Discussion:
[PATCH] vpn: Fix wrong VPN parameters
(too old to reply)
Jaakko Hannikainen
2015-10-19 10:16:13 UTC
Permalink
Some VPN parameters are mistyped in the source, fix them
and update documentation. Add deprecated-label to
OpenVPN.TLSRemote.
---
I went through all of the VPN parameters, and I believe the parameters are
correct now (I don't have means to properly test them). Turns out xl2tpd.conf's
man page is actually incorrect about itself; the client or whatever it is
parses more options than mentioned in the man page and for example, the man
page says the option is 'flow bits' but the program parses the option 'flow bit'...

Also worth of notice is that there is an option called 'PPPD.UseAccomp' which
when set to true disables accomp.

doc/vpn-config-format.txt | 17 +++++++++--------
vpn/plugins/l2tp.c | 4 ++--
vpn/plugins/pptp.c | 2 +-
vpn/plugins/vpnc.c | 2 +-
4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
index 23c9c14..0bccdf1 100644
--- a/doc/vpn-config-format.txt
+++ b/doc/vpn-config-format.txt
@@ -88,7 +88,8 @@ OpenVPN VPN supports following options (see openvpn(8) for details):
--auth-user-pass value (O)
OpenVPN.TLSRemote --tls-remote Accept connections only from a host
with X509 name or common name equal
- to name parameter (O)
+ to name parameter (O). Deprecated in
+ OpenVPN 2.3+.
OpenVPN.TLSAuth sub-option of --tls-remote (O)
OpenVPN.TLSAuthDir sub-option of --tls-remote (O)
OpenVPN.Cipher --cipher Encrypt packets with cipher algorithm
@@ -113,14 +114,14 @@ VPNC VPN supports following options (see vpnc(8) for details):
VPNC.Xauth.Password Xauth password your password (cleartext) (O)
VPNC.IKE.Authmode IKE Authmode IKE Authentication mode (O)
VPNC.IKE.DHGroup IKE DH Group name of the IKE DH Group (O)
- VPNC.PFS Perfect Forward Secrecy Diffie-Hellman group to use for PFS (O)
+ VPNC.PFS Perfect Forward Secrecy Diffie-Hellman group to use for PFS (O)
VPNC.Domain Domain Domain name for authentication (O)
VPNC.Vendor Vendor vendor of your IPSec gateway (O)
VPNC.LocalPort Local Port local ISAKMP port number to use
- VPNC.CiscoPort Cisco UDP Encapsulation Port Local UDP port number to use (O)
- VPNC.AppVersion Application Version Application Version to report (O)
+ VPNC.CiscoPort Cisco UDP Encapsulation Port Local UDP port number to use (O)
+ VPNC.AppVersion Application version Application Version to report (O)
VPNC.NATTMode NAT Traversal Mode Which NAT-Traversal Method to use (O)
- VPNC.DPDTimeout DPD idle timeout (our side) Send DPD packet after timeout (O)
+ VPNC.DPDTimeout DPD idle timeout (our side) Send DPD packet after timeout (O)
VPNC.SingleDES Enable Single DES enables single DES encryption (O)
VPNC.NoEncryption Enable no encryption enables using no encryption for data traffic (O)

@@ -162,13 +163,13 @@ L2TP VPN supports following options (see xl2tpd.conf(5) and pppd(8) for details)
PPPD.RefuseMSCHAP2 refuse-mschapv2 Deny mschapv2 auth (O)
PPPD.NoBSDComp nobsdcomp Disables BSD compression (O)
PPPD.NoPcomp nopcomp Disable protocol compression (O)
- PPPD.UseAccomp accomp Disable address/control compression (O)
+ PPPD.UseAccomp noaccomp Disable address/control compression (O)
PPPD.NoDeflate nodeflate Disable deflate compression (O)
PPPD.ReqMPPE require-mppe Require the use of MPPE (O)
PPPD.ReqMPPE40 require-mppe-40 Require the use of MPPE 40 bit (O)
PPPD.ReqMPPE128 require-mppe-128 Require the use of MPPE 128 bit (O)
PPPD.ReqMPPEStateful mppe-stateful Allow MPPE to use stateful mode (O)
- PPPD.NoVJ no-vj-comp No Van Jacobson compression (O)
+ PPPD.NoVJ novj No Van Jacobson compression (O)


