network profiles
Hey, I saw something call network profiles being committed to gnome-control-center recently. I didn't see any prior discussion on this list. Maybe a little explanation of the plans and purposes behind this would be good. Also, I wonder how this will interact with closer NetworkManager integration in the future. Medium-term, all network-related configuration needs to be made dynamic and depend on the current connections, which are under the contol of NetworkManager. So, I guess I am asking for some roadmap information for network-related settings. Matthias ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Network profiles
(resending, since I messed up recipients) Hey, I saw something call network profiles being committed to gnome-control-center recently. I didn't see any prior discussion on this list. Maybe a little explanation of the plans and purposes behind this would be good. Also, I wonder how this will interact with closer NetworkManager integration in the future. Medium-term, all network-related configuration needs to be made dynamic and depend on the current connections, which are under the contol of NetworkManager. So, I guess I am asking for some roadmap information for network-related settings. Matthias ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH] (Fixed) Support for openvpn --auth option
Hello everybody,
please find attached the second (and fixed) version of my patch to add
support for the --auth option of openvpn to the NetworkManager-openvpn
plugin. The patch is against NetworkManager-openvpn-0.7.0-16.svn4027
(Fedora 9).
My work was triggered by the fact that I tried (and failed) to get a
"SSL VPN" connection to an Astaro firewall, using Fedora 9. The logs
showed that Astaro used MD5 HMAC authentication, whereas my Fedora 9
system used SHA1 (the default). So I started hacking...
The attached patch is sufficient to get a working "SSL VPN" connection
to an Astaro firewall.
For minimal impact, I choose to implement the --auth option in the
same way as the --cipher option. Both the "new" --auth and the "old"
--cipher options share the following issues:
o When a non-default value was saved and you want to switch back
to "Default" later on, then this change does not get saved and
the non-default value remains in the config.
As far as I understand the plugin code, this issue seems to be
caused by NetworkManager or gconfd, not by the openvpn plugin
(the hash returned by advanced_dialog_new_hash_from_dialog() does
not contain the --auth/--cipher value when "Default" was chosen).
Is this a known issue? (bugzilla.gnome.org didn't show anything
similar for NetworkManager)
o Openvpn supports these options for both static and TLS modes.
The openvpn plugin for NetworkManager carries the --cipher option
(and with my patch, the --auth option, too) on the "Certificates
(TLS)" tab of the "advanced" popup, which is only available when
using TLS modes and not when using static keys.
The easiest fix would be to move the popup-menue(s) (GtkComboBox)
for --cipher (and --auth) to the "General" tab. A little bit more
work, but maybe better for future extensions: Introduce a new
tab "Encryption" for these options. What do you think/prefer?
I'm willing to fix the second issue and to do some more research on the
first one if there is a real chance that support for the --auth option
of openvpn gets accepted into the NetworkManager distribution. ;-)
Robert
diff -u NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth
NetworkManager-openvpn-0.7.0/properties/auth-helpers.c
--- NetworkManager-openvpn-0.7.0/properties/auth-helpers.c.hmacauth
2008-08-29 15:30:50.0 +0200
+++ NetworkManager-openvpn-0.7.0/properties/auth-helpers.c 2008-11-09
21:35:56.0 +0100
@@ -585,6 +585,7 @@
NM_OPENVPN_KEY_TAP_DEV,
NM_OPENVPN_KEY_PROTO_TCP,
NM_OPENVPN_KEY_CIPHER,
+ NM_OPENVPN_KEY_AUTH,
NM_OPENVPN_KEY_TA_DIR,
NM_OPENVPN_KEY_TA,
NULL
@@ -734,6 +735,50 @@
g_strfreev (items);
}
+#define HMACAUTH_COL_NAME 0
+#define HMACAUTH_COL_DEFAULT 1
+
+static void
+populate_hmacauth_combo (GtkComboBox *box, const char *hmacauth)
+{
+ GtkListStore *store;
+ GtkTreeIter iter;
+ gboolean active_initialized = FALSE;
+ gchar **item;
