file. Can you please ran this log output throught the test/backtrace script? thanks, daniel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
RE: Add OpenVPN support
> > On Thu, Nov 18, 2010 at 04:28:22PM +0100, Daniel Wagner wrote: > > Hi Jeff, > > > > On Thu, Nov 18, 2010 at 11:07:13PM +0800, Zheng, Jeff wrote: > > > Do you mean openvpn plugin? If this way, I will check next week > > > (I'll annual leave Friday). I just used the rpm that Martin built for > > > MeeGo. > > > > Ah, okay. Which version has been packeged? OpenVPN is in 0.63. > > "OpenVPN is in 0.63" = The support for OpenVPN is in connman > version > 0.63. Though I used 0.63, but OpenVPN might not be built. I built from latest code(74558dc6e1), but connmand crashed: connmand[6323]: Removing default gateway route failed (No such process) connmand[6323]: Aborting (signal 11) connmand[6323]: backtrace connmand[6323]: [0]: [0xb773d400] connmand[6323]: [1]: ./connmand() [0x806e007] connmand[6323]: [2]: ./connmand(connman_rtnl_add_newlink_watch+0xc4) [0x80905c4] connmand[6323]: [3]: ./connmand() [0x806df71] connmand[6323]: [4]: ./connmand() [0x8073078] connmand[6323]: [5]: /lib/libdbus-1.so.3(dbus_connection_dispatch+0x38b) [0x1664bb] connmand[6323]: [6]: ./connmand() [0x8051fc0] connmand[6323]: [7]: /lib/libglib-2.0.so.0() [0xd349cd] connmand[6323]: [8]: /lib/libglib-2.0.so.0(g_main_context_dispatch+0x1b7) [0xd337f9] connmand[6323]: [9]: /lib/libglib-2.0.so.0() [0xd33e20] connmand[6323]: [10]: /lib/libglib-2.0.so.0(g_main_loop_run+0x221) [0xd343b7] connmand[6323]: [11]: ./connmand() [0x8071d4c] connmand[6323]: [12]: /lib/libc.so.6(__libc_start_main+0xe7) [0xac8bb7] connmand[6323]: [13]: ./connmand() [0x8051b61] connmand[6323]: +++ Attached is detailed log file. Bests Jeff connmand.log.gz Description: connmand.log.gz ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN support
On Thu, Nov 18, 2010 at 04:28:22PM +0100, Daniel Wagner wrote: > Hi Jeff, > > On Thu, Nov 18, 2010 at 11:07:13PM +0800, Zheng, Jeff wrote: > > Do you mean openvpn plugin? If this way, I will check next week > > (I'll annual leave Friday). I just used the rpm that Martin built for > > MeeGo. > > Ah, okay. Which version has been packeged? OpenVPN is in 0.63. "OpenVPN is in 0.63" = The support for OpenVPN is in connman version > 0.63. daniel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN support
Hi Jeff, On Thu, Nov 18, 2010 at 11:07:13PM +0800, Zheng, Jeff wrote: > Do you mean openvpn plugin? If this way, I will check next week > (I'll annual leave Friday). I just used the rpm that Martin built for > MeeGo. Ah, okay. Which version has been packeged? OpenVPN is in 0.63. I don't have a MeeGo running. Looking at the repo.meego.org, I think 0.60.5 has been used, right? Is OpenVPN already packaged for MeeGo? :) daniel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN support
Hi Jeff, On Thu, Nov 18, 2010 at 04:44:04PM +0800, Zheng, Jeff wrote: > Thanks for quick response. Connmand log attached. Thanks. I see that passing the values through the provider works. But I don't see anything about the openvpn plugin, e.g. I have following in my log file: connmand[5579]: src/provider.c:connman_provider_driver_register() driver 0x18b3918 name openvpn connmand[5579]: src/provider.c:connman_provider_driver_register() driver 0x18b3a38 name openconnect Can you check if openvpn is built? daniel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
RE: Add OpenVPN support
