Re: Openvpn Applet
 

That doesn't work either. That's where I had my configuration to begin with.

Currently I go to /etc/openvpn and execute
from the commandline to start the tunnel. It's a pain to do that every time though. I guess I need to write a script and find a way to trigger it from the gui.

is the .conf file readable by user?

Re: Openvpn Applet
 

Yes, both the copy on the MMC card, and the copy in /etc/openvpn.

Strangely, the files on the mmc card are owned by "user", but they are in the "root" group. The permission bits are 644. I logged in as root and tried to "chown root:users *", but got operation not permitted. I suppose that's not the problem, because the files on the mmc chip are readable by all.

The files in /etc/openvpn are owned by root:users, and have permission bits 640. So there is no reason why the applet would have trouble accessing the files.

ok, what are permissions for /etc/openvpn directory itself? They should be for example 755.

Re: Openvpn Applet
 

That was it! The applet finds the tunnel configuration now.

/etc/openvpn was owned by root:root w/ permissions 700. I changed ownership to root:users w/ permission bits 750.

It's a quick fix. From a security standpoint, I think only root should see these files. Should the 's' bit be set on the applet?

Re: Openvpn Applet
 

I think that /etc/openvpn directory's 755 permission bits are default for many distributions including maemo.org's openvpn package (if it hasn't changed), but I can understand your view.

Problem with openvpn applet is that is is running inside hildon-desktop and it is always running as user. Applet needs to be able to read the configuration file and directory listing of /etc/openvpn, but it doesn't need to be able to read certificates or keys. For importing files and starting openvpn process it uses sudo.

Re: Openvpn Applet
 

I notice that the instant START is tapped, the icon turns green well before it could connect successfully. And it remains green, even if I shutdown the network. So what is the icon telling us?

FEATURE REQUEST:

To get an idea of how the tunnel is working, I generally run something like: "tail -f /var/log/openvpn.log" (the logfile is specified by the "log" key in the config file). It would indeed be useful if the openvpn applet gave the user a way to request a detailed status, which could simply involve launching an xterm that runs the tail command on whatever log is mentioned in the config file.

Sometimes I just want to see what my IP address is. So I scroll through my bookmarks for a website that will echo that back to me. It gives me a relatively quick way of confirming whether the tunnel is working. It would be useful if such a webpage could be launched directly from the applet.

Re: Openvpn Applet
 

It is looking for the pid file. After about 30 seconds it stops scanning the pid file and updates only when you select the connection from drop down list or use the stop button. So it isn't aware of network connection or even openvpn connection at all, but it's on my "todo" list to make it better.

Test button in settings dialog is close to this, but as it restarts the connection every time (and dialog is modal to hildon-desktop) it's not exactly useful for this purpose. But this is a good idea and I think about it when I have the motivation to do something for applet.



This kind of feature would be very nice, but I would see that it fits better for example for homeip applet.

Re: Openvpn Applet
 

I am trying to use openvpn to tunnel my sip/voip (Gizmo, Sipgate etc) from N810 to any openvpn server. Openvpn works fine and sip/voip works fine but it fails when openvpn is used. Are there scripts that can be used as a solution? The ones at https://bugs.maemo.org/show_bug.cgi?id=1860 seem not to work or I am doing it wrong. :confused:

Re: Openvpn Applet
 

I take it you've got it resolved now? There was a reply in the bug thread and I too replied in that other thread (summary: set "script-security 2" to openvpn config file, add 'x' bit (chmod u+s) to your scripts).

EDIT: I meant u+x of course, u+s was a typo.. that's something entirely different and won't work on scripts.