PPTP VPN supports following options (see pptp(8) and pppd(8) for details)
@@ -193,7 +194,7 @@ PPTP VPN supports following options (see pptp(8) and pppd(8) for details)
PPPD.RequirMPPE40 require-mppe-40 Require the use of MPPE 40 bit (O)
PPPD.RequirMPPE128 require-mppe-128 Require the use of MPPE 128 bit (O)
PPPD.RequirMPPEStateful mppe-stateful Allow MPPE to use stateful mode (O)
- PPPD.NoVJ no-vj-comp No Van Jacobson compression (O)
+ PPPD.NoVJ novj No Van Jacobson compression (O)


Example
diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c
index 372e2ed..a0d22c4 100644
--- a/vpn/plugins/l2tp.c
+++ b/vpn/plugins/l2tp.c
@@ -108,13 +108,13 @@ struct {
{ "PPPD.RefuseMSCHAP2", "refuse-mschapv2", OPT_PPPD, NULL, OPT_BOOL },
{ "PPPD.NoBSDComp", "nobsdcomp", OPT_PPPD, NULL, OPT_BOOL },
{ "PPPD.NoPcomp", "nopcomp", OPT_PPPD, NULL, OPT_BOOL },
- { "PPPD.UseAccomp", "accomp", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.UseAccomp", "noaccomp", OPT_PPPD, NULL, OPT_BOOL },
{ "PPPD.NoDeflate", "nodeflate", OPT_PPPD, NULL, OPT_BOOL },
{ "PPPD.ReqMPPE", "require-mppe", OPT_PPPD, NULL, OPT_BOOL },
{ "PPPD.ReqMPPE40", "require-mppe-40", OPT_PPPD, NULL, OPT_BOOL },
{ "PPPD.ReqMPPE128", "require-mppe-128", OPT_PPPD, NULL, OPT_BOOL },
{ "PPPD.ReqMPPEStateful", "mppe-stateful", OPT_PPPD, NULL, OPT_BOOL },
- { "PPPD.NoVJ", "no-vj-comp", OPT_PPPD, NULL, OPT_BOOL },
+ { "PPPD.NoVJ", "novj", OPT_PPPD, NULL, OPT_BOOL },
};

static DBusConnection *connection;
diff --git a/vpn/plugins/pptp.c b/vpn/plugins/pptp.c
index 90fd24c..27b1d50 100644
--- a/vpn/plugins/pptp.c
+++ b/vpn/plugins/pptp.c
@@ -77,7 +77,7 @@ struct {
{ "PPPD.RequirMPPE40", "require-mppe-40", NULL, OPT_BOOL },
{ "PPPD.RequirMPPE128", "require-mppe-128", NULL, OPT_BOOL },
{ "PPPD.RequirMPPEStateful", "mppe-stateful", NULL, OPT_BOOL },
- { "PPPD.NoVJ", "no-vj-comp", NULL, OPT_BOOL },
+ { "PPPD.NoVJ", "novj", NULL, OPT_BOOL },
};

static DBusConnection *connection;
diff --git a/vpn/plugins/vpnc.c b/vpn/plugins/vpnc.c
index 09674bd..e358d63 100644
--- a/vpn/plugins/vpnc.c
+++ b/vpn/plugins/vpnc.c
@@ -72,7 +72,7 @@ struct {
{ "VPNC.LocalPort", "Local Port", "0", OPT_STRING, true, },
{ "VPNC.CiscoPort", "Cisco UDP Encapsulation Port", "0", OPT_STRING,
true },
- { "VPNC.AppVersion", "Application Version", NULL, OPT_STRING, true },
+ { "VPNC.AppVersion", "Application version", NULL, OPT_STRING, true },
{ "VPNC.NATTMode", "NAT Traversal Mode", "cisco-udp", OPT_STRING,
true },
{ "VPNC.DPDTimeout", "DPD idle timeout (our side)", NULL, OPT_STRING,
--
2.6.1
Patrik Flykt
2015-10-20 13:33:48 UTC
Permalink
Post by Jaakko Hannikainen
Some VPN parameters are mistyped in the source, fix them
and update documentation. Add deprecated-label to
OpenVPN.TLSRemote.
---
I went through all of the VPN parameters, and I believe the parameters are
correct now (I don't have means to properly test them). Turns out xl2tpd.conf's
man page is actually incorrect about itself; the client or whatever it is
parses more options than mentioned in the man page and for example, the man
page says the option is 'flow bits' but the program parses the option 'flow bit'...
Also worth of notice is that there is an option called 'PPPD.UseAccomp' which
when set to true disables accomp.
Applied, thanks!

Patrik

Loading...