Re: Problem with vpn connection

From: Thomas Haller <thaller redhat com>
To: Jetchko Jekov <jetchko jekov gmail com>, "networkmanager-list gnome org" <networkmanager-list gnome org>
Subject: Re: Problem with vpn connection
Date: Mon, 15 Aug 2016 19:46:32 +0200

On Sun, 2016-08-14 at 17:44 +0000, Jetchko Jekov wrote:

Hi guys,

I have following problem:
I am trying to setup openvpn connection to VPN server accessible not
via default gateway.
Wnen NM configures vpn connection it sets the route to VPN server's
IP address wrongly via default gateway.
Here is an example:
 - before activating VPN connection my routing table looks like this:

default via 192.168.13.1 dev br0  proto static  metric 425  
10.0.0.0/8 dev vpn0  proto kernel  scope link  src 10.144.204.250
 metric 50  
10.39.49.28 dev vpn0  proto static  scope link  src 10.144.204.250
 metric 425  
172.21.0.0/24 dev virbr0  proto kernel  scope link  src 172.21.0.1
linkdown  
192.168.13.0/24 dev br0  proto kernel  scope link  src 192.168.13.11
 metric 425  
194.251.119.216 via 192.168.13.1 dev br0  proto static  metric 425 

(yes, the vpn I am trying to connect to is accessible via another vpn
(split-vpn) connection established in advance, but I guess this
doesn't matter)

Now, when I activate openvpn connection to server with address
192.167.3.254 accessible via http proxy at 10.39.49.28,
and after successful connection my routing table look like this:

default via 192.168.13.1 dev br0  proto static  metric 425  
10.0.0.0/8 dev vpn0  proto kernel  scope link  src 10.144.204.250
 metric 50  
10.39.49.28 via 192.168.13.1 dev br0  proto static  metric 425  
172.21.0.0/24 dev virbr0  proto kernel  scope link  src 172.21.0.1
linkdown  
192.167.0.0/16 via 192.167.15.1 dev tun0  proto static  metric 50  
192.167.15.0/24 dev tun0  proto kernel  scope link  src 192.167.15.66
 metric 50  
192.168.13.0/24 dev br0  proto kernel  scope link  src 192.168.13.11
 metric 425  
194.251.119.216 via 192.168.13.1 dev br0  proto static  metric 425 

The problem is 3rd line. I have no idea why NM sets route this wrong
way.
If correct this route manually to
10.39.49.28 dev vpn0  proto static  scope link  src 10.144.204.250
 metric 425
everything works as expected

The question is: Have I missconfigured something on my end or NM (or
openvpn plugin) is broken in this regard.


hi,


NM always associates a VPN connection with the "best-device", that is
the device which currently has the default-route. And then it adds a
direct route to the external gateway via that device. That is a current
short-coming of NM, as it breaks down in your case.

(there is no concrete plan how to fix that yet).

How about you add a manual route to 10.39.49.28 to vpn0 with a metric
lower then 425?


Thomas

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: Problem with vpn connection
  - From: Jetchko Jekov

References:
- Problem with vpn connection
  - From: Jetchko Jekov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]