Hi Daniel, Thanks for quick response. Connmand log attached. Server configure file(remove ^# and ^; lines) is: port 1194 proto udp dev tun ca /CA/private/ca.crt cert /CA/private/server.crt key /CA/private/server.key # This file should be kept secret dh /CA/private/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 persist-key persist-tun status openvpn-status.log verb 3 And below is client configure file that I can connect with "openvpn --config ": client dev tun proto udp remote xfzheng.sh.intel.com 1194 resolv-retry infinite nobind persist-key persist-tun ca /root/.openvpn/ca.crt cert /root/.openvpn/client1.crt key /root/.openvpn/client1.key ns-cert-type server verb 3 Bests Jeff > -Original Message- > From: Daniel Wagner [mailto:w...@monom.org] > Sent: Thursday, November 18, 2010 4:17 PM > To: Zheng, Jeff > Cc: connman@connman.net > Subject: Re: Add OpenVPN support > > Hi Jeff, > > On Thu, Nov 18, 2010 at 03:15:34PM +0800, Zheng, Jeff wrote: > > Do you mean compile with patch " [PATCH v0 1/2] openvpn: add suport for > > static key setup"? compile passed. > > Yes, I don't have a static key setup (yet). So the patch should > compile fine but it will almost certently not work. > > > But I still failed with SSL/TLS (not with the patch): > > First let's get the TLS setup working. This should work(TM). > > > # connect-vpn openvpn openvpn xfzheng.sh.intel.com sh.intel.com > /root/.openvpn/ca.crt /root/.openvpn/client1.crt > /root/.openvpn/client1.key > > This looks okay. > > > sys.argv[7] is /root/.openvpn/client1.key > > Traceback (most recent call last): > > File "/usr/lib/connman/test/connect-vpn", line 42, in > > "OpenVPN.Key": sys.argv[7]})) > > File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 68, in > __call__ > > return self._proxy_method(*args, **keywords) > > File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 140, in > __call__ > > **keywords) > > File "/usr/lib/python2.6/site-packages/dbus/connection.py", line 630, in > call_blocking > > message, timeout) > > dbus.exceptions.DBusException: org.moblin.connman.Error.NotSupported: > Not supported > > Can you post the connman log? I can't figure what's going wrong. > > > I can connect with openvpn directly. I'm using openvpn-2.1.3, both server > and > > client disable comp-lzo. server is in 64bit fedora11 and client in meego 1.1 > > For reference here is the configuration for my openvpn server: > > dev tun0 > ca /etc/openvpn/keys/ca.crt > cert /etc/openvpn/keys/server.crt > key /etc/openvpn/keys/server.key > dh /etc/openvpn/keys/dh1024.pem > server 10.1.0.0 255.255.255.0 > push "redirect-gateway def1" > push "dhcp-option DNS 85.25.128.10" > push "dhcp-option DNS 85.25.255.10" > push "topology net30" > > The topology and redirect-gateway push isn't really needed. It just a > left over from a debugging session. > > daniel connman.log.gz Description: connman.log.gz ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN support
Hi Jeff, On Thu, Nov 18, 2010 at 03:15:34PM +0800, Zheng, Jeff wrote: > Do you mean compile with patch " [PATCH v0 1/2] openvpn: add suport for > static key setup"? compile passed. Yes, I don't have a static key setup (yet). So the patch should compile fine but it will almost certently not work. > But I still failed with SSL/TLS (not with the patch): First let's get the TLS setup working. This should work(TM). > # connect-vpn openvpn openvpn xfzheng.sh.intel.com sh.intel.com > /root/.openvpn/ca.crt /root/.openvpn/client1.crt /root/.openvpn/client1.key This looks okay. > sys.argv[7] is /root/.openvpn/client1.key > Traceback (most recent call last): > File "/usr/lib/connman/test/connect-vpn", line 42, in > "OpenVPN.Key": sys.argv[7]})) > File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 68, in > __call__ > return self._proxy_method(*args, **keywords) > File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 140, in > __call__ > **keywords) > File "/usr/lib/python2.6/site-packages/dbus/connection.py", line 630, in > call_blocking > message, timeout) > dbus.exceptions.DBusException: org.moblin.connman.Error.NotSupported: Not > supported Can you post the connman log? I can't figure what's going wrong. > I can connect with openvpn directly. I'm using openvpn-2.1.3, both server and > client disable comp-lzo. server is in 64bit fedora11 and client in meego 1.1 For reference here is the configuration for my openvpn server: dev tun0 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem server 10.1.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 85.25.128.10" push "dhcp-option DNS 85.25.255.10" push "topology net30" The topology and redirect-gateway push isn't really needed. It just a left over from a debugging session. daniel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
