Have fun setting up OpenVPN tray icon, sucker



  • Let the Linux Hate Month continue!

    [Imaginary noob friend who just moved to linux]: Mister, mister, I just installed Debian XFCE and need to connect to multiple openvpn networks my company hosts. How do I get the little widget I had on my Mac and Windows that allows me to do that?

    [Wise cartman, linux master in making]: That's easy, my unenlightened simpleton friend. All you need to do is...

    • Try the official network manager widget
    • It doesn't work
    • <google, google>
    • It works, but only allows one connection at a time
    • <google, google>
    • There's no way to fix that
    • Google for a "xfce openvpn client multiple connections"
    • Realize gopenvpn is the only solution
    • Realize it was last updated 3 years ago and there is no suitable binary distribution (luckily it wasn't hosted on google code!)
    • Sigh. Well, there are build instructions on the page, so *shrugs*
    $ sudo apt-get install libglib2.0-dev libgtk2.0-dev libglade2-dev libgnome-keyring-dev gedit polkit
    

    E: Unable to locate package polkit

    • <google, google, apt-get tab tab tab>
    $ sudo apt-get install libpolkit-agent-1-dev 
    
    • Hopefully, the rest of instructions will be easier
    $ cd ~/install
    $ git clone git://gopenvpn.git.sourceforge.net/gitroot/gopenvpn/gopenvpn.git
    $ cd gopenvpn
    $ ./autogen.sh
    bash: ./autogen.sh: No such file or directory
    
    • Okaay... <google, google, cat INSTALL, cat README>
    1. Build it

    $ cd gopenvpn
    > $ autoreconf -vi
    $ ./configure
    $ make

    • So... they changed the install instructions in the repo. Nice of them to keep the outdated instructions around on their site.
    $ autoreconf -vi
    
    autoreconf: Entering directory `.'
    autoreconf: running: autopoint
    autoreconf: running: aclocal -I m4
    autoreconf: configure.ac: tracing
    autoreconf: configure.ac: not using Libtool
    autoreconf: running: /usr/bin/autoconf
    autoreconf: running: /usr/bin/autoheader
    autoreconf: running: automake --add-missing --copy --no-force
    automake: warnings are treated as errors
    configure.ac:25: warning: The 'AM_PROG_MKDIR_P' macro is deprecated, and its use is discouraged.
    configure.ac:25: You should use the Autoconf-provided 'AC_PROG_MKDIR_P' macro instead,
    configure.ac:25: and use '$(MKDIR_P)' instead of '$(mkdir_p)'in your Makefile.am files.
    autoreconf: automake failed with exit status: 1
    
    • So, they treat some warnings as errors? Very useful to leave that for ordinary people who just want to use your stuff and don't care about your development environment.
    • <google, google>
    • Read wrong forum post and try the fix for outdated version
    • Try all combinations of -W none -Wnone
    • Try ERRORS=none ./autoreconf -vi
    • Try automake --add-missing --copy --no-force -Wnone
    • <google, google>
    • Learn more about C programming, make, automake and other crap you vaguely remember and don't care about
    • subl configure.ac
    ...
    AC_PREREQ([2.59])
    AC_INIT([gopenvpn], [0.7], [gopenvpn-users@lists.sourceforge.net])
    AC_CONFIG_AUX_DIR([.])
    AM_INIT_AUTOMAKE([foreign -Wall -Werror])
    AM_GNU_GETTEXT_VERSION([0.18.1])
    AM_GNU_GETTEXT([external])
    ...
    
    • Change AM_INIT_AUTOMAKE([foreign -Wall -Werror]) to AM_INIT_AUTOMAKE([foreign -Wnone])
    $ autoreconf -vi
    $ ./configure 
    $ make
    $ sudo make install
    
    • YES! Now just to finish things up...
    • Copy openvpn config files to /etc/openvpn
    • Fix permissions
    • Hmm, ok, so how do I create an application launcher within my other applications, so it's visible to the entire system?
    • <google, google>
    $ sudo exo-desktop-item-edit -c -t Application /usr/share/applications/gopenvpn.desktop
    
    
    • Easy, now I can start the app. And IT WORKS....
    • Let me just right click and add my openvpn conf...
    • WTF? Right click off. Right click again.

    • Ok, seems to be working. Now to connect...

    • WTF? Couldn't they have equalized these godawful ugly images? I can't live with this wiggly shit, it'll drive me insane
    • <google, google>
    • Look, on their site they say they have fixed images! ... Oh. These are the same crap.
    • <google, google ... searh through forum archives>
    • Download archive from an obscure forum post with alternate images
    • Figure out where to copy them
    • Edit one of the icons so it fits your theme
    • Success! Well sort of. That yellow is ugly. But whatever.

