We have moved to a new Sailfish OS Forum. Please start new discussions there.
9

SFOS 2.1 openvpn --dev-type tap not possible

asked 2017-05-14 02:13:28 +0300

juhaj gravatar image

Thanks for adding a proper openvpn support to SF. While SecureFishNet has been available for years, it has also been unreliable. However, the SF openvpn support is sorely lacking: even if I give a complete config file via Advanced Settings, SFOS/connmand insist on adding options to the openvpn command line which break the vpn.

For example, running "openvpn --config /home/nemo/openvpn/myvpn.ovpn" results in a working vpn, but defining the same through the SFOS Settings results in the following command line:

/usr/sbin/openvpn --remote MY.SERVER --ca /home/nemo/openvpn/ca.crt --proto udp --config /home/nemo/openvpn/myvpn.ovpn --syslog --script-security 2 --up /usr/lib/connman/scripts/openvpn-script --up-restart --setenv CONNMAN_BUSNAME :1.20547 --setenv CONNMAN_INTERFACE net.connman.Task --setenv CONNMAN_PATH /task/4 --dev vpn0 --dev-type tun --persist-tun --route-noexec --ifconfig-noexec --ping-restart 0

which does not work because of the "--dev-type tun" flag: the tunnel is a tap tunnel and "dev tap" is correctly specified in myvpn.ovpn config file yet the interface insists on overriding this, thus breaking the config.

The Settings should check the ovpn config file for options and NOT replace those it finds. It is ok to add --setenv options and probably also the --up and other such flags, but --dev-type is only going to break things.

edit retag flag offensive close delete

1 Answer

Sort by » oldest newest most voted
0

answered 2017-07-27 15:18:48 +0300

V10lator gravatar image

I'm playing with this since a few days and in fact a tap tunnel is possible but it has drawbacks. Anyway, the --dev-type argument gets setted by connman-vpnd, so just add a line containing OpenVPN.DeviceType=tap to /var/lib/connman/provider_[YOUR_VPN_NAME]_merproject_org/settings.

Now to the drawbacks: Connman does create a new wired ethernet config (/var/lib/connman/ethernet_[RANDOM_MAC]_cable/settings) when the VPN activates but doesn't do anything with it. My guess is that the connman version is simply too outdated (SailfishOS uses 1.31 while TUN/TAP support is officially there since 1.32: https://01.org/connman/blogs/pflykt/2016/connman-1.32 ). Untill they update you could start a DHCP client manually. To do that create a new folder /home/nemo/dhcpHack and in there a file called udhcpc.script witht he following content:

#!/bin/sh

[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1

case "$1" in
        deconfig)
                /sbin/ifconfig $interface 0.0.0.0
                ;;
        renew|bound)
                /sbin/ifconfig $interface $ip $BROADCAST $NETMASK

                if [ -n "$router" ] ; then
                        echo "deleting routers"
                                while route del default gw 0.0.0.0 dev $interface ; do
                                        :
                                done

                                for i in $router ; do
                                        route add default gw $i dev $interface
                                done
                fi

                for i in $dns ; do
                        echo ignoring dns $i
                done
                ;;
esac

exit 0

Now execute:

/usr/sbin/udhcpc -i vpn0 -f -v -s /home/nemo/dhcpHack/udhcpc.script -R

Lastly the drawbacks:

  • DNS servers will be ignored.
  • The hostname won't be told with the DHCP request.
  • No IPv6 support.
edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
1 follower

subscribe to rss feed

Stats

Asked: 2017-05-14 02:13:28 +0300

Seen: 330 times

Last updated: Jul 27 '17

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49