We have moved to a new Sailfish OS Forum. Please start new discussions there.
24

Bug: Connman OpenVPN

asked 2014-01-06 23:22:07 +0200

MFulz gravatar image

updated 2014-01-07 21:46:54 +0200

llornkcor gravatar image

Hi,

there seems to be a bug in connman for openvpn - here is what I did find out till now:

I'm working on a OpenVPN client for my Jolla, but it seems that connman is bugging around here:

this is the comman which will be used by connman:

openvpn --remote olz.dyndns.org --ca /home/nemo/OpenVPN/ca.crt --cert /home/nemo/OpenVPN/olz_mobile.crt --key /home/nemo/OpenVPN/olz_mobile.key -- comp-lzo --nobind --persist-key --client --script-security 2 --up /usr/lib/connman/scripts/openvpn-script --up-restart --setenv CONNMAN_BUSNAME :1.71 --setenv CONNMAN_INTERFACE net.connman.Task --setenv CONNMAN_PATH /task/0 --dev vpn0 --dev-type tun --persist-tun --route-noexec --ifconfig- noexec --ping-restart 0

As it wasn't able to connect I've tried to run this command on my own:

[root@localhost OpenVPN]# openvpn --remote olz.dyndns.org --ca /home/nemo/OpenVPN/ca.crt --cert /home/nemo/OpenVPN/olz_mobile.crt --key /home/nemo/OpenVPN/olz_mobile.key --comp-lzo --nobind --persist-key --client --script-security 2 --up /usr/lib/connman/scripts/openvpn-script --up-restart --setenv CONNMAN_BUSNAME :1.71 --setenv CONNMAN_INTERFACE net.connman.Task -- setenv CONNMAN_PATH /task/0 --dev vpn0 --dev-type tun --persist-tun --route- noexec --ifconfig-noexec --ping-restart 0 Sun Jan 5 01:41:41 2014 OpenVPN 2.2.2 armv7l-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Nov 1 2013 Sun Jan 5 01:41:41 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sun Jan 5 01:41:41 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sun Jan 5 01:41:41 2014 LZO compression initialized Sun Jan 5 01:41:42 2014 UDPv4 link local: [undef] Sun Jan 5 01:41:42 2014 UDPv4 link remote: 188.194.98.162:1194 Sun Jan 5 01:42:17 2014 [olz.dyndns.org] Peer Connection Initiated with 188.194.98.162:1194 Sun Jan 5 01:42:20 2014 TUN/TAP device vpn0 opened Sun Jan 5 01:42:20 2014 /usr/lib/connman/scripts/openvpn-script vpn0 1500 1542 192.168.100.202 192.168.100.201 init Sun Jan 5 01:42:20 2014 Initialization Sequence Completed

The issue is related to the script:

/usr/lib/connman/scripts/openvpn-script

which just seems to do nothing.

When I'm just removing the options:

--route-noexec --ifconfig-noexec

from the command above it is connecting fine:

Sun Jan 5 01:57:32 2014 OpenVPN 2.2.2 armv7l-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Nov 1 2013 Sun Jan 5 01:57:32 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sun Jan 5 01:57:32 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sun Jan 5 01:57:32 2014 LZO compression initialized Sun Jan 5 01:57:33 2014 UDPv4 link local: [undef] Sun Jan 5 01:57:33 2014 UDPv4 link remote: 188.194.98.162:1194 Sun Jan 5 01:58:07 2014 [olz.dyndns.org] Peer Connection Initiated with 188.194.98.162:1194 Sun Jan 5 01:58:10 2014 TUN/TAP device vpn0 opened Sun Jan 5 01:58:10 2014 /sbin/ip link set dev vpn0 up mtu 1500 Sun Jan 5 01:58:10 2014 /sbin/ip addr add dev vpn0 local 192.168.100.202 peer 192.168.100.201 Sun Jan 5 01:58:10 2014 /usr/lib/connman/scripts/openvpn-script vpn0 1500 1542 192.168.100.202 192.168.100.201 init RTNETLINK answers: File exists Sun Jan 5 01:58:10 2014 ERROR: Linux route add command failed: external program exited with error status: 2 Sun Jan 5 01:58:10 2014 Initialization Sequence Completed

ifconfig:

vpn0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.100.202 P-t-P:192.168.100.201
Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Here are some logs:

