New issue
Advanced search Search tips

Issue 769788 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 217624
Owner: ----
Closed: Nov 2017
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Feature

Sign in to add a comment

Feature Request: More robust support for OpenVPN ONC

Reported by, Sep 28 2017

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0
Platform: N/A

Steps to reproduce the problem:
ONC configuration for OpenVPN connections are missing some features supported by OpenVPN upstream that may be helpful.

For example:

   --fragment 1200 --mssfix

(and/or --tun-mtu 1200 and --mtu-ping parameters, etc.)

The reason this comes up is a large percentage of e.g. African countries' ISPs (and WIMAX, Satellite ISPs, etc.) tend to modify MTU windows in-transit (or just plain have smaller ones set), so these parameters are requirements to bypass these limitations if crossing intercontinental backbones.

I proposed the following to the authors the spec sheet[0] for ONC:

"...It may be a boon to provide a mechanism to pass an array of
additional OpenVPN parameters in the ONC parsing (e.g. 
"AdditionalParams": {"fragment": 1200, "mssfix": true}, etc.)..."

But, as stevenjb pointed out to me, this will not work because "[you] have a configuration layer between Chrome and openvpn ("Shill"), partly for secuity reasons."

However, I do think it'd be sensible to be able to support all client-side options[1]. At the very least for my particular use-case, I need to provide some way to work around the aforementioned MTU issue for my clients.

[1] (relevant man page sections: "Tunnel Options", "Client Mode", "Data Channel Encryption Options", "TLS Mode Options", "IPv6 Related Options")

What is the expected behavior?

What went wrong?
not able to apply additional parameters

Did this work before? N/A 

Chrome version: (all)  Channel: n/a
OS Version: (all)
Flash Version:
Components: -UI Internals>Network
Labels: -Type-Bug Type-Feature

Comment 2 by, Sep 29 2017

Components: -Internals>Network Internals>Network>VPN
Status: Untriaged (was: Unconfirmed)
Mergedinto: 217624
Status: Duplicate (was: Untriaged)
> However, I do think it'd be sensible to be able to support all client-side options

The OpenVPN protocol is highly configurable, so there has always been tension between the Chrome OS philosophy of "keep things simple" and the desire to support the dozens of features built into the OpenVPN client.

Maybe try ?

Sign in to add a comment