Re: Fedora 10; openvpn plugin, treat tun devices as tap devices in relation to netmask (do not hardcode tun to /32)
- From: Ove Everlid <Ove Everlid sun com>
- To: Dan Williams <dcbw redhat com>
- Cc: jonathan Petersson <Jonathan Petersson sun com>, networkmanager-list gnome org
- Subject: Re: Fedora 10; openvpn plugin, treat tun devices as tap devices in relation to netmask (do not hardcode tun to /32)
- Date: Mon, 23 Mar 2009 22:27:55 +0100
Ove Everlid wrote:
Dan Williams wrote:
On Mon, 2009-03-23 at 02:07 +0100, Ove Everlid wrote:
Hi!
To connect to an OpenVPN server that uses tun-devices with a non /32
netmask one need this patch. I'm using NetworkManager under Fedora 10
(same issues still exists in F11 alpha/rawhide).
So you're 100% sure that the server is configured to use tun mode, and
that it's sending a netmask, right? The OpenVPN manpage indicates that
'ifconfig_netmask' is only used with TAP mode. Is the manpage not
correct?
Jonathan (CC) has contacted OpenVPN folks to have this verified directly
from them.
The TUN interface has support for more features today,such as a non /32
netmask and I would suspect the manual page is lagging.
Attached is another basic patch that will use the ifconfig_netmask if it
exists in the env, if not, default to /32 netmask. This would cover if
older version of openvpn is used and minimize risks that this patch will
break anything due to an old version of openvpn.
Ove
Ove
Dan
The patch is the quick fix but the special treatment of tun/tap
relative network mask can be removed.
Question; will removing the tun /32 netmask hard coding cause other
issues.
Ove
[root oehplap NetworkManager]# diff -c
nm-openvpn-service-openvpn-helper.c
nm-openvpn-service-openvpn-helper.c.fc10.orig
*** nm-openvpn-service-openvpn-helper.c 2009-03-22
22:13:35.227415799 +0100
--- nm-openvpn-service-openvpn-helper.c.fc10.orig 2009-01-28
18:38:30.000000000 +0100
***************
*** 339,345 ****
* TAP devices pass back the netmask, while TUN devices always
use /32
* since they are point-to-point.
*/
! if (tapdev || 1) {
tmp = getenv ("ifconfig_netmask");
if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) {
GValue *val;
--- 339,345 ----
* TAP devices pass back the netmask, while TUN devices always
use /32
* since they are point-to-point.
*/
! if (tapdev) {
tmp = getenv ("ifconfig_netmask");
if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) {
GValue *val;
[root oehplap NetworkManager]#
--
Ove Everlid
MySQL Senior Systems Architect
Mobile: +46706662363
Office: +4618174410 (Time Zone MET)
Skype handle: oveeve
--- nm-openvpn-service-openvpn-helper.c.fc10.orig 2009-01-28 18:38:30.000000000 +0100
+++ nm-openvpn-service-openvpn-helper.c 2009-03-23 21:55:23.103127728 +0100
@@ -338,19 +338,20 @@
*
* TAP devices pass back the netmask, while TUN devices always use /32
* since they are point-to-point.
+ * FIX: 2009-03-23; recent versions of openvpn supports arbitrary netmasks for tun-devices. If a netmask env is present, use it.
*/
- if (tapdev) {
- tmp = getenv ("ifconfig_netmask");
- if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) {
- GValue *val;
-
- val = g_slice_new0 (GValue);
- g_value_init (val, G_TYPE_UINT);
- g_value_set_uint (val, nm_utils_ip4_netmask_to_prefix (temp_addr.s_addr));
+ tmp = getenv ("ifconfig_netmask");
+ if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) {
+ /* Openvpn passed up a netmask, use it for the device in question */
+ GValue *val;
- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val);
- }
- } else {
+ val = g_slice_new0 (GValue);
+ g_value_init (val, G_TYPE_UINT);
+ g_value_set_uint (val, nm_utils_ip4_netmask_to_prefix (temp_addr.s_addr));
+
+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val);
+ } else {
+ /* No netmask passed up to helper, default to old behaviour of /32 */
GValue *val;
val = g_slice_new0 (GValue);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