RE: Add OpenVPN support
Hi Daniel, Do you mean compile with patch " [PATCH v0 1/2] openvpn: add suport for static key setup"? compile passed. But I still failed with SSL/TLS (not with the patch): # connect-vpn openvpn openvpn xfzheng.sh.intel.com sh.intel.com /root/.openvpn/ca.crt /root/.openvpn/client1.crt /root/.openvpn/client1.key sys.argv[7] is /root/.openvpn/client1.key Traceback (most recent call last): File "/usr/lib/connman/test/connect-vpn", line 42, in "OpenVPN.Key": sys.argv[7]})) File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 68, in __call__ return self._proxy_method(*args, **keywords) File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 140, in __call__ **keywords) File "/usr/lib/python2.6/site-packages/dbus/connection.py", line 630, in call_blocking message, timeout) dbus.exceptions.DBusException: org.moblin.connman.Error.NotSupported: Not supported I can connect with openvpn directly. I'm using openvpn-2.1.3, both server and client disable comp-lzo. server is in 64bit fedora11 and client in meego 1.1 Bests Jeff > -Original Message- > From: Daniel Wagner [mailto:w...@monom.org] > Sent: Wednesday, November 17, 2010 6:19 PM > To: Zheng, Jeff > Cc: connman@connman.net > Subject: Re: Add OpenVPN support > > Hi Jeff, > > On Wed, Nov 17, 2010 at 01:58:26PM +0800, Zheng, Jeff wrote: > > How can I use connect-vpn script? > > > > I can connect to a point to point server with: > > openvpn --config config > > > > The content of config is: > > remote xfzheng.sh.intel.com > > dev tun > > ifconfig 10.8.0.2 10.8.0.1 > > secret static.key > > Currently the plugin can handly only the tls setup. In order to > support the static key mode there is need for some more openvpn > argument handling. > > > In this config file I don't see and that connect-vpn > > needs > > > > So I ignore these two parameters in script but it still complains: > > # connect-vpn openvpn myvpn xfzheng.sh.intel.com mydomain.com 1 1 > static.key > > Yeah, that wont work right now. First the script needs get smarter and > then the key has to passed in the provider and the openvpn plugin has > to pass this to the openvpn argument list. > > Can you give the patches I'll append to this mail a try? Only compiled, > not really tested. I think the 'ifconfig' argument is not really > working since it needs to arguments. > > daniel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN support
> Can you give the patches I'll append to this mail a try? Only compiled, > not really tested. I think the 'ifconfig' argument is not really > working since it needs to arguments. ... it needs two arguments. ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN support
Hi Jeff, On Wed, Nov 17, 2010 at 01:58:26PM +0800, Zheng, Jeff wrote: > How can I use connect-vpn script? > > I can connect to a point to point server with: > openvpn --config config > > The content of config is: > remote xfzheng.sh.intel.com > dev tun > ifconfig 10.8.0.2 10.8.0.1 > secret static.key Currently the plugin can handly only the tls setup. In order to support the static key mode there is need for some more openvpn argument handling. > In this config file I don't see and that connect-vpn needs > > So I ignore these two parameters in script but it still complains: > # connect-vpn openvpn myvpn xfzheng.sh.intel.com mydomain.com 1 1 static.key Yeah, that wont work right now. First the script needs get smarter and then the key has to passed in the provider and the openvpn plugin has to pass this to the openvpn argument list. Can you give the patches I'll append to this mail a try? Only compiled, not really tested. I think the 'ifconfig' argument is not really working since it needs to arguments. daniel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
