[SailfishDevel] Connman OpenVPN

AL13N alien at rmail.be
Sun Jan 5 08:47:46 UTC 2014


Op zondag 5 januari 2014 01:59:29 schreef Matthias Fulz:
> Hi,
> 
> I'm working on a OpenVPN client for my Jolla, but it seems that connman is
> bugging around here:
> 
> this is the comman which will be used by connman:
> 
> openvpn --remote olz.dyndns.org --ca /home/nemo/OpenVPN/ca.crt --cert
> /home/nemo/OpenVPN/olz_mobile.crt --key /home/nemo/OpenVPN/olz_mobile.key --
> comp-lzo --nobind --persist-key --client --script-security 2 --up
> /usr/lib/connman/scripts/openvpn-script --up-restart --setenv
> CONNMAN_BUSNAME
> :1.71 --setenv CONNMAN_INTERFACE net.connman.Task --setenv CONNMAN_PATH
> 
> /task/0 --dev vpn0 --dev-type tun --persist-tun --route-noexec --ifconfig-
> noexec --ping-restart 0
> 
> As it wasn't able to connect I've tried to run this command on my own:
> 
> [root at localhost OpenVPN]# openvpn --remote olz.dyndns.org --ca
> /home/nemo/OpenVPN/ca.crt --cert /home/nemo/OpenVPN/olz_mobile.crt --key
> /home/nemo/OpenVPN/olz_mobile.key --comp-lzo --nobind --persist-key --client
> --script-security 2 --up /usr/lib/connman/scripts/openvpn-script
> --up-restart --setenv CONNMAN_BUSNAME :1.71 --setenv CONNMAN_INTERFACE
> net.connman.Task -- setenv CONNMAN_PATH /task/0 --dev vpn0 --dev-type tun
> --persist-tun --route- noexec --ifconfig-noexec --ping-restart 0
> Sun Jan  5 01:41:41 2014 OpenVPN 2.2.2 armv7l-unknown-linux-gnueabi [SSL]
> [LZO2] [EPOLL] [PKCS11] [eurephia] built on Nov  1 2013
> Sun Jan  5 01:41:41 2014 WARNING: No server certificate verification method
> has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
> Sun Jan  5 01:41:41 2014 NOTE: the current --script-security setting may
> allow this configuration to call user-defined scripts
> Sun Jan  5 01:41:41 2014 LZO compression initialized
> Sun Jan  5 01:41:42 2014 UDPv4 link local: [undef]
> Sun Jan  5 01:41:42 2014 UDPv4 link remote: 188.194.98.162:1194
> Sun Jan  5 01:42:17 2014 [olz.dyndns.org] Peer Connection Initiated with
> 188.194.98.162:1194
> Sun Jan  5 01:42:20 2014 TUN/TAP device vpn0 opened
> Sun Jan  5 01:42:20 2014 /usr/lib/connman/scripts/openvpn-script vpn0 1500
> 1542 192.168.100.202 192.168.100.201 init
> Sun Jan  5 01:42:20 2014 Initialization Sequence Completed
> 
> The issue is related to the script:
> 
> /usr/lib/connman/scripts/openvpn-script
> 
> which just seems to do nothing.
> 
> When I'm just removing the options:
> 
> --route-noexec --ifconfig-noexec
> 
> from the command above it is connecting fine:
> 
> Sun Jan  5 01:57:32 2014 OpenVPN 2.2.2 armv7l-unknown-linux-gnueabi [SSL]
> [LZO2] [EPOLL] [PKCS11] [eurephia] built on Nov  1 2013
> Sun Jan  5 01:57:32 2014 WARNING: No server certificate verification method
> has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
> Sun Jan  5 01:57:32 2014 NOTE: the current --script-security setting may
> allow this configuration to call user-defined scripts
> Sun Jan  5 01:57:32 2014 LZO compression initialized
> Sun Jan  5 01:57:33 2014 UDPv4 link local: [undef]
> Sun Jan  5 01:57:33 2014 UDPv4 link remote: 188.194.98.162:1194
> Sun Jan  5 01:58:07 2014 [olz.dyndns.org] Peer Connection Initiated with
> 188.194.98.162:1194
> Sun Jan  5 01:58:10 2014 TUN/TAP device vpn0 opened
> Sun Jan  5 01:58:10 2014 /sbin/ip link set dev vpn0 up mtu 1500
> Sun Jan  5 01:58:10 2014 /sbin/ip addr add dev vpn0 local 192.168.100.202
> peer 192.168.100.201
> Sun Jan  5 01:58:10 2014 /usr/lib/connman/scripts/openvpn-script vpn0 1500
> 1542 192.168.100.202 192.168.100.201 init
> RTNETLINK answers: File exists
> Sun Jan  5 01:58:10 2014 ERROR: Linux route add command failed: external
> program exited with error status: 2
> Sun Jan  5 01:58:10 2014 Initialization Sequence Completed
> 
> ifconfig:
> 
> vpn0      Link encap:UNSPEC  HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>           inet addr:192.168.100.202  P-t-P:192.168.100.201
> Mask:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> 
> 
> Is this a bug inside connman or jolla? Could anyone help in finding a
> solution?

looks like connman adds these options so that it can use it's internal process 
of setting ip and adding routes, possibly due to user vs root rights?

but somehow it's failing?


More information about the Devel mailing list