Jan 05 23:47:48 localhost openvpn[2854]: /usr/lib/connman/scripts/openvpn- script vpn0 1500 1542 192.168.100.202 192.168.100.201 init Jan 05 23:47:48 localhost connmand[794]: Adding host route failed (No such process) Jan 05 23:47:48 localhost connmand[794]: connman_inet_clear_ipv6_address: Invalid argument Jan 05 23:47:48 localhost connmand[794]: connman_inet_clear_ipv6_address: Invalid argument Jan 05 23:47:48 localhost connmand[794]: Skipping disconnect of /ril_0/context1, network is connecting. Jan 05 23:47:48 localhost connmand[794]: Failed to change property: /ril_0/context1 org.ofono.ConnectionContext.Active: org.ofono.Error.InProgress Operation already in progress Jan 05 23:47:48 localhost connmand[794]: notifier disconnect underflow Jan 05 23:47:48 localhost connmand[794]: Deleting host route failed (No such device) Jan 05 23:47:48 localhost connmand[794]: Deleting host route failed (No such device) Jan 05 23:47:48 localhost connmand[794]: Removing default gateway route failed (No such device) Jan 05 23:47:48 localhost connmand[794]: Skipping disconnect of /ril_0/context1, network is connecting. Jan 05 23:47:48 localhost connmand[794]: connman_inet_clear_address: Invalid argument Jan 05 23:47:48 localhost connmand[794]: connman_inet_clear_ipv6_address: Invalid argument Jan 05 23:47:48 localhost connmand[794]: Failed to change property: /ril_0/context1 org.ofono.ConnectionContext.Active: org.ofono.Error.InProgress Operation already in progress

Would be great to get some help here

BR,

Matthias

edit retag flag offensive close delete

Comments

5

nice to see someone working on openvpn for jolla.

naytsyrhc ( 2014-01-07 20:29:09 +0200 )edit
1

Yep I'm nearly finished with the first working release but the connman bug is a showstopper to proceed.

MFulz ( 2014-01-07 21:18:59 +0200 )edit

Are you working on a GUI or just get openVPN to work. From this question it seems that openvpn is working already.

naytsyrhc ( 2014-01-23 00:39:37 +0200 )edit
1

First: I'm working on GUI. Second: As root it is working from CLI yes. But not via connman. You can add / remove connections via connman (dbus) without problems, but because of the bug I've reported you can't connect. Neither as user nor as root.

MFulz ( 2014-01-23 14:28:06 +0200 )edit

Ok. That's great (that you're working on GUI). Hope this bug will get fixed soon.

naytsyrhc ( 2014-01-23 16:51:33 +0200 )edit

2 Answers

Sort by » oldest newest most voted
17

answered 2014-03-20 12:01:29 +0200

MFulz gravatar image

Guys I'm happy to tell that I was able to connect via my GUI to the OpenVPN at home now. The bug seems to be fixed with last release !

I'm going to continue working on the GUI and try to put it to the harbour when ready.

edit flag offensive delete publish link more

Comments

This is REALLY GREAT news. Thanks for your work and good luck!

naytsyrhc ( 2014-03-20 12:03:37 +0200 )edit

FEATURE REQUEST - could you add openconnect support to it?

qrosh ( 2014-04-16 14:37:58 +0200 )edit

Hello,

so did anyone managed to actually run openvpn from connman? Running the script this way still bypasses the connmans services list, so default route can be pushed only with ugly /1

Adding the provider fails for me with connect-provider

romones ( 2014-04-23 14:39:44 +0200 )edit
-1

answered 2014-02-14 14:02:02 +0200

jr gravatar image

Your log indicates that you are trying to connect via cellular network but your 3G connection might not be ready yet.

Jan 05 23:47:48 localhost connmand[794]: Skipping disconnect of /ril_0/context1, network is connecting.

this means that the connection is still pending, also

Jan 05 23:47:48 localhost connmand[794]: Adding host route failed (No such process)

would indicate that the bearer network is not quite ready yet.

BTW, the /usr/lib/connman/scripts/openvpn-script is used when OpenVPN daemon communicates vpn status to ConnMan so it is very much needed here. It only prints errors so if you see nothing in openvpn logs, then everything should be fine. The --route-noexec --ifconfig-noexec parameters are needed because ConnMan must set routes and interface status instead of openvpn daemon.

edit flag offensive delete publish link more

Comments

If the connection wouldn't be ready, how could I use Browser, etc. to connect to the internet and why is it working when removing the options --route-noexec and --ifconfig-noexec? If that is the case then still connman is not able to realize the working connection.

MFulz ( 2014-02-14 14:33:08 +0200 )edit
Login/Signup to Answer

Question tools

Follow
12 followers

subscribe to rss feed

Stats

Asked: 2014-01-06 23:22:07 +0200

Seen: 2,076 times

Last updated: Oct 03 '14

Related questions

Why saved WLAN networks disappear and re-appear [released]

Bug: cannot create account when wifi and mobile data are activated

AGPS lets Mobile Data become active even when connected to wifi [released]

[Fixed in 1.0.3.8] Crash when linking contacts? [not relevant]

Time slider usage in video player of Gallery app causes the app to hang [duplicate]

QAudioOutput isn't integrated with system volume and libresource like QMediaPlayer

Bug: E-Mail synchronization does not work as configured [released]

Word prediction should be always turned off when entering passwords in Android apps [released]

[Implemented in 1.0.3.8] Poor Polish translation in Sailfish Twitter event feed makes ugly UI issue [answered]

Don't enforce focus to textfield [answered]

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49