    And that's how you install openvpn tray icon to your Debian XFCE linux.


  • BINNED

    @cartman82 said:

    It works, but only allows one connection at a time

    Huh. I never even tried multiple ones, didn't need them... Is that a problem with the tray applet of NetworkManager itself?



  • @Onyx said:

    Huh. I never even tried multiple ones, didn't need them... Is that a problem with the tray applet of NetworkManager itself?

    Have no idea. This post is actually a synthesis of a long process of getting this shit to work on multiple iterations of my Debian XFCE. Network manager was an attempt from my last Debian (7.0), I didn't even try it this time around (and I was just setting it up on my new Debian, thus the inspiration for this rant).

    All I remember is that when you click the second VPN connection, it disconnects the first. Sometimes that's what you want (networks overlap and all), but if your company has multiple networks that are set up so not to interfere with each other, you're out of luck.


  • BINNED

    onyx@jarvis:~$ nmcli connection up conn1
    VPN connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
    onyx@jarvis:~$ sudo ifconfig ppp0
    ppp0      Link encap:Point-to-Point Protocol  
              inet addr:192.168.0.37  P-t-P:192.168.0.33  Mask:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
              RX packets:13 errors:0 dropped:0 overruns:0 frame:0
              TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:3 
              RX bytes:494 (494.0 B)  TX bytes:98 (98.0 B)
    
    onyx@jarvis:~$ nmcli connection up conn2
    Error: Connection activation failed: Creating object for path '/org/freedesktop/NetworkManager/ActiveConnection/11' failed in libnm-glib.
    onyx@jarvis:~$ sudo ifconfig ppp0
    ppp0: error fetching interface information: Device not found
    

    Well sunnova bitch!



  • Well, we only need to wait until some of the guys behind System.d needs this and they'll rewrite the whole thing.


  • BINNED

    @Eldelshell said:

    Well, we only need to wait until some of the guys behind System.d needs this and they'll rewrite the whole thing.

    I saw network configuration on Arch... I think they already did, at least partially.



  • Those guys will end'up rewritting the kernel or replacing it with Hurd.



  • @Onyx said:

    Huh. I never even tried multiple ones, didn't need them... Is that a problem with the tray applet of NetworkManager itself?

    Oh hey look! The Linux answer, "you don't need that!"

    Where's that linux trademarks or whatever site, is that still up? Looks like no, damn.

    @Eldelshell said:

    Well, we only need to wait until some of the guys behind System.d needs this and they'll rewrite the whole thing.

    They could hardly make it worse.


  • BINNED

    @blakeyrat said:

    Oh hey look! The Linux answer, "you don't need that!"

    I would like to inform your shoulder aliens that they have misread and misinterpreted my post. I have only stated that I never needed that, not that other people don't. I accept and appreciate that other people are different to me and have different needs, outlooks and desires. I did not claim they should all bow down to my will and STFU.

    Further, I have conducted a test right after that which concluded that yes, it's a limitation. To which my response was:

    @Onyx said:

    Well sunnova bitch!

    Is that phrase now used to express approval? I need to know, English is my second language and I do tend to misuse it at times. Any corrections to my use of that phrase are welcome.



  • Onyx: "Let me just quietly say something not totally negative about Linux and be on my w-"
    Blakey: "WHAT WAS THAT!?"



  • Pfft. His own fault for thinking I'd read further than the first sentence, or that I'd somehow know what this gibberish means:

    onyx@jarvis:~$ nmcli connection up conn1
    VPN connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
    onyx@jarvis:~$ sudo ifconfig ppp0
    ppp0 Link encap:Point-to-Point Protocol
    inet addr:192.168.0.37 P-t-P:192.168.0.33 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
    RX packets:13 errors:0 dropped:0 overruns:0 frame:0
    TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:494 (494.0 😎 TX bytes:98 (98.0 😎

    onyx@jarvis:~$ nmcli connection up conn2
    Error: Connection activation failed: Creating object for path '/org/freedesktop/NetworkManager/ActiveConnection/11' failed in libnm-glib.
    onyx@jarvis:~$ sudo ifconfig ppp0
    ppp0: error fetching interface information: Device not found

    Congratulations, look at all those word-like entities that presumably have some meaning to somebody somewhere I guess!



  • @cartman82 said:

    and need to connect to multiple openvpn networks my company hosts.

    Like @Onyx, I've never had to do anything like this. In fact, my company's VPN (NB: not openvpn) expressly disallows this sort thing. They want you connected to them and them only, which makes a lot of sense to me from a network security POV.