+ gchar *items[] = {
+ NM_OPENVPN_AUTH_NONE,
+ NM_OPENVPN_AUTH_MD5,
+ NM_OPENVPN_AUTH_SHA1,
+ NULL
+ };
+
+ store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_BOOLEAN);
+ gtk_combo_box_set_model (box, GTK_TREE_MODEL (store));
+
+ /* Add default option which won't pass --auth to openvpn */
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter,
+ HMACAUTH_COL_NAME, _("Default"),
+ HMACAUTH_COL_DEFAULT, TRUE, -1);
+
+ /* Add options */
+ for (item = items; *item; item++) {
+ gtk_list_store_append (store, &iter);
+ gtk_list_store_set (store, &iter,
+ HMACAUTH_COL_NAME, *item,
+ HMACAUTH_COL_DEFAULT, FALSE, -1);
+ if (hmacauth && !strcmp (*item, hmacauth)) {
+ gtk_combo_box_set_active_iter (box, &iter);
+ active_initialized = TRUE;
+ }
+ }
+
+ if (!active_initialized)
+ gtk_combo_box_set_active (box, 0);
+
+ g_object_unref (store);
+}
+
static void
tls_auth_toggled_cb (GtkWidget *widget, gpointer user_data)
{
@@ -840,6 +885,10 @@
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_CIPHER);
populate_cipher_combo (GTK_COMBO_BOX (widget), value);
+ widget = glade_xml_get_widget (xml, "hmacauth_combo");
+ value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_AUTH);
+ populate_hmacauth_combo (GTK_COMBO_BOX (widget), value);
+
widget = glade_xml_get_widget (xml, "tls_auth_checkbutton");
value = g_hash_table_lookup (hash, NM_OPENVPN_KEY_TA);
if (value &&
Re: Strange VPN problems
On Fri, 2008-11-07 at 11:27 +, Rick Jones wrote: > --On Thursday, November 06, 2008 16:38:48 -0500 Dan Williams > <[EMAIL PROTECTED]> wrote: > ¦ > It would be nice to be able to set a policy of which addresses go > via > ¦ > the VPN, but it's not critical so long as this routing fix is > made. > ¦ > ¦ You do this from the Routes dialog in the IPv4 tab of the connection > ¦ editor > > Is it possible to use that dialog to define a route via a dynamic > address? E.g. to set a default route via the MB provider, or the WiFi > hotspot hub, where the address is unknown prior to connection? Not at this time; though you can use dispatcher scripts to do this on a per-connection basis using the connection's UUID if you like. I assume you mean some special notation where NM would substitute the device's current gateway or something like that? Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: E71 Nokia with NetworkManager Applet 0.7.0 for 3G Internet connection
On Fri, 2008-11-07 at 01:18 +0300, EMAD AL-BLOUSHI wrote: > > > On Fri, Nov 7, 2008 at 12:48 AM, Dan Williams <[EMAIL PROTECTED]> wrote: > On Thu, 2008-11-06 at 22:08 +0300, EMAD AL-BLOUSHI wrote: > > Dear All > > Honestly I would like to thank you for your valuable work > besides I > > want to let you know about a little bug while using > NetworkManager > > with E71 for 3G Internet connection using USB cable , it > works > > perfectly but when I click on disconnect button nothing > happen so > > kindly attached files for further details > > > > Finally, I'm using Ubuntu 8.10 - the Intrepid Ibex - > released in October 2008. > > > If you could, stop NetworkManager, and then from a terminal as > root: > > NM_SERIAL_DEBUG=1 /usr/sbin/NetworkManager --no-daemon > > then connect, and trigger your disconnect bug, and reply with > a full log > of the NM output. > > Thanks! > Dan > > I have done what you mentioned and I got this result when I run the > command > > [EMAIL PROTECTED]:~$ sudo NM_SERIAL_DEBUG=1 /usr/sbin/NetworkManager > --no-daemon > NetworkManager: starting... > NetworkManager: nm_dbus_manager_start_service(): Could not > acquire the NetworkManager service as it is already taken. > NetworkManager: disconnected by the system bus. > NetworkManager: main(): Failed to start the dbus manager. "If you could, stop NetworkManager..." Maybe you didn't completely stop the running NM first? Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Network Manager Autologin
