Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

networkmanager-l2tp: 1.2.10 -> 1.2.12 #64835

Closed
wants to merge 1 commit into from
Closed

networkmanager-l2tp: 1.2.10 -> 1.2.12 #64835

wants to merge 1 commit into from

Conversation

grahamc
Copy link
Member

@grahamc grahamc commented Jul 15, 2019

Same patchups but moved to new file.

(cherry picked from commit cdf96e8)

Seems to fix my problems with l2tp VPNs not functioning properly.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@dtzWill @grahamc
networkmanager-l2tp: 1.2.10 -> 1.2.12
1c11621 
Same patchups but moved to new file.

(cherry picked from commit cdf96e8)
@ofborg ofborg bot requested review from abbradar and obadz July 15, 2019 20:49
@grahamc
Copy link
Member Author

grahamc commented Jul 15, 2019

This does not make the difference I thought it did. Something stateful is happening. When I erased / and rebooted, it again did not work.

@worldofpeace
Copy link
Contributor

You don't see anything like nm-l2tp/NetworkManager-l2tp#108 #58704 (comment) popping up do you?

Something stateful would be it appending that line to the file in mention.

@worldofpeace
Copy link
Contributor

As for the backport, some things that maybe are problematic

Force ikev2=never for Libreswan
ikev2=permit was the implicit default setting, which tries to detect a "bid down" attack from IKEv2 to IKEv1 and can have an impact on the default proposals.

Use same IP secrets file for all L2TP connections,
/etc/ipsec.d/ipsec.nm-l2tp.secrets is now used instead of /etc/ipsec.d/nm-l2tp-ipsec-UUID.secrets, where UUID was the UUID of the VPN connection.

Generated config file changes, following config files :

/var/run/nm-l2tp-xl2tpd-UUID.conf
/var/run/nm-l2tp-xl2tpd-control-UUID
/var/run/nm-l2tp-xl2tpd-UUID.pid
/var/run/nm-l2tp-ppp-options-UUID
are now:
/var/run/nm-l2tp-UUID/xl2tpd.conf
/var/run/nm-l2tp-UUID/xl2tpd-control
/var/run/nm-l2tp-UUID/xl2tpd-.pid
/var/run/nm-l2tp-UUID/ppp-options

Seems like Fedora (29) hasn't had an issue with the update

@worldofpeace worldofpeace mentioned this pull request Jul 17, 2019
Open
@grahamc
Copy link
Member Author

grahamc commented Jul 17, 2019

I'm going to go ahead and close this PR, as it doesn't seem to actually be part of the resolution for my problems. Thanks for the review and digging on fedora :)

@grahamc grahamc closed this Jul 17, 2019
@grahamc grahamc deleted the nm-l2tp-backport branch July 17, 2019 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtojnar jtojnar Awaiting requested review from jtojnar

@worldofpeace worldofpeace Awaiting requested review from worldofpeace

@abbradar abbradar Awaiting requested review from abbradar

@obadz obadz Awaiting requested review from obadz

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@grahamc @worldofpeace @dtzWill