[Pkg-utopia-maintainers] Bug#948035: network-manager-openvpn-gnome: Network-Manage r-openvpn does not support push-peer-info
Peder Pedersen
ppedersen at telensa.com
Fri Jan 3 14:45:21 GMT 2020
Package: network-manager-openvpn-gnome
Version: 1.8.10-1
Severity: normal
Tags: patch
Dear Maintainer,
* What led up to the situation?
I was unable to connect to company VPN server because client did not have the
--push-peer-info
* What exactly did you do (or not do) that was effective (or ineffective)?
changes the source to add support for the option
* What was the outcome of this action?
a patch for the community
* What outcome did you expect instead?
being able to connect vpn servers which require pus-peer-info option
* extra info:
extrac from openvpn conf file:
<--START CONF
setenv FORWARD_COMPATIBLE 1
client
proto udp
nobind
remote vpn.example.com
port 1194
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<--END-CONF
The only part I have not done is the extrat.
regards,
Peder.
-- System Information:
Debian Release: 10.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages network-manager-openvpn-gnome depends on:
ii libc6 2.28-10
ii libglib2.0-0 2.58.3-2+deb10u2
ii libgtk-3-0 3.24.5-1
ii libnm0 1.14.6-2+deb10u1
ii libnma0 1.8.20-1.1
ii libsecret-1-0 0.18.7-1
ii network-manager-openvpn 1.8.10-1
network-manager-openvpn-gnome recommends no packages.
network-manager-openvpn-gnome suggests no packages.
-- no debconf information
-------------- next part --------------
diff --git a/properties/import-export.c b/properties/import-export.c
index 5507ab8..eaf5790 100644
--- a/properties/import-export.c
+++ b/properties/import-export.c
@@ -911,6 +911,20 @@ do_import (const char *path, const char *contents, gsize contents_len, GError **
continue;
}
+ if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_SETENV)) {
+ // hard coded for 1 to 10 params could be more
+ if (!args_params_check_nargs_minmax (params, 1, 10, &line_error))
+ goto handle_line_error;
+ /* Valid parameters are "PUSH_PEER_INFO", ....
+ * there are other setenv params that are possible
+ * they may need adding below
+ */
+ if (nm_streq (params[1], "PUSH_PEER_INFO")) {
+ setting_vpn_add_data_item (s_vpn, NM_OPENVPN_KEY_PUSH_PEER_INFO, "yes");
+ }
+ continue;
+ }
+
if (NM_IN_STRSET (params[0], NMV_OVPN_TAG_MSSFIX)) {
if (!args_params_check_nargs_minmax (params, 0, 1, &line_error))
goto handle_line_error;
diff --git a/properties/nm-openvpn-dialog.ui b/properties/nm-openvpn-dialog.ui
index c54cca1..e5cfa1a 100644
--- a/properties/nm-openvpn-dialog.ui
+++ b/properties/nm-openvpn-dialog.ui
@@ -2479,6 +2479,24 @@ config: connect-timeout <n> | server-poll-timeout <n></property>
<property name="position">1</property>
</packing>
</child>
+ <child>
+ <object class="GtkCheckButton" id="push_peer_info">
+ <property name="label" translatable="yes">push-peer-info</property>
+ <property name="use_action_appearance">False</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="tooltip_text" translatable="yes">This is to enable push-peer-info</property>
+ <property name="use_underline">True</property>
+ <property name="xalign">0</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">9</property>
+ </packing>
+ </child>
</object>
<packing>
<property name="position">4</property>
diff --git a/properties/nm-openvpn-editor.c b/properties/nm-openvpn-editor.c
index 5c409b4..d8edbe4 100644
--- a/properties/nm-openvpn-editor.c
+++ b/properties/nm-openvpn-editor.c