    So...when you're connected to multiple things like this:

    1. Why are you doing this? This sort of thing makes sense to me for, say, something sitting on the DMZ. But that doesn't sound like what's going on here.
    2. How does it work to access something via one VPN vs another?


  • See and now Boomzilla's just doing it on purpose.



  • @blakeyrat said:

    See and now Boomzilla's just doing it on purpose.

    Eh, what am I doing? If I wanted to troll you, I'd go to some place you were talking about your games and make faux ignorant comments like the stuff you've posted here. There was zero trolling content in my first post.

    BRB, my Win7 machine just BSODed.



  • @boomzilla said:

    So...when you're connected to multiple things like this:

    Why are you doing this? This sort of thing makes sense to me for, say, something sitting on the DMZ. But that doesn't sound like what's going on here.
    How does it work to access something via one VPN vs another?

    We have a VPN inside office. Remote server has its own VPN. Other company we are cooperating with has their own.

    Each VPN just grabs a bunch of local IP-s and map them to a remote network.

    In my case, one VPN is on 10.10.10.* subnet, the other on 192.168.10.* or something. So they are guaranteed not to overlap.


  • BINNED

    @blakeyrat said:

    His own fault for thinking I'd read further than the first sentence

    I'm sorry, I erringly assumed I can hold you to your own standards.

    @blakeyrat said:

    or that I'd somehow know what this gibberish means

    No, I expected anyone interested in genuine discussion who does not understand what that means to ask about it.

    @blakeyrat said:

    Congratulations, look at all those word-like entities that presumably have some meaning to somebody somewhere I guess!

    I count at least 4 people, unless they hit like on my post just because I'm that charming.



  • @Onyx said:

    I count at least 4 people, unless they hit like on my post just because I'm that charming.

    WELLKNOWNFACT: only bots Like posts. You've been LIED TO.



  • @boomzilla said:

    How does it work to access something via one VPN vs another?

    Via IP ranges. For example:

    192.168.0.0/20 -> VPN 1
    192.168.16.0/20 -> VPN 2
    192.168.32.0/20 -> VPN 3
    Anything else -> Default connection

    Concrete example, my home laptop VPN'd to work:

    [root@sofa ~]# ip route
    default via 192.168.0.1 dev wlan0 
    10.0.0.0/16 dev tun0  scope link 
    10.1.0.0/16 dev tun0  scope link 
    10.5.0.0/16 dev tun0  scope link 
    10.10.0.0/16 dev tun0  scope link 
    10.18.0.0/16 dev tun0  scope link 
    10.22.0.0/16 dev tun0  scope link 
    10.36.0.0/16 dev tun0  scope link 
    10.58.0.0/16 dev tun0  scope link 
    10.59.0.0/16 dev tun0  scope link 
    10.100.0.0/16 dev tun0  scope link 
    10.120.0.0/16 dev tun0  scope link 
    10.121.0.0/16 dev tun0  scope link 
    10.122.0.0/16 dev tun0  scope link 
    10.125.0.0/16 dev tun0  scope link 
    10.126.0.0/16 dev tun0  scope link 
    10.161.0.0/24 dev tun0  scope link 
    10.238.0.0/16 dev tun0  scope link 
    10.255.0.0/16 dev tun0  scope link 
    <public office IP address> via 192.168.0.1 dev wlan0  src 192.168.0.3 
    145.15.244.0/25 dev tun0  scope link 
    169.254.0.0/16 dev wlan0  scope link  metric 1003 
    172.16.0.0/16 dev tun0  scope link 
    172.23.0.0/16 dev tun0  scope link 
    172.23.5.0/24 dev tun0  scope link 
    172.30.0.0/16 dev tun0  scope link 
    172.32.1.0/24 dev tun0  scope link 
    192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.3 
    192.168.0.0/16 dev tun0  scope link 
    [root@sofa ~]# 
    

    wlan0 is my home internet connection, tun0 is the VPN.

    Adding another VPN would add further rules and another tun device.



  • @cartman82 said:

    In my case, one VPN is on 10.10.10.* subnet, the other on 192.168.10.* or something. So they are guaranteed not to overlap.

    Hmm...interesting. Thanks.



  • Generally multiple VPN's are not a good idea, it really violates the concept of PRIVATE with respect to the endpoint (though the transmittal over the public wire is still private). This is why many VPN clients prevent it, and a few of the more secure Servers also detect it (and force a disconnect).

    That being said, there are use-cases that are handy....just remember it is similar to having multiple NIC's on your computer, plugging one into the corporate network and another into some external network... most likely to be a violation of multiple security practices....


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.