need DHCP support with TAP device
I can connect a TUN mode OpenVPN without problem,
but I cannot connect a TAP + DHCP mode OpenVPN with Network Manager.
It report error bad-ip-config
and connection was abort.
I can connect the profile via OpenVPN CLI normally.
just run command openvpn xxxx.ovpn
and dhclient tap0
I tried google it how to solve the problem,
but get some bug ticket only.
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/297707
https://bugzilla.gnome.org/show_bug.cgi?id=445257
the OpenVPN plugin is very important for Linux client,
due to the only way for OpenVPN GUI implementation.
Versions
No LSB modules are available.
Distributor ID: Uos (Deepin Commercial Edition)
Description: UnionTech OS Desktop 20 Home
Release: 20 Home
Codename: n/a
ii network-manager 1.14.6.4+c1-1+deepin amd64 network manag
ii network-manager-gnome 1.8.20.1-1+deepin amd64 network manag
ii network-manager-integration-plugins 0.0.4~1 all network-manag
ii network-manager-l2tp 1.2.10.1-1+rebuild amd64 network manag
ii network-manager-l2tp-gnome 1.2.10.1-1+rebuild amd64 network manag
ii network-manager-openconnect 1.2.4-2 amd64 network manag
ii network-manager-openconnect-gnome 1.2.4-2 amd64 network manag
ii network-manager-openvpn 1.8.10-1 amd64 network manag
ii network-manager-openvpn-gnome 1.8.10-1 amd64 network manag
ii network-manager-pptp 1.2.8-2 amd64 network manag
ii network-manager-pptp-gnome 1.2.8-2 amd64 network manag
ii network-manager-sstp 1.2.7-1 amd64 network manag
ii network-manager-strongswan 1.4.4-2 amd64 network manag
ii network-manager-vpnc 1.2.6-2 amd64 network manag
ii network-manager-vpnc-gnome 1.2.6-2 amd64 network manag
Syslog
Dec 18 22:22:54 Norckon-PC NetworkManager[1763]: <info> [1608301374.4115] audit: op="connection-activate" uuid="5cdc4d56-d8ec-4f21-9951-2d92c0e26f49" name="isu-731yl-1_openvpn_site_to_site_bridge_l2" pid=8635 uid=1000 result="success"
Dec 18 22:22:54 Norckon-PC NetworkManager[1763]: <info> [1608301374.4168] vpn-connection[0x559798402330,5cdc4d56-d8ec-4f21-9951-2d92c0e26f49,"isu-731yl-1_openvpn_site_to_site_bridge_l2",0]: Started the VPN service, PID 10066
Dec 18 22:22:54 Norckon-PC NetworkManager[1763]: <info> [1608301374.4287] vpn-connection[0x559798402330,5cdc4d56-d8ec-4f21-9951-2d92c0e26f49,"isu-731yl-1_openvpn_site_to_site_bridge_l2",0]: Saw the service appear; activating connection
Dec 18 22:22:54 Norckon-PC nm-openvpn[10069]: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 1 2020
Dec 18 22:22:54 Norckon-PC nm-openvpn[10069]: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Dec 18 22:22:54 Norckon-PC NetworkManager[1763]: <info> [1608301374.4487] vpn-connection[0x559798402330,5cdc4d56-d8ec-4f21-9951-2d92c0e26f49,"isu-731yl-1_openvpn_site_to_site_bridge_l2",0]: VPN plugin: state changed: starting (3)
Dec 18 22:22:54 Norckon-PC nm-openvpn[10069]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Dec 18 22:22:54 Norckon-PC nm-openvpn[10069]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 18 22:22:54 Norckon-PC nm-openvpn[10069]: TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.16.1:5555
Dec 18 22:22:54 Norckon-PC nm-openvpn[10069]: UDP link local: (not bound)
Dec 18 22:22:54 Norckon-PC nm-openvpn[10069]: UDP link remote: [AF_INET]192.168.16.1:5555
Dec 18 22:22:54 Norckon-PC nm-openvpn[10069]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Dec 18 22:22:54 Norckon-PC nm-openvpn[10069]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Dec 18 22:22:54 Norckon-PC nm-openvpn[10069]: [isu.fcsys.eu.org] Peer Connection Initiated with [AF_INET]192.168.16.1:5555
Dec 18 22:22:55 Norckon-PC nm-openvpn[10069]: TUN/TAP device tap0 opened
Dec 18 22:22:55 Norckon-PC nm-openvpn[10069]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 10066 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_47 --tap -- tap0 1500 1589 init
Dec 18 22:22:55 Norckon-PC systemd-udevd[10077]: Using default interface naming scheme 'v240'.