@@ -704,6 +704,7 @@ static const char *const advanced_keys[] = {
NM_OPENVPN_KEY_PING_EXIT,
NM_OPENVPN_KEY_PING_RESTART,
NM_OPENVPN_KEY_PORT,
+ NM_OPENVPN_KEY_PUSH_PEER_INFO,
NM_OPENVPN_KEY_PROTO_TCP,
NM_OPENVPN_KEY_PROXY_PORT,
NM_OPENVPN_KEY_PROXY_RETRY,
@@ -1606,6 +1607,7 @@ advanced_dialog_new (GHashTable *hash, const char *contype)
_builder_init_toggle_button (builder, "mssfix_checkbutton", _hash_get_boolean (hash, NM_OPENVPN_KEY_MSSFIX));
_builder_init_toggle_button (builder, "float_checkbutton", _hash_get_boolean (hash, NM_OPENVPN_KEY_FLOAT));
_builder_init_toggle_button (builder, "tcp_checkbutton", _hash_get_boolean (hash, NM_OPENVPN_KEY_PROTO_TCP));
+ _builder_init_toggle_button (builder, "push_peer_info", _hash_get_boolean (hash, NM_OPENVPN_KEY_PUSH_PEER_INFO));
_builder_init_toggle_button (builder, "ncp_disable_checkbutton", _hash_get_boolean (hash, NM_OPENVPN_KEY_NCP_DISABLE));
@@ -1954,6 +1956,10 @@ advanced_dialog_new_hash_from_dialog (GtkWidget *dialog)
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, NM_OPENVPN_KEY_PROTO_TCP, g_strdup ("yes"));
+ widget = GTK_WIDGET (gtk_builder_get_object (builder, "push_peer_info"));
+ if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
+ g_hash_table_insert (hash, NM_OPENVPN_KEY_PUSH_PEER_INFO, g_strdup ("yes"));
+
widget = GTK_WIDGET (gtk_builder_get_object (builder, "ncp_disable_checkbutton"));
if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget)))
g_hash_table_insert (hash, NM_OPENVPN_KEY_NCP_DISABLE, g_strdup ("yes"));
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index c0fb724..eae7371 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -60,6 +60,7 @@
#define NM_OPENVPN_KEY_PROXY_RETRY "proxy-retry"
#define NM_OPENVPN_KEY_PROXY_SERVER "proxy-server"
#define NM_OPENVPN_KEY_PROXY_TYPE "proxy-type"
+#define NM_OPENVPN_KEY_PUSH_PEER_INFO "push-peer-info"
#define NM_OPENVPN_KEY_REMOTE "remote"
#define NM_OPENVPN_KEY_REMOTE_CERT_TLS "remote-cert-tls"
#define NM_OPENVPN_KEY_REMOTE_IP "remote-ip"
diff --git a/shared/utils.h b/shared/utils.h
index e3f30be..f31e23d 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -79,6 +79,7 @@
#define NMV_OVPN_TAG_TUN_IPV6 "tun-ipv6"
#define NMV_OVPN_TAG_TUN_MTU "tun-mtu"
#define NMV_OVPN_TAG_USER "user"
+#define NMV_OVPN_TAG_SETENV "setenv"
#define NMV_OVPN_TAG_VERIFY_X509_NAME "verify-x509-name"
gboolean is_pkcs12 (const char *filepath);
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 59b64eb..8c5866e 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -162,6 +162,7 @@ static const ValidProperty valid_properties[] = {
{ NM_OPENVPN_KEY_PING_EXIT, G_TYPE_INT, 0, G_MAXINT, FALSE },
{ NM_OPENVPN_KEY_PING_RESTART, G_TYPE_INT, 0, G_MAXINT, FALSE },
{ NM_OPENVPN_KEY_MAX_ROUTES, G_TYPE_INT, 0, 100000000, FALSE },
+ { NM_OPENVPN_KEY_PUSH_PEER_INFO, G_TYPE_BOOLEAN, 0, 0, FALSE },
{ NM_OPENVPN_KEY_PROTO_TCP, G_TYPE_BOOLEAN, 0, 0, FALSE },
{ NM_OPENVPN_KEY_PORT, G_TYPE_INT, 1, 65535, FALSE },
{ NM_OPENVPN_KEY_PROXY_TYPE, G_TYPE_STRING, 0, 0, FALSE },
@@ -1439,6 +1440,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
}
}
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_PUSH_PEER_INFO);
+ if (nm_streq0 (tmp, "yes"))
+ args_add_strv (args, "--push-peer-info");
+
tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_REMOTE_RANDOM);
if (nm_streq0 (tmp, "yes"))
args_add_strv (args, "--remote-random");
More information about the Pkg-utopia-maintainers
mailing list