Openvpn: up / down cmd in client config not supported

asked 2017-12-04 15:54:21 +0200

utkiek gravatar image

"up" and "down" are keywords in the openvpn client config file (see openvpn manual).

For "up" you can set a path do e.g. "/etc/openvpn/client.up". For "down" you can set a path do e.g. "/etc/openvpn/down.up". This scripts automatically sets the proper /etc/resolv.conf entries. I use this on my Jolla 1 since 2014 with openvpn (started by systemd).

When config with settings/vpn I get the error "problems with connections" for my conf file with "up" and "down." In the log I found:

Dec 04 12:35:02 Sailfish nemo[7939]: /usr/bin/vpn-updown.sh down
Dec 04 12:35:02 Sailfish nemo[7944]: /usr/bin/vpn-updown.sh up

Deleting "up" and "down" vpn is running. In both case I found this message:

Dec 04 12:36:52 Sailfish dbus[1420]: [system] Rejected send message, 1 matched rules; type="error", sender=":1.118" (uid=0 pid=7937 comm="/usr/sbin/connman-vpnd -n ") interface="(unset)" member="(unset)" error name="net.connman.Error.InProgress" requested_reply="0" destination=":1.97" (uid=100000 pid=5309 comm="booster [silica-qt5] ")

All tests on SailfishX / Xperia X 2.1.3.7 (Kymijoki)

I need the "up" and "down" scripts for setting the default route via wlan or rmnet (mobile network). My openvpn server is not a gateway to the wide world.

edit retag flag offensive close delete

Comments

Hi.

In my Xperia this is controlled by a script called /usr/bin/vpn-updown.sh which uses dbus methods itself.

I'm not using the up/down options in my .ovpn config file.

I can also see the error message you posted, but my connections work OK. VPN for outdoors (cellular use) and no VPN while at home with WiFi.

You may also want to check the command connmanctl, because the establishment of these connections is also controlled by connmand service.

Here's what I have configured with connmand:

Last login: Tue Dec  5 17:55:42 2017 from 172.26.0.2
,---
| SailfishOS 2.1.3.7 (Kymijoki) (armv7hl)
'---
[nemo@Sailfish ~]$ connmanctl services
* R Jolla                vpn_cardelina_linkpc_net_merproject_org
*AO Movistar             cellular_21407XXXXXXXXXX_context1
*   Wired                ethernet_023e63dd8fff_cable
*A  Jalisco_             wifi_584822a0babd_4a616c6973636f5f_managed_psk
*A  MOVISTAR_5FB3        wifi_584822a0babd_4d4f5649535441525f35464233_managed_psk
[nemo@Sailfish ~]$

When I switch to WiFi, the result is the following:

[nemo@Sailfish ~]$ connmanctl services
*AO Jalisco_             wifi_584822a0babd_4a616c6973636f5f_managed_psk
*   Jolla                vpn_cardelina_linkpc_net_merproject_org
*   Movistar             cellular_21407XXXXXXXXXX_context1
    Jalisco              wifi_584822a0babd_4a616c6973636f_managed_psk
    JAZZTEL_yqrm         wifi_584822a0babd_4a415a5a54454c5f7971726d_managed_psk
    WLAN_4AC5            wifi_584822a0babd_574c414e5f34414335_managed_psk
    MOVISTAR_D2FE        wifi_584822a0babd_4d4f5649535441525f44324645_managed_psk
    ONOFD40              wifi_584822a0babd_4f4e4f46443430_managed_psk
    Kabezabolo           wifi_584822a0babd_4b6162657a61626f6c6f_managed_psk
*A  MOVISTAR_5FB3        wifi_584822a0babd_4d4f5649535441525f35464233_managed_psk
[nemo@Sailfish ~]$
Pasko ( 2017-12-05 18:56:35 +0200 )edit

@Pasko Thanks. My problem appears direct after configuration. After add my openvpn config file (inlcuding up / down commands) and a restart of the phone the new vpn connection shows "a problem with connection" or so (in german: "Problem mit der Verbindung"). Connmanctl service list the new vpn connection as inactive. I found no way to activated the vpn connection. All other entries in the connmanctl list are fine.

When I load my openvpn config file without up / down command the vpn connection can activated. The only difference to the first try is a "R" before the vpn entry.

My old way of starting openvpn directly with systemd run since 4 years on my JP1. The new way of settings/vpn maybe have not correct permissions to execute the client.up and client.down scripts.

utkiek ( 2017-12-05 19:38:44 +0200 )edit