Bug 1122330 - Many openvpn options are not included in the NetworkManager-openvpn config
Summary: Many openvpn options are not included in the NetworkManager-openvpn config
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager-openvpn
Version: 20
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Dan Williams
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2014-07-23 01:02 UTC by bpk678
Modified: 2015-06-29 21:42 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-06-29 21:42:16 UTC

Attachments (Terms of Use)

Description bpk678 2014-07-23 01:02:59 UTC
Description of problem: NetworkManager-openvpn cannot be configured to connect when advanced options are used in the config.  many of the options are not available for configuration when defining a OpenVPN connection.  in addition, importing a properly configured connection does not succeed, and many directives are not imported during the procoess.

Version-Release number of selected component (if applicable):

How reproducible: extremely reproducable

Steps to Reproduce:
1. create OpenVPN config:
dev tap
proto udp
remote host.domain.tld
resolv-retry infinite
keepalive 10 120
ca ca.crt
cert laptop.crt
key laptop.key
tls-auth tls-auth.key 1
ns-cert-type server
cipher AES-256-CBC
auth sha256
route-delay 10
script-security 2
up "up.sh"
down "down.sh"
verb 4
mute 20
explicit-exit-notify 2
2. attempt to import config created above
3. attempt to connect to OpenVPN
4. vi /etc/NetworkManager/system-connections/<name_given>
5. notice that many directives are not present

Actual results: OpenVPN connectivity does not work.  several directives that are required for the connection are not present in the NetworkManager connnection configuration.

Expected results: NetworkManager would import all the settings, record all directives, and be able to establish a connection

Additional info:

Comment 1 bpk678 2014-07-23 01:04:57 UTC
step 1 should have the line "client" above "dev tap".  copy/paste error missed that line.

Comment 2 Thomas Haller 2014-07-23 14:57:29 UTC
Fedora (20) uses a NM-openvpn release that is close to upstream. Any change should be implemented upstream first.

Also, your request is quite generic. NM VPN plugins do not support arbitrary options, instead they must be thought every single one of them. Requests to blindly accept (openvpn) arguments were rejected in the past (e.g. https://bugzilla.gnome.org/show_bug.cgi?id=625247).

This is a known problem, especially for OpenVPN which has countless configuration options. Upstream will try to address this as https://bugzilla.gnome.org/show_bug.cgi?id=704866 .

So, there are two possibilities:

- somebody adds exactly the options you request to NM-openvpn. This is tedious, and I wouldn't hold my breath for that. (Patches welcome).

- upstream makes this simpler by solving bgo#704866. We hope to do that for NM v1.0, but probably it won't be backported to Fedora 20 -- only future Fedora releases.

Comment 3 Fedora End Of Life 2015-05-29 12:26:43 UTC
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 4 Fedora End Of Life 2015-06-29 21:42:16 UTC
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.