ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #17551
Re: VPN support (OpenVPN only)
On Wed, Jan 6, 2016 at 8:54 PM, Carla Gmail <carla.sella@xxxxxxxxx> wrote:
>
>
> On 06/01/2016 19:12, Pete Woods wrote:
>
> Hi folks,
>
> As some of you may already know. Support for OpenVPN was landed into
> rc-proposed on 24/12/2015. Unfortunately this doesn't include the official
> UI that is part of ubuntu-system-settings.
>
> So here I'm including a prototype UI in a click that will let you try it
> out:
>
> http://people.canonical.com/~pete/com.ubuntu.developer.pete-woods.vpn-editor_0.2.0_all.click
>
> In order for this to work you will need to be on at least:
>
> - r202 for Arale rc-proposed
> - r213 for Krillin rc-proposed
> - (for other rc-proposed channels, make sure the image was built after
> the 24th)
>
> To set up your connection, the first step is to copy whatever certificates
> you need onto the phone, via the standard Ubuntu file explorer. I created a
> "vpn" folder inside "Documents", but you can place them anywhere.
>
> Then you need to install the click app:
>
> - Enable developer mode in Settings->About
> - adb push com.ubuntu.developer.pete-woods.vpn-editor_0.2.0_all.click
> /tmp
> - adb shell "pkcon install-local --allow-untrusted
> /tmp/com.ubuntu.developer.pete-woods.vpn-editor_0.2.0_all.click"
>
> Then you're ready to fire up the "VPN editor" app itself (refresh the apps
> scope) and create a new connection. Pick your authentication type, then
> fill locate the various certificates you need. If you are configuring the
> Canonical VPN, please note there are a number of advanced settings you need
> to duplicate from the settings on your desktop machine. I have tried as
> best as I can to make this UI behave the same as it does on the desktop, so
> hopefully it works well for you.
>
> I'm planning to add PPTP to the mix in the near future, so keep tuned for
> that.
>
> Cheers, Pete
>
>
>
>
> Hello Pete,
>
> I use a VPN connection with my office at work very often from my Ubuntu
> desktop PC and it works fine.
> I have tried to do the same on my Bq Acquaris 4.5 device that has image
> Ubuntu 15.04 (r222) with your app, but it does not work.
> Everything is the same except that it looks like the password is not saved
> in the general tab (the password field under the username one) and in the
> security tab i do not find "AES-256-CBC" to select but I find
> "AES-256-CBC-HMAC-SHA1", not sure if it is the same thing (on my desktop PC
> I have Cipher: AES-256-CBC and HMAC Autehntication SHA-1).
> The logs lool quite weired for me :) ("This is normaly a bug in some
> application using the D-Bus library") but I them in pastebin if it can
> help: http://paste.ubuntu.com/14424046/.
>
Hi Carla,
Thanks for your detailed debugging. I already have a MR waiting to land to
add the missing AES-256 option (a simple oversight by me when implementing
this).
I've just set up a password-based OpenVPN server myself, and can confirm I
see the same behaviour on my devices. It looks like we might not have a
service running on the phone for storing user secrets like we do on the
desktop (gnome-keyring, I think).
Unfortunately the logfile you pasted is (I think) just noise from the QtMir
plugin - my app doesn't appear to be emitting any errors. The contents of
indicator-network.log would be helpful to confirm you are seeing the same
as me. I would expect to see "No agents were available for this request" or
something along those lines.
Cheers, Pete
Follow ups
References