[Bug 194487] Re: network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7
Here's my first crack at a patch. It's for Ubuntu 8.04LTS (package versions are referenced in each patch filename). It has the GUI change for the OpenVPN stuff only. For PPTP the new delegating routing mode doesn't really make sense since PPTP doesn't have a mechanism (that I know of) to transfer routing information to a client in a portable way. Thus - it's either default route, or manual routing (i.e. the old, bad behavior). For VPNC the story is different - IPSec mode_cfg does permit the communication of routing information to the client. I'm not sure if vpnc supports this, but this is the other part of the GUI that might need some work. The OpenVPN stuff works as advertised. I didn't check the file import/export - I'm too tired today :) The change consists in adding a configuration option called route_mode which has (currently) two values (possibly more in the future): 0 or absent = current, broken behavior, 1 = new behavior (delegate routing to the VPN client). The GUI portion to manipulate this configuration setting is completed only for OpenVPN. ** Attachment added: nm-patches-bug-194487.tar.gz http://launchpadlibrarian.net/30844341/nm-patches-bug-194487.tar.gz -- network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7 https://bugs.launchpad.net/bugs/194487 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 194487] Re: network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7
Ok... here's my second (actually, third! :D), cleaner crack at the same patch. The above patch had a couple of bugs in deleting VPN connections (wouldn't be properly deleted), and wouldn't import the new route_mode value from files. Again - it still only covers network-manager and network-manager- openvpn. The other network-manager vpn modules (vpnc and pptp) are also modified, but only to maintain binary compatibility. In particular, this new functionality makes sense *at most* for vpnc, since PPTP doesn't have a portable mechanism to provide routing information like OpenVPN does (for vpnc/IPSec, mod_cfg is able to provide said routing info). Cheers. ** Attachment added: nm-patches-194487-v3.tar.gz http://launchpadlibrarian.net/30858152/nm-patches-194487-v3.tar.gz -- network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7 https://bugs.launchpad.net/bugs/194487 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 194487] Re: network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7
-- network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7 https://bugs.launchpad.net/bugs/194487 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 194487] Re: network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7
I sort of expected this to be the case - I'll read up on how to refactor those patches as you metion. However, the important part is that it the patches are built and designed such that if you install the patched version over existing configs, nothing changes functionally - i.e. you have to actually want to use the new functionality for it to be activated. If not, then everything hums along the same way it did before the patch. This is intentionally so since I understand what LTS is all about - it's about configuration management and stability. I'll try to get it factored for today, but you're right - it's unlikely that I'll be able to. Should I be able to, what's the most expedited way to get the ball rolling to attempt to fit this in prior to feature freeze? Thanks for the info! -- network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7 https://bugs.launchpad.net/bugs/194487 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 194487] Re: network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7
This defect severely limits the functionality of the OpenVPN client. PPTP is unaffected since the functionality is consistent with the available feature set. VPNC might be a case similar to OpenVPN. ** Changed in: network-manager (Ubuntu) Status: Invalid = Confirmed -- network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7 https://bugs.launchpad.net/bugs/194487 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 194487] Re: network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7
Ok I've located the culprit logic. It's in NetworkManagerSystem.c - the logic first removes all routes attached to the new VPN interface, and then proceeds to force-feed what it believes to be the correct routing configurations. I think what's appropriate here is the addition of a flag in the DBUS messages which indicates the behavior to be followed. If the flag is missing, the default (i.e. current) behavior is followed - otherwise we can respect routing as implemented by the VPN backend (desired), or some combination of the two. I'll get cracking on this and see if I can come up with a small, simple patch for the problem. Please note: for now, I'm working only on 8.04 (NM 0.6.6). After that, I'll have a look at newer versions and see if the patch would need work. Cheers. -- network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7 https://bugs.launchpad.net/bugs/194487 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 194487] Re: network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7
Ok I've located the culprit logic. It's in NetworkManagerSystem.c - the logic first removes all routes attached to the new VPN interface, and then proceeds to force-feed what it believes to be the correct routing configurations. I think what's appropriate here is the addition of a flag in the DBUS messages which indicates the behavior to be followed. If the flag is missing, the default (i.e. current) behavior is followed - otherwise we can respect routing as implemented by the VPN backend (desired), or some combination of the two. I'll get cracking on this and see if I can come up with a small, simple patch for the problem. Please note: for now, I'm working only on 8.04 (NM 0.6.6). After that, I'll have a look at newer versions and see if the patch would need work. Cheers. -- network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7 https://bugs.launchpad.net/bugs/194487 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 194487] Re: network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7
Yes, this is still an issue. I can confirm what our friend said earlier about routes being correctly added by OpenVPN and subsequently being removed (presumably by NetworkManager or the NM-OpenVPN plugin). In my view the problem is that the options do not permit the selection of the correct behavior. There are 3 possible scenarios: 1) User explicitly chooses to use the server as the default gateway (user-specified-routing only makes sense in the context of route-exclusions) 2) User does NOT explicitly choose to use the server as the default gateway, and wants to specify which targets to route manually over the tunnel (current behavior) 3) Same as case 2, but add to that the acceptance of server-provided routing info (this is the case not functioning). In this case, manual routes may also make sense as manual, forced exclusions or routes augmenting the routes received from the server (i.e. 10.0.0.0/8, !10.5.0.0/24). I'm willing to work on fixing this, but I need insights as to where in NM or NM-OpenVPN the routes are removed so I can add the logic to selectively do that only when appropriate. Anyone care to help me get started? -- network-manager[-openvpn] doesn't handle properly routes pushed by OpenVPN 2.1_Rc7 https://bugs.launchpad.net/bugs/194487 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
