Notices
Page 5 of 8 « First 34 5 67 Last »
Reply
Thread Tools
jgombos is offline jgombos
2008-11-27 , 22:50
Posts: 67 | Thanked: 13 times | Joined on Feb 2008 @ U.S.A.
#41
Originally Posted by mikkov View Post
Thanks for the report. I will try to investigate this problem later.

Until I fix the problem you can copy configuration files directly to /etc/openvpn directory. Applet should see the .conf or .ovpn file from there.
That doesn't work either. That's where I had my configuration to begin with.

Currently I go to /etc/openvpn and execute
Code:
openvpn --config openvpn.conf
from the commandline to start the tunnel. It's a pain to do that every time though. I guess I need to write a script and find a way to trigger it from the gui.
 
mikkov is offline mikkov
2008-11-27 , 22:53
Posts: 1,208 | Thanked: 1,028 times | Joined on Oct 2007
#42
is the .conf file readable by user?
 
jgombos is offline jgombos
2008-11-28 , 09:12
Posts: 67 | Thanked: 13 times | Joined on Feb 2008 @ U.S.A.
#43
Originally Posted by mikkov View Post
is the .conf file readable by user?
Yes, both the copy on the MMC card, and the copy in /etc/openvpn.

Strangely, the files on the mmc card are owned by "user", but they are in the "root" group. The permission bits are 644. I logged in as root and tried to "chown root:users *", but got operation not permitted. I suppose that's not the problem, because the files on the mmc chip are readable by all.

The files in /etc/openvpn are owned by root:users, and have permission bits 640. So there is no reason why the applet would have trouble accessing the files.
 
mikkov is offline mikkov
2008-11-28 , 16:26
Posts: 1,208 | Thanked: 1,028 times | Joined on Oct 2007
#44
ok, what are permissions for /etc/openvpn directory itself? They should be for example 755.
 

The Following User Says Thank You to mikkov For This Useful Post:
jgombos is offline jgombos
2008-11-28 , 17:13
Posts: 67 | Thanked: 13 times | Joined on Feb 2008 @ U.S.A.
#45
Originally Posted by mikkov View Post
ok, what are permissions for /etc/openvpn directory itself? They should be for example 755.
That was it! The applet finds the tunnel configuration now.

/etc/openvpn was owned by root:root w/ permissions 700. I changed ownership to root:users w/ permission bits 750.

It's a quick fix. From a security standpoint, I think only root should see these files. Should the 's' bit be set on the applet?
 
mikkov is offline mikkov
2008-11-28 , 17:32
Posts: 1,208 | Thanked: 1,028 times | Joined on Oct 2007
#46
I think that /etc/openvpn directory's 755 permission bits are default for many distributions including maemo.org's openvpn package (if it hasn't changed), but I can understand your view.

Problem with openvpn applet is that is is running inside hildon-desktop and it is always running as user. Applet needs to be able to read the configuration file and directory listing of /etc/openvpn, but it doesn't need to be able to read certificates or keys. For importing files and starting openvpn process it uses sudo.
 
jgombos is offline jgombos
2008-12-02 , 15:00
Posts: 67 | Thanked: 13 times | Joined on Feb 2008 @ U.S.A.
#47
I notice that the instant START is tapped, the icon turns green well before it could connect successfully. And it remains green, even if I shutdown the network. So what is the icon telling us?

FEATURE REQUEST:

To get an idea of how the tunnel is working, I generally run something like: "tail -f /var/log/openvpn.log" (the logfile is specified by the "log" key in the config file). It would indeed be useful if the openvpn applet gave the user a way to request a detailed status, which could simply involve launching an xterm that runs the tail command on whatever log is mentioned in the config file.

Sometimes I just want to see what my IP address is. So I scroll through my bookmarks for a website that will echo that back to me. It gives me a relatively quick way of confirming whether the tunnel is working. It would be useful if such a webpage could be launched directly from the applet.
 

The Following User Says Thank You to jgombos For This Useful Post:
mikkov is offline mikkov
2008-12-02 , 17:16
Posts: 1,208 | Thanked: 1,028 times | Joined on Oct 2007
#48
Originally Posted by jgombos View Post
I notice that the instant START is tapped, the icon turns green well before it could connect successfully. And it remains green, even if I shutdown the network. So what is the icon telling us?
It is looking for the pid file. After about 30 seconds it stops scanning the pid file and updates only when you select the connection from drop down list or use the stop button. So it isn't aware of network connection or even openvpn connection at all, but it's on my "todo" list to make it better.

FEATURE REQUEST:

To get an idea of how the tunnel is working, I generally run something like: "tail -f /var/log/openvpn.log" (the logfile is specified by the "log" key in the config file). It would indeed be useful if the openvpn applet gave the user a way to request a detailed status, which could simply involve launching an xterm that runs the tail command on whatever log is mentioned in the config file.
Test button in settings dialog is close to this, but as it restarts the connection every time (and dialog is modal to hildon-desktop) it's not exactly useful for this purpose. But this is a good idea and I think about it when I have the motivation to do something for applet.



Sometimes I just want to see what my IP address is. So I scroll through my bookmarks for a website that will echo that back to me. It gives me a relatively quick way of confirming whether the tunnel is working. It would be useful if such a webpage could be launched directly from the applet.
This kind of feature would be very nice, but I would see that it fits better for example for homeip applet.
 
heavyt's Avatar
heavyt is offline heavyt
2009-12-29 , 19:27
Posts: 708 | Thanked: 125 times | Joined on Jan 2007 @ Too Close To D.C
#49
I am trying to use openvpn to tunnel my sip/voip (Gizmo, Sipgate etc) from N810 to any openvpn server. Openvpn works fine and sip/voip works fine but it fails when openvpn is used. Are there scripts that can be used as a solution? The ones at https://bugs.maemo.org/show_bug.cgi?id=1860 seem not to work or I am doing it wrong.
 
TA-t3 is offline TA-t3
2009-12-30 , 11:51
Posts: 3,841 | Thanked: 1,079 times | Joined on Nov 2006
#50
I take it you've got it resolved now? There was a reply in the bug thread and I too replied in that other thread (summary: set "script-security 2" to openvpn config file, add 'x' bit (chmod u+s) to your scripts).

EDIT: I meant u+x of course, u+s was a typo.. that's something entirely different and won't work on scripts.
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
Last edited by TA-t3; 2010-01-01 at 20:59.
 

The Following User Says Thank You to TA-t3 For This Useful Post:
Reply
Page 5 of 8 « First 34 5 67 Last »

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 00:36.

Contact Us - Home - Archive - Top