Re: [PATCH] OpenVPN does not return a gateway

From: Dan Williams <dcbw redhat com>
To: Helmut Schaa <hschaa suse de>
Cc: networkmanager-list gnome org
Subject: Re: [PATCH] OpenVPN does not return a gateway
Date: Fri, 24 Nov 2006 23:16:36 -0500

On Tue, 2006-11-14 at 15:25 +0100, Helmut Schaa wrote:
> Hi,
> I have set up a small OpenVPN configuration using shared keys.
> 
> The first peer is set up using the following command:
> 
> openvpn --remote x.x.x.x --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret
> openvpn.key --float
> 
> The second peer can connect to the first one using this command:
> 
> openvpn --remote y.y.y.y --dev tun --ifconfig 10.4.0.1 10.4.0.2 --secret
> openvpn.key
> 
> I tried the same with NetworkManager and this configuration:
> 
> Gateway: y.y.y.y
> Connection Type: Pre-shared Key
> Shared Key: openvpn.key
> Local IP: 10.4.0.2
> Remote IP: 10.4.0.1
> 
> Result was that no connection was established. Watching a bit deeper in the
> code I noticed that nm-openvpn-service-openvpn-helper returned an error
> because it did not receive a gateway.
> The following patch allows to use an OpenVPN Connection without getting a
> gateway. This patch applies fine against HEAD and STABLE.

Well, NM will fail the VPN connection anyway on the NM side, since it
does require a gateway (see nm-vpn-service.c,
nm_vpn_service_stage4_ip4_config_get()).  NM's got a fairly simplistic
idea of VPNs at the moment, mainly targetted at mobile users connecting
to a corporate VPN.  Is your config here just a point-to-point VPN
connection to one host?  Are you only routing traffic for 10.4.0.1 over
the VPN, and everything else over the normal interface gateway?

Interestingly enough, after doing the normal VPN code, we changed the
routing to allow the user to only route certain subnets over the VPN and
everything else to the normal gateway.  That's not really that much
different from this case of point-to-point VPN.

Thanks,
Dan

> Does somebody have any concerns about giving NM no gateway address?
> 
> Regards,
> Helmut
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list

References:
- [PATCH] OpenVPN does not return a gateway
  - From: Helmut Schaa

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]