RE: Add OpenVPN support
Hi Daniel, How can I use connect-vpn script? I can connect to a point to point server with: openvpn --config config The content of config is: remote xfzheng.sh.intel.com dev tun ifconfig 10.8.0.2 10.8.0.1 secret static.key In this config file I don't see and that connect-vpn needs So I ignore these two parameters in script but it still complains: # connect-vpn openvpn myvpn xfzheng.sh.intel.com mydomain.com 1 1 static.key Attempting to connect service xfzheng.sh.intel.com Traceback (most recent call last): File "/usr/lib/connman/test/vpn", line 40, in "OpenVPN.Key": sys.argv[7]})) File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 68, in __call__ return self._proxy_method(*args, **keywords) File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 140, in __call__ **keywords) File "/usr/lib/python2.6/site-packages/dbus/connection.py", line 630, in call_blocking message, timeout) dbus.exceptions.DBusException: org.moblin.connman.Error.NotSupported: Not supported Bests Jeff > -Original Message- > From: connman-boun...@connman.net > [mailto:connman-boun...@connman.net] On Behalf Of Daniel Wagner > Sent: Wednesday, November 03, 2010 1:19 AM > To: connman@connman.net > Subject: Add OpenVPN support > > Hi, > > This version works for me stable. The problem was the OpenVPN does an > inactivity check and if this is true then it does automatically a > reconnection. This fails currently because the DNS server is behind > the not-existing tunnel... This feature is now disabled. > > The automake magic now works for all cases. I have builded all > variants and it worked as expected. > > Samuel: Would you like me to cleanup the first patch? Or do you have > something better in the pipe? > > cheers, > daniel > > ___ > connman mailing list > connman@connman.net > http://lists.connman.net/listinfo/connman ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN support
Hi Samuel, On Wed, Nov 03, 2010 at 03:12:42PM +0100, Samuel Ortiz wrote: > All patches (except the openconnect one) applied now. I'd appreciate if you > could give it a try against your OpenVPN setup. I have it running now for a day. Also did some disconnect and reconnect. Every thing works fine for me. cheers, daniel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN support
Hi Daniel, On Tue, Nov 02, 2010 at 06:19:29PM +0100, Daniel Wagner wrote: > Hi, > > This version works for me stable. The problem was the OpenVPN does an > inactivity check and if this is true then it does automatically a > reconnection. This fails currently because the DNS server is behind > the not-existing tunnel... This feature is now disabled. > > The automake magic now works for all cases. I have builded all > variants and it worked as expected. > > Samuel: Would you like me to cleanup the first patch? Or do you have > something better in the pipe? So I have cleaned the first patch up, and split it into several pieces. I also changed the property name from Destination to Peer. All patches (except the openconnect one) applied now. I'd appreciate if you could give it a try against your OpenVPN setup. Cheers, Samuel. -- Intel Open Source Technology Centre http://oss.intel.com/ ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN Support