On Fri, 2008-11-07 at 16:37 -0500, Slokunshialgo wrote: > On Tue, 2008-11-04 at 13:46 -0500, Dan Williams wrote: > > On Tue, 2008-11-04 at 15:54 +0100, Pablo Martí wrote: > > > On Tue, Nov 4, 2008 at 3:21 PM, Alexander Sack <[EMAIL PROTECTED]> wrote: > > > > On Tue, Nov 04, 2008 at 03:11:13PM +0100, Pablo Martí wrote: > > > >> Sure! I also think that the Firefox approach is not the right one, is > > > >> just that I'm not very fond on NM's dispatcher > > > >> architecture/capabilities. I kinda like the description/mockup given > > > >> here [0]. Marcelo asked in nm-list 1 year ago and he was pointed to a > > > >> dispatcher script[1]. > > > >> > > > >> [0] > > > >> http://blog.marcelotoledo.org/2007/09/01/network-manager-with-wispr-support/ > > > >> [1] > > > >> http://mail.gnome.org/archives/networkmanager-list/2007-September/msg2.html > > > >> > > > > > > > > OK thanks for the links. I really think this can be done outside of NM > > > > applet to things started. > > > > > > > > Writing a wispr-applet that listens to D-Bus events from NM and which > > > > does the wispr probing and authentication business should be fairly > > > > easy. > > > > > > Thanks for the input Alexander, much appreciated. What do other > > > developers think of this approach? Tambet? Dan? > > > > Shouldn't be part of NM, but NM should expose all the necessary > > information to allow auto-login to be possible using external tools. > > This makes sense, and is what I was thinking > > > If that includes requesting WSP information explicitly from the DHCP > > server, that's great, we should add that. The DHCP information is > > already exposed over D-Bus and thus any app that listens for NM events > > should be able to get it. > > What exactly is WSP? I can't seem to find anything on it. > > > You can tie specific logins pretty easily to each connection's UUID, > > thus if you know that your "Starbucks" connection just came up (as > > opposed to any other connection) you could certainly match that up with > > stored credentials and try to auto-login with those first before doing > > any probing or whatever. Basically, if the AP is at least WPA > > encrypted, and NM connected, there's a 95% chance that nobody is > > spoofing the connection, and that you really are connected to Starbucks, > > so you can save some time probing by just trying stored Starbucks auth > > info first, maybe. > > > > Dan > > The problem I see with using WISPr is that not all networks support it > (the ones I have to log into, for example, don't), and if something was > to be made it should work on any network. > > I know that this may seem like I'm overly invested or interested in the > idea of using Firefox, but I'm looking at it from the standpoint of > flexibility: > - If it's not a WISPr network, it would still work > - If the site needs any special javascript, popups, etc. they can be > taken care of as per manual login > - If there are any weird login errors, it's easier for the user to see & > debug > > > Do we have per-user dispatcher scripts or are you suggesting to open > > the browser as root here :) ? > > > > - Alexander > > God no! > > Reading what you guys have said, how does this sound? > - Store the login page URL in NM, and transmit this along with other > info when connecting, in case anything else wants to use it Again, I don't think this should be or needs to be stored in NM at this time... NM connections have a UUID, so you can store the data in the daemon that keys off the UUID when connections change. Going forward we can try to design a more comprehensive "get me an internet connection" mechanism. Dan > - Have an external program listening for the DBus signals, and, when > picked up, check if FF is running. If not, start it > - Pass these along to Firefox, which would have an extension listening > for the external program > - FF would go to the page and automatically log in to the page, and > allow the user access to the network > > I'm saying to store the URL in NM in case somebody want to make > something for another browser, or using Python, curl, etc. it could > still use it. If it transmits the info and nothing puts it to use, no > harm is done. The external program would be running with user > permissions, not root, even if just to appease Alexander. > > I know I need to look into exactly what info is sent, but how does this > sound so far? > > --Jason > ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: What about modems (winmodems/serial)?