Dec 18 22:22:55 Norckon-PC NetworkManager[1763]: <info> [1608301375.9058] manager: (tap0): new Tun device (/org/freedesktop/NetworkManager/Devices/71)
Dec 18 22:22:55 Norckon-PC systemd-udevd[10077]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Dec 18 22:22:55 Norckon-PC systemd-udevd[10077]: Could not generate persistent MAC address for tap0: No such file or directory
Dec 18 22:22:55 Norckon-PC daemon/network[8635]: manager_device.go:128: ignore invalid device type 16
Dec 18 22:22:55 Norckon-PC NetworkManager[1763]: <warn> [1608301375.9192] vpn-connection[0x559798402330,5cdc4d56-d8ec-4f21-9951-2d92c0e26f49,"isu-731yl-1_openvpn_site_to_site_bridge_l2",0]: VPN plugin: failed: bad-ip-config (2)
Dec 18 22:22:55 Norckon-PC NetworkManager[1763]: <warn> [1608301375.9201] vpn-connection[0x559798402330,5cdc4d56-d8ec-4f21-9951-2d92c0e26f49,"isu-731yl-1_openvpn_site_to_site_bridge_l2",0]: VPN plugin: failed: connect-failed (1)
Dec 18 22:22:55 Norckon-PC NetworkManager[1763]: <info> [1608301375.9210] vpn-connection[0x559798402330,5cdc4d56-d8ec-4f21-9951-2d92c0e26f49,"isu-731yl-1_openvpn_site_to_site_bridge_l2",0]: VPN plugin: state changed: stopping (5)
Dec 18 22:22:55 Norckon-PC NetworkManager[1763]: <info> [1608301375.9212] vpn-connection[0x559798402330,5cdc4d56-d8ec-4f21-9951-2d92c0e26f49,"isu-731yl-1_openvpn_site_to_site_bridge_l2",0]: VPN plugin: state changed: stopped (6)
Dec 18 22:22:55 Norckon-PC nm-openvpn[10069]: WARNING: Failed running command (--up/--down): external program exited with error status: 1
Dec 18 22:22:55 Norckon-PC nm-openvpn[10069]: Exiting due to fatal error
via OpenVPN CLI
dfc643@Norckon-PC:~/Desktop$ sudo openvpn isu-731yl-1_openvpn_site_to_site_bridge_l2.conf
请输入密码
[sudo] dfc643 的密码:
验证成功
Fri Dec 18 22:26:58 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 1 2020
Fri Dec 18 22:26:58 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Enter Auth Username: vlan201
Enter Auth Password: *******
Fri Dec 18 22:27:03 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Dec 18 22:27:03 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.16.1:5555
Fri Dec 18 22:27:03 2020 Socket Buffers: R=[2097152->2097152] S=[212992->212992]
Fri Dec 18 22:27:03 2020 UDP link local: (not bound)
Fri Dec 18 22:27:03 2020 UDP link remote: [AF_INET]192.168.16.1:5555
Fri Dec 18 22:27:03 2020 TLS: Initial packet from [AF_INET]192.168.16.1:5555, sid=0736eec3 d4f11716
Fri Dec 18 22:27:03 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Dec 18 22:27:03 2020 VERIFY OK: depth=2, C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
Fri Dec 18 22:27:03 2020 VERIFY OK: depth=1, C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA
Fri Dec 18 22:27:03 2020 VERIFY OK: depth=0, CN=isu.fcsys.eu.org
Fri Dec 18 22:27:03 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Fri Dec 18 22:27:03 2020 [isu.fcsys.eu.org] Peer Connection Initiated with [AF_INET]192.168.16.1:5555
Fri Dec 18 22:27:04 2020 SENT CONTROL [isu.fcsys.eu.org]: 'PUSH_REQUEST' (status=1)
Fri Dec 18 22:27:04 2020 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10'
Fri Dec 18 22:27:04 2020 OPTIONS IMPORT: timers and/or timeouts modified
Fri Dec 18 22:27:04 2020 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Dec 18 22:27:04 2020 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 18 22:27:04 2020 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Dec 18 22:27:04 2020 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 18 22:27:04 2020 TUN/TAP device tap0 opened
Fri Dec 18 22:27:04 2020 TUN/TAP TX queue length set to 100
Fri Dec 18 22:27:04 2020 Initialization Sequence Completed
and the DHCP client work fine
dfc643@Norckon-PC:/app-data/Desktop$ sudo dhclient tap0
请输入密码
[sudo] dfc643 的密码:
验证成功
dfc643@Norckon-PC:/app-data/Desktop$ ifconfig tap0
tap0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 11.201.106.78 netmask 255.255.0.0 broadcast 11.201.255.255
inet6 fe80::5078:83ff:feb8:e54e prefixlen 64 scopeid 0x20<link>
ether 52:78:83:b8:e5:4e txqueuelen 100 (Ethernet)
RX packets 136 bytes 16528 (16.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 438 bytes 72946 (71.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Regards, Pekaikon Norckon