Hi Samuel, On Wed, Oct 27, 2010 at 02:05:49AM +0200, Samuel Ortiz wrote: > Hi Daniel, > > On Tue, Oct 26, 2010 at 03:54:23PM +0200, Daniel Wagner wrote: > > Hi, > > > > yet another update on this patch. OpenVPN is now running, but I'm > > struggling with the settings. The OpenVPN server settings seems > > broken. I can ping the server address (10.1.0.1) from my client > > (10.1.0.6). But everything else doesn't work yet. Some more debugging > > needed here :) > > > > Another thing I found out is that if there is no netmask set on the > > provider, connman does not setup the route. Don't know if this a bug > > in connman or in my setup. > Although your OpenVPN server should probably provide you with a proper > netmask, I just pushed a patch to have ConnMan being less pedantic about the > netmask. So your routes should be set now (Which might also fix the problem > you're describing in the first paragraph), could you please try ? The netmask problem is solved. I fixed my server setup, so all the traffic is routed to the openvpn server and the server acts as default gateway. On the server I have following configuration: dev tun0 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem server 10.1.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 85.25.128.10" push "dhcp-option DNS 85.25.255.10" On the client side I have: client dev tun remote hotel311.server4you.de resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert freakazoid.crt key freakazoid.key The def1 flag does: def1 -- Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway So starting openvpn without connman (just fetch local IP address with dhclient), the routing table looks like this: $ ip r 85.25.146.15 via 192.168.0.254 dev eth0 10.1.0.5 dev tun0 proto kernel scope link src 10.1.0.6 10.1.0.1 via 10.1.0.5 dev tun0 192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.101.14 0.0.0.0/1 via 10.1.0.5 dev tun0 128.0.0.0/1 via 10.1.0.5 dev tun0 default via 192.168.0.254 dev eth0 and everthing works fine. I have to admit I haven't really understood the 0.0.0.0/1 and 128.0.0.0/1 magic but it helped in my case :) If I use connman with openvpn together then the routing looks like this: $ ip r 10.1.0.5 via 192.168.0.254 dev eth0 10.1.0.5 dev vpn0 scope link 192.168.0.0/16 dev eth0 proto kernel scope link src 192.168.101.14 default via 10.1.0.6 dev vpn0 scope link and openvpn complains about not finding the openvpn server: connmand[10724]: vpn0 {create} index 17 type 65534 connmand[10724]: vpn0 {update} flags 4240 connmand[10724]: vpn0 {newlink} index 17 operstate 2 openvpn[10730]: OpenVPN 2.1.1 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 5 2010 openvpn[10730]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. openvpn[10730]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts openvpn[10730]: UDPv4 link local: [undef] openvpn[10730]: UDPv4 link remote: 85.25.146.15:1194 openvpn[10730]: [toronto053.server4you.de] Peer Connection Initiated with 85.25.146.15:1194 openvpn[10730]: TUN/TAP device vpn0 opened openvpn[10730]: /home/wagi/src/connman/scripts/openvpn-script vpn0 1500 1541 10.1.0.6 10.1.0.5 init openvpn[10730]: Initialization Sequence Completed connmand[10724]: vpn0 {newlink} index 17 operstate 2 connmand[10724]: vpn0 {update} flags 69841 connmand[10724]: vpn0 {newlink} index 17 operstate 0 connmand[10724]: vpn0 up connmand[10724]: vpn0 lower up connmand[10724]: Deleting host route failed (No such process) connmand[10724]: Removing default gateway route failed (No such process) connmand[10724]: Enabling DNS server 192.168.100.4 connmand[10724]: Deleting host route failed (No such process) connmand[10724]: Removing default gateway route failed (No such process) connmand[10724]: Adding DNS server 85.25.128.10 connmand[10724]: vpn0 {add} address 10.1.0.6/32 label vpn0 connmand[10724]: vpn0 ip bound openvpn[10730]: write UDPv4 []: Network is unreachable (code=101) connmand[10724]: vpn0 {add} route 10.1.0.5 gw 0.0.0.0 scope 253 connmand[10724]: eth0 {add} route 10.1.0.5 gw 192.168.0.254 scope 0 connmand[10724]: eth0 {del} route 192.168.0.254 gw 0.0.0.0 scope 253 connmand[10724]: eth0 ip release connmand[10724]: eth0 {del} route 0.0.0.0 gw 192.168.0.254 scope 0 connmand[10724]: Enabling DNS server 192.168.100.4 connmand[10724]: Disabling DNS server 85.25.128.10 connmand[10724]: Disabling DNS server 192.168.100.4 connmand[10724]: Enabling DNS server 85.25.128.10 connmand[10724]: vpn0 {add} route 0.0.0.0 gw 10.1.0.6 scope 253 ntpd[148