On Fri, 2008-11-07 at 17:36 +0200, Peteris Krisjanis wrote: > Hi people, > > Ubuntu has now chosen NM 0.7 as default network management point. > However, there is regression in Ubuntu as you can't configure ppp > devices anymore via GUI. Not that you could really do so before with NM; it just called out to system scripts. So you can achieve the same functionality by going to the network control panel and activating the connection there with NM even being involved. The Dialup menu was simply a short-cut for that. > So question is - is there any plans to add support for old style > modems to NM? If yes, how and when? Thanks for any strip of > information in advance, Yes, there are plans to do this in the future, but it's a ways off. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: WAN Ericsson F3507g
On Thu, 2008-11-06 at 15:41 -0700, James Ward wrote: > Thanks Dan. > > Here is the output: > NetworkManager: Activation (ttyACM0) starting connection 'Auto > GSM network connection' > NetworkManager: (ttyACM0): device state change: 3 -> 4 > NetworkManager: Activation (ttyACM0) Stage 1 of 5 (Device > Prepare) scheduled... > NetworkManager: Activation (ttyACM0) Stage 1 of 5 (Device > Prepare) started... > NetworkManager: [1226010840.735911] nm_serial_device_open(): > (ttyACM0) opening device... > NetworkManager: Activation (ttyACM0) Stage 1 of 5 (Device > Prepare) complete. > NetworkManager: [1226010840.841058] nm_serial_debug(): Sending: > 'ATZ E0 V1 X4 &C1 +FCLASS=0 > ' > NetworkManager: [1226010840.869797] nm_serial_debug(): Got: 'ATZ > E0 V1 X4 &C1 +FCLASS=0 > ' > NetworkManager: [1226010840.880689] nm_serial_debug(): Got: 'ATZ > E0 V1 X4 &C1 +FCLASS=0 This was fixed on 2008-10-26 in r4222. Dan > > ERROR > > ' > NetworkManager: init_done(): Modem initialization failed > NetworkManager: (ttyACM0): device state change: 4 -> 9 > NetworkManager: [1226010840.880892] nm_serial_device_close(): > Closing device 'ttyACM0' > NetworkManager: Marking connection 'Auto GSM network connection' > invalid. > NetworkManager: Activation (ttyACM0) failed. > NetworkManager: (ttyACM0): device state change: 9 -> 3 > NetworkManager: (ttyACM0): deactivating device (reason: 0). > NetworkManager: nm_system_device_flush_ip4_routes_with_iface: assertion > `iface_idx >= 0' failed > NetworkManager: nm_system_device_flush_ip4_addresses_with_iface: > assertion `iface_idx >= 0' failed > > > > The light on my laptop indicating that the device is on, never turned on > using NM. But if I do: > cu -l /dev/ttyACM0 > > AT+CFUN=1 > > > Then the light does come on. > > I have 0.7~~svn20081018t105859-0ubuntu2~nm4 from the PPA on Intrepid. > > Thanks for your help. > > -James > > > On Thu, 2008-11-06 at 07:35 -0500, Dan Williams wrote: > > On Wed, 2008-11-05 at 15:36 -0700, James Ward wrote: > > > Hi, > > > > > > I just recently upgraded to the Lenovo W500 laptop which has a built-in > > > Ericsson F2507g WAN card. Unfortunately I can't get this new card to > > > work with NM because it needs to be turned on first. There is a thread > > > about how to do this manually on Ubuntu: > > > http://ubuntuforums.org/showthread.php?t=934013 > > > > NetworkManager does turn the card on with CFUN=1 already. I'll need > > serial debug logging enabled to figure out what's going on with your > > card. Stop NM, then as root run it like: > > > > NM_SERIAL_DEBUG=1 /usr/sbin/NetworkManager --no-daemon > > > > and try a connection. Attach the output of NM so we can figure out > > what's actually going wrong here. > > > > Dan > > > > > My sim card doesn't require a password like the newer ones so this > > > should be pretty simple. But I can't seem to make it work. I'm using > > > the Ubuntu NM PPA. Any ideas? > > > > > > Thanks. > > > > > > -James > > > > > > ___ > > > NetworkManager-list mailing list > > > NetworkManager-list@gnome.org > > > http://mail.gnome.org/mailman/listinfo/networkmanager-list > > > ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Network profiles
On Sun, 2008-11-09 at 11:33 -0500, Matthias Clasen wrote: > (resending, since I messed up recipients) > > Hey, > > I saw something call network profiles being committed to > gnome-control-center recently. I didn't see any prior discussion on > this list. Maybe a little explanation of the plans and purposes behind > this would be good. > > Also, I wonder how this will interact with closer NetworkManager > integration in the future. Medium-term, all network-related > configuration needs to be made dynamic and depend on the current > connections, which are under the contol of NetworkManager. Yeah, I'd be interested to hear exactly what that support is supposed to do. Network "Profiles" are generally a bad idea, because they are a huge stick trying to solve a problem that's generally better solved with more targeted, intelligent mechanisms. You can quite often autodetect what "profile" you need to use, and that's exactly what NetworkManager does with it's connections. Now if it's more about mounting your work NFS when at work, and your SMB share when at home, that's fine, but that can certainly automatically key off what NetworkManager connection is currently active, because NM has essentially already determined your location for you... but in the end, _most_ stuff like printers, network shares, etc, should be auto-detectable. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
