Add support for option max-routes

Bug #1617098 reported by Marco on 2016-08-25
52
This bug affects 10 people
Affects Status Importance Assigned to Milestone
NetworkManager-OpenVPN
Fix Released
Medium
network-manager-openvpn (Ubuntu)
Wishlist
Unassigned
Xenial
Wishlist
Unassigned
Yakkety
Wishlist
Unassigned
Zesty
Wishlist
Unassigned

Bug Description

[Impact]

network-manager-openvpn does not support the openvpn --max-routes switch.
This means that per omission the VPN connection supports 100 routes that can be pushed by the openvpn server to the client. If the openvpn server pushes more than 100 routes, the VPN establishment fails.

From OpenVPN manual:
"--max-routes n
Allow a maximum number of n --route options to be specified, either in the local configuration file, or pulled from an OpenVPN server. By default, n=100."

The attached patch comes from upstream's fix (see linked Gnome bug) and adds a new option to the NM Advanced section for network-manager-openvpn.

[Test Case]
1. Configure an OpenVPN server to push > 100 routes
2. Set up a connection to it using network-manager-openvpn
3. Attempt to connect

Before this fix, the connection would fail, and you'd not be able to resolve it using Network Manager.

After the fix, the connection will fail, but one can use the UI, in the Advanced section, to configure the maximum number of routes to be >= the number sent.

[Regression Potential]

Two broad areas -
1) the UI could be messed up, and make it difficult or impossible to configure VPNs. Or,

2) the establishment of a VPN could fail, both
2.a) with peers that push < 100 routes
2.b) with peers that push > 100 routes

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
Changed in network-manager-openvpn:
importance: Unknown → Medium
status: Unknown → Fix Released
Adam Collard (adam-collard) wrote :

Here's a debdiff (I had trouble generating locally, so actually grabbed this from LP after uploading to a PPA) to fix this in Xenial.

It simply cherry-picks the diff from upstream. Since my VPN endpoint is no longer pushing > 100 routes, I haven't been able to test this functionally, but can see the new field in the UI (as expected).

The attachment "network-manager-openvpn_1.1.93-1ubuntu1_1.1.93-1ubuntu2.diff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Changed in network-manager-openvpn (Ubuntu):
importance: Undecided → Medium
importance: Medium → Wishlist
summary: - network-manager-openvpn max-routes support
+ Add support for option max-routes
tags: added: xenial
removed: max-routes network-manager openvpn
Changed in network-manager-openvpn (Ubuntu):
status: Confirmed → Triaged

Sponsored the SRU. This does not need a fix in zesty as the fix is already applied there (via newer upstream release).

Adam Collard, please update the bug description to follow the SRU procedures (https://wiki.ubuntu.com/StableReleaseUpdates#Procedure). You will want to subscribe ~ubuntu-sru when the bug report description is ready.

Changed in network-manager-openvpn (Ubuntu Zesty):
status: Triaged → Fix Released
Changed in network-manager-openvpn (Ubuntu Xenial):
importance: Undecided → Wishlist
status: New → In Progress
Alberto Donato (ack) wrote :

Can this please be fixed in yakkety too?

Changed in network-manager-openvpn (Ubuntu Xenial):
status: In Progress → Incomplete
description: updated
Changed in network-manager-openvpn (Ubuntu Xenial):
status: Incomplete → Confirmed
Changed in network-manager-openvpn (Ubuntu Yakkety):
status: New → Triaged
importance: Undecided → Wishlist

Hello Marco, or anyone else affected,

Accepted network-manager-openvpn into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/network-manager-openvpn/1.1.93-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in network-manager-openvpn (Ubuntu Xenial):
status: Confirmed → Fix Committed
tags: added: verification-needed

This is now working in 1.1.93-1ubuntu1.1 on xenial. However as an aside, I'd like to find the translation string for the new option since it says:

"Specify the maximum number of routes the server is allowed so specify."

Which should at a minimum change the 'so' to 'to', but better still not say 'specify' repeatedly.
The string isn't available to change on launchpad in network-manager(-gnome/-openvpn) etc

Marco (marcoalexandrerico) wrote :

Hi,

I confirm, I had this error when connecting to my VPN which advertises 107 routes:

Mar 7 18:11:52 ubuntu16 nm-openvpn[2627]: OpenVPN ROUTE: cannot add more than 100 routes -- please increase the max-routes option in the client configuration file

After installing the proposed fix and configuring in the NM-openvpn GUI the routes to 200, the problem was gone and I was able to logon to the VPN.

In which version official version will this be introduced?

Regards,

Marco

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager-openvpn - 1.1.93-1ubuntu1.1

---------------
network-manager-openvpn (1.1.93-1ubuntu1.1) xenial; urgency=medium

  * Add support for max-routes configuration. Cherry-picked from upstream Git.
    (LP: #1617098)

 -- Adam Collard <email address hidden> Mon, 20 Feb 2017 14:16:41 +0000

Changed in network-manager-openvpn (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for network-manager-openvpn has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.