Re: Add OpenVPN Support
Good Morning Samuel, On Wed, Oct 27, 2010 at 02:05:49AM +0200, Samuel Ortiz wrote: > Hi Daniel, > > On Tue, Oct 26, 2010 at 03:54:23PM +0200, Daniel Wagner wrote: > > Hi, > > > > yet another update on this patch. OpenVPN is now running, but I'm > > struggling with the settings. The OpenVPN server settings seems > > broken. I can ping the server address (10.1.0.1) from my client > > (10.1.0.6). But everything else doesn't work yet. Some more debugging > > needed here :) > > > > Another thing I found out is that if there is no netmask set on the > > provider, connman does not setup the route. Don't know if this a bug > > in connman or in my setup. > Although your OpenVPN server should probably provide you with a proper > netmask, I just pushed a patch to have ConnMan being less pedantic about the > netmask. So your routes should be set now (Which might also fix the problem > you're describing in the first paragraph), could you please try ? OpenVPN only pushes a netmask for tap devices not for tun devices: --up cmd Shell command to run after successful TUN/TAP device open (pre --user UID change). The up script is useful for specifying route commands which route IP traffic destined for private subnets which exist at the other end of the VPN connection into the tunnel. For --dev tun execute as: cmd tun_dev tun_mtu link_mtu ifconfig_local_ip ifconfig_remote_ip [ init | restart ] For --dev tap execute as: cmd tap_dev tap_mtu link_mtu ifconfig_local_ip ifconfig_netmask [ init | restart ] and vpn.c sets up a tun device. > The patch looks good to me otherwise, except for the Makefile.plugins hack. > Marcel told me he will try to find out why we're linking twice when a source > file is defined twice in builtin_sources. Thanks. Most likely I would have to spend a week to figure out what's going on. So any help is highly appreciated. cheers, daniel ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN Support
Hi Daniel, On Tue, Oct 26, 2010 at 03:54:23PM +0200, Daniel Wagner wrote: > Hi, > > yet another update on this patch. OpenVPN is now running, but I'm > struggling with the settings. The OpenVPN server settings seems > broken. I can ping the server address (10.1.0.1) from my client > (10.1.0.6). But everything else doesn't work yet. Some more debugging > needed here :) > > Another thing I found out is that if there is no netmask set on the > provider, connman does not setup the route. Don't know if this a bug > in connman or in my setup. Although your OpenVPN server should probably provide you with a proper netmask, I just pushed a patch to have ConnMan being less pedantic about the netmask. So your routes should be set now (Which might also fix the problem you're describing in the first paragraph), could you please try ? The patch looks good to me otherwise, except for the Makefile.plugins hack. Marcel told me he will try to find out why we're linking twice when a source file is defined twice in builtin_sources. Cheers, Samuel. -- Intel Open Source Technology Centre http://oss.intel.com/ ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Add OpenVPN support
Hi Daniel, On Fri, Oct 22, 2010 at 01:55:51PM -0400, Daniel Wagner wrote: > Hi, > > it is still work in progress. > > Samual, can you test if this version works for OpenConnect plugin? > That would be very kind of you. I tried patches 1 and 2, and things seem to work fine now. The code looks good too, so I applied those 2 patches. I'll let you fix the OpenVPN plugin while we work the automake issues out. Cheers, Samuel. -- Intel Open Source Technology Centre http://oss.intel.com/ ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman