Re: Openvpn Applet
 

That doesn't work either. That's where I had my configuration to begin with.

Currently I go to /etc/openvpn and execute
from the commandline to start the tunnel. It's a pain to do that every time though. I guess I need to write a script and find a way to trigger it from the gui.

is the .conf file readable by user?

Re: Openvpn Applet
 

Yes, both the copy on the MMC card, and the copy in /etc/openvpn.

Strangely, the files on the mmc card are owned by "user", but they are in the "root" group. The permission bits are 644. I logged in as root and tried to "chown root:users *", but got operation not permitted. I suppose that's not the problem, because the files on the mmc chip are readable by all.

The files in /etc/openvpn are owned by root:users, and have permission bits 640. So there is no reason why the applet would have trouble accessing the files.

ok, what are permissions for /etc/openvpn directory itself? They should be for example 755.

Re: Openvpn Applet
 

That was it! The applet finds the tunnel configuration now.

/etc/openvpn was owned by root:root w/ permissions 700. I changed ownership to root:users w/ permission bits 750.

It's a quick fix. From a security standpoint, I think only root should see these files. Should the 's' bit be set on the applet?

Re: Openvpn Applet
 

I think that /etc/openvpn directory's 755 permission bits are default for many distributions including maemo.org's openvpn package (if it hasn't changed), but I can understand your view.

Problem with openvpn applet is that is is running inside hildon-desktop and it is always running as user. Applet needs to be able to read the configuration file and directory listing of /etc/openvpn, but it doesn't need to be able to read certificates or keys. For importing files and starting openvpn process it uses sudo.

Re: Openvpn Applet
 

I notice that the instant START is tapped, the icon turns green well before it could connect successfully. And it remains green, even if I shutdown the network. So what is the icon telling us?

FEATURE REQUEST:

To get an idea of how the tunnel is working, I generally run something like: "tail -f /var/log/openvpn.log" (the logfile is specified by the "log" key in the config file). It would indeed be useful if the openvpn applet gave the user a way to request a detailed status, which could simply involve launching an xterm that runs the tail command on whatever log is mentioned in the config file.

Sometimes I just want to see what my IP address is. So I scroll through my bookmarks for a website that will echo that back to me. It gives me a relatively quick way of confirming whether the tunnel is working. It would be useful if such a webpage could be launched directly from the applet.

Re: Openvpn Applet
 

It is looking for the pid file. After about 30 seconds it stops scanning the pid file and updates only when you select the connection from drop down list or use the stop button. So it isn't aware of network connection or even openvpn connection at all, but it's on my "todo" list to make it better.

Test button in settings dialog is close to this, but as it restarts the connection every time (and dialog is modal to hildon-desktop) it's not exactly useful for this purpose. But this is a good idea and I think about it when I have the motivation to do something for applet.



This kind of feature would be very nice, but I would see that it fits better for example for homeip applet.

Re: Openvpn Applet
 

I am trying to use openvpn to tunnel my sip/voip (Gizmo, Sipgate etc) from N810 to any openvpn server. Openvpn works fine and sip/voip works fine but it fails when openvpn is used. Are there scripts that can be used as a solution? The ones at https://bugs.maemo.org/show_bug.cgi?id=1860 seem not to work or I am doing it wrong. :confused:

Re: Openvpn Applet
 

I take it you've got it resolved now? There was a reply in the bug thread and I too replied in that other thread (summary: set "script-security 2" to openvpn config file, add 'x' bit (chmod u+s) to your scripts).

EDIT: I meant u+x of course, u+s was a typo.. that's something entirely different and won't work on scripts.

Re: Openvpn Applet
 

Yes I got it to work and thanks for your help. I used chmod +x, I read that chmod u+s doesn't work for scripts. I also found that trying to run more than one sip (my case it was sipgate and gizmo tied into Google Voice) seem to make them not reliable. I also added "script-security 2 system" to the openvpn config file. Now my N810-WE is humming! :cool:

Re: Openvpn Applet
 

Ops, u+s was a typo (s is the sticky bit, and won't work on scripts, as you said. I did mean u+x. Updated my post above.)

Re: Openvpn Applet
 

Just a happy user posting! It works! :-)

Re: Openvpn Applet
 

Nice to hear, what NXXX?

Re: Openvpn Applet
 

Hi ! I'v got everything working fine and have no problems running from console (e "/usr/sbin/openvpn /etc/openvpn/your_config"), BUT have this problem that the applet dissapears from Status bar. Uninstalling and re-installing gets it back - Does anybody have a solution on this problem ??

Re: Openvpn Applet
 

When does it disappear? What are the permissions in /etc/openvpn directory? There is very likely a bug in the applet.

Re: Openvpn Applet
 

Hi ! It dissapears after reboot (eg turning off and on N900). I'm a newbie to Linux s 2 good at permission-stuff BUT I installed rootsh, ran sudo gainroot, cd /etc, sudo chmod 777 openvpn, turned off the N900 and started it again, BUT no applet in statusbar. SO it's there after installation (and works nicely over 3G :-)), BUT as soon as I restart machine the applet is gone :-(

Re: Openvpn Applet
 

OK. It's possible that some other plugin is causing the problem. Do you have any other status menu plugins installed? If you have, try removing them. Note that if something else is crashing, you never have a chance to to see it in status bar.

Re: Openvpn Applet
 

Hi ! BIG Thks - you were absolutely right - when I uninstalled Tor-applet YOUR/OpenVPN-applet applet came right back :) - didn't even have to restart. Do u have any idea where/if one can edit the loadingorder of applets - maybe that could do the trick !!

Re: Openvpn Applet
 

Tor applet and OpenVPN applet are working together fine for me. I don't believe that loading order is any help here.

Re: Openvpn Applet
 

Is it possible to add something like "status of VPN connection" to status-menu? Now you can't see, if the connection is established or not (on the desktop I mean).

Re: Openvpn Applet
 

This may be off-topic. But is it possible to have two VPN connections running on the N900? I'll describe why first. Currently I'm debating should I use a free OpenVPN provider or just run two of my own. Why two? Well one is at my parents' home and the other is at the apartment. At any time, one or both may be offline. I'd like to have the N900 try to connect to either one of them.

Reason why I want to use OpenVPN (retrieval and accessing it remotely in case it gets misplaced to delete files). Since it's on T-Mobile USA and behind a NAT I can't access it directly with SSH. I could try reverse SSH though (I suppose if I figured how to set it up).

Sorry if it's off-topic.

Re: Openvpn Applet
 

It is possible to have two openvpn connections open at the same time, no problem. If I understood correctly you wish have them open always automatically. It is possible too, but not with OpenVPN Applet, because it doesn't support "always on" connections from the boot you'll need to start them manually.

Re: Openvpn Applet
 

There is little icon in status area when openvpn is active. But it doesn't tell if connection is really established or is it still trying to connect.

Re: Openvpn Applet
 

Yes, I know. But I would like to see if connection established is or not.

Sorry for my English..

Re: Openvpn Applet
 

It is not too hard to add "connecting" icon. I'll see if there is enough small fixes to made for a new release.

Re: Openvpn Applet
 

@Mikkov,

Is it possible to execute the applet from command-line? The reason i want to do this is that i want to start openvpn before i connect to wifi.

I was going to script something in /etc/network/if-pre-up.d/ but didnt want to use the openvpn script init script since it logs to syslog by default. With the applet it is easier to check the status. It will be awesome if it were possible to start and stop applet via command-line.

Thanks

Re: Openvpn Applet
 

There used to be very simple text mode ui, but it wasn't exactly command line interface and it wouldn't work the you are hoping for. So the answer is no.

Re: Openvpn Applet
 

hi guys i just installed openvpn-applet to n900 but it seems like it doesn't get an local ip and i cant ping the other end but on my desktop machine for same configuration file it get connected and i get an IP from server. on n900 it shows that i have connected and even from server side without an issue but no ip adress. To make sure i tryed with my DNS records whether there is an entry, no luck so far.... help me over here

Re: Openvpn Applet
 

Hi, could you publish the syntax of your config-file to compare mine with it, please? I am getting a socket.connect() failed thingy now, I must have messed it up.

cheers!

EDIT:

I have been experimenting around with stuff like

and
and similar things, but I realize I am unfamiliar with the syntax and reading up on it is not as easy as I thought. The password.txt file contains user and password blank delimited and just for one person. I am not concerned about putting these bits on my N900, as I am using it only scarcely.

I might add, that if I leave OpenVPN as it is and edit in the user/pass combination with my VPN provider, it works flawless. Just the given pass and user combination is hellishly stupid to edit in every time.

Re: Openvpn Applet
 

answering myself - maybe some other kind soul will save some minutes.

Tried opening openvpn form shell, which gave me the necessary input:

the password file needs to have the user in one line, passwort after carriage return.

Using complete paths in the config file also was of great help to make it work (I am keeping the certs etc in a subdirectory of openvpn to make things digestible).

config file now goes like this:

Re: Openvpn Applet
 

Hi Mikko,
first off many thanks for this nifty little time saver! (I hope that still somebody is following this thread!(?))
For others' information, I had the same problem as user pm_home in post 59: the applet did not consistently show up in the status bar. I deleted the wifi-switch (?) applet and now openvpn-applet does show up. Could it be a general thing about too many applets maybe? (Has anybody seen the status menu bar providing slider bars?) Anyways, I hope it will stay visible as I am certain to make quite some use of it.
Cheers!
St. Mueller, Switzerland

Re: Openvpn Applet
 

I do randomly watch this thread, nice to hear that you like the applet.

I have heard couple of times before that applet isn't showing up until some other applet is removed. I have looked into it, but frankly haven't found any reason for it or seen it myself.

Re: Openvpn Applet
 

Mikkov,

thanks for your reply! By coincidence I found out that the status menu bar does indeed provide a sliding functionality. That is, if there are too many applets, one can scroll but there are no slider bars visible so that you won't realize there are additional applets (at least I did not until after two years of using my n900 ...). Since the OpenVPN applet seems to be added towards the bottom of the menu bar area it seems to be susceptible for being hidden down below.

Hope this helps others.

Cheers!
St. Mueller, Switzerland

Re: Openvpn Applet
 

I tried using openvpn to connect to my Ivacy account with these configuration files, but all I get is

What could be the problem?

Also, if I set

in the configuration file, what format should be in the pass-file? username:password?

Re: Openvpn Applet
 

Hey bocephus
Just a quick shot in the dark: I would try specifying the full path of the files. I put mine under '/home/user/.ssl/' for instance.

Cheers!
St. Mueller, Switzerland

Re: Openvpn Applet
 

Well, I've tried that just to be sure, but that's not the problem. The error is not "not found", it's "PEM_read_bio:no start line". I suspect it might be encoding related. Does Leafpad save in UTF or ANSI? The latter might be preferable.

Edit: Nope. I saved all files in Unix ANSI in Notepad++ but I still get the same error.