From bb2767c7fef5b09d468efbcd2c5642a9fc769aef Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 18 Nov 2025 18:16:23 +0100
Subject: [PATCH] vpn: add new "listening" property to the VPN D-Bus API

Plugins can report that the connection is in "listening" mode. When
they do, we don't require that the generic configuration contains all
the parameters (like the external gateway), because they might not be
known yet.

Note that this new mechanism doesn't imply that we want to add support
for full-fledged VPN servers in NetworkManager. However, some VPN
technologies configure the two endpoints in a similar way. Think for
example about IPsec in a host-to-host or subnet-to-subnet
topology. NetworkManager is already capable of configuring both hosts,
but lacked (until this commit) a way to say that one of them doesn't
get the full IP configuration immediately.
---
 src/core/vpn/nm-vpn-connection.c              | 8 +++++++-
 src/libnm-core-public/nm-vpn-dbus-interface.h | 7 +++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c
index 0b21a16e74..7d8f925d33 100644
--- a/src/core/vpn/nm-vpn-connection.c
+++ b/src/core/vpn/nm-vpn-connection.c
@@ -124,6 +124,7 @@ typedef struct {
 typedef struct {
     gboolean service_can_persist;
     gboolean connection_can_persist;
+    gboolean listening;
 
     NMSettingsConnectionCallId *secrets_id;
     SecretsReq                  secrets_idx;
@@ -1856,8 +1857,13 @@ _config_process_generic(NMVpnConnection *self, GVariant *dict)
                      NM_VPN_PLUGIN_CONFIG_EXT_GATEWAY,
                      &priv->ip_data_6.gw_external);
 
+    if (g_variant_lookup(dict, NM_VPN_PLUGIN_CONFIG_LISTENING, "b", &v_b) && v_b) {
+        /* Defaults to FALSE if not specified */
+        priv->listening = TRUE;
+    }
+
     if (nm_ip_addr_is_null(AF_INET, &priv->ip_data_4.gw_external)
-        && nm_ip_addr_is_null(AF_INET6, &priv->ip_data_6.gw_external)) {
+        && nm_ip_addr_is_null(AF_INET6, &priv->ip_data_6.gw_external) && !priv->listening) {
         _LOGW("config: no VPN gateway address received");
         return FALSE;
     }
diff --git a/src/libnm-core-public/nm-vpn-dbus-interface.h b/src/libnm-core-public/nm-vpn-dbus-interface.h
index 423a921220..28ea3b2417 100644
--- a/src/libnm-core-public/nm-vpn-dbus-interface.h
+++ b/src/libnm-core-public/nm-vpn-dbus-interface.h
@@ -197,6 +197,13 @@ typedef enum {
 /* boolean: Has IP6 configuration? */
 #define NM_VPN_PLUGIN_CONFIG_HAS_IP6 "has-ip6"
 
+/* boolean: if %TRUE, the VPN plugin is listening for an incoming connection.
+ * As such, it doesn't report all parameters (for example, the external gateway)
+ * at the time the connection is activated. If the key is omitted, the value is
+ * assumed to be %FALSE.
+ */
+#define NM_VPN_PLUGIN_CONFIG_LISTENING "listening"
+
 /* boolean: If %TRUE the VPN plugin can persist/reconnect the connection over
  * link changes and VPN server dropouts.
  */