Re: openvpn fixes against svn 3140

From: Dan Williams <dcbw redhat com>
To: lists dresco co uk
Cc: networkmanager-list gnome org
Subject: Re: openvpn fixes against svn 3140
Date: Thu, 06 Dec 2007 06:12:09 -0500

On Thu, 2007-12-06 at 09:25 +0000, Jon Escombe wrote:
> Casey Harkins wrote:
> >> Also, I'm not getting a route added for the VPN subnet.
> >
> > Are you talking about the "Only use VPN connection for these 
> > addresses" option, or it's not setting your default route to your TAP 
> > device?
> 
> I'll provide some examples to be clearer. I'm not using the "only use 
> for local addresses" option, and am connecting back to my VPN over a 
> UMTS link (as I can't connect from inside my own network).
> 
> -- So, when I'm inside my network I get a routing table like this:
> 
> # ip route
> 192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.175
> default via 192.168.1.1 dev wlan0
> 
> -- And when I've made the UMTS connection to the internet it's like this:
> 
> # ip route
> default dev ppp0  scope link
> 
> at this point using wvdial instead of NM would give me an additional 
> route for the ppp connection -  but I don't think it's relevant -
> 10.x.x.64 dev ppp0  proto kernel  scope link  src 10.x.x.192
> 
> -- Running openvpn from the command line gives me this:
> 
> # ip route
> 192.168.1.0/24 dev tap0  proto kernel  scope link  src 192.168.1.75
> default dev ppp0  scope link
> 
> which sets up the local subnet access, but doesn't route other traffic 
> through the VPN tunnel. I see an error about not being able to determine 
> the local gateway (NOTE: unable to redirect default gateway -- Cannot 
> read current default gateway from system) which may be something to do 
> with the UMTS connection - would need to confirm that from another location.
> 
> -- Initiating the openvpn connection through NM gives me this:
> 
> # ip route
> default dev tap0  scope link
> 
> so it changes the default route from ppp0 to tap0, but doesn't retain a 
> specific route to the VPN server over ppp0 - so the tunnel stalls. Also 
> doesn't add a gateway (however - this may be related to the problem above).

With vpnc this definitely isn't a problem; that's what the "gateway"
address bits are for.  NM will ensure that there is always a route to
the VPN server via the connected interface.  That's how it should work
in openvpn too, but maybe openvpn plugin isn't setting the right bits in
NMIP4Config?

Dan

> -- And my 'usual' config where I run openvpn from the command line and 
> them set up the routes manually is
> 
> # ip route
> 82.x.x.174 dev ppp0  scope link
> 192.168.1.0/24 dev tap0  proto kernel  scope link  src 192.168.1.95
> default via 192.168.1.1 dev tap0
> 
> Hope that makes sense and is some help, I can provide sanitised versions 
> of my openvpn config files too if you want?
> 
> Regards,
> Jon
>

Follow-Ups:
- Re: openvpn fixes against svn 3140
  - From: Jon Escombe

References:
- openvpn fixes against svn 3138
  - From: Casey Harkins
- Re: openvpn fixes against svn 3138
  - From: Dan Williams
- Re: openvpn fixes against svn 3138
  - From: Casey Harkins
- Re: openvpn fixes against svn 3138
  - From: Jon Escombe
- Re: openvpn fixes against svn 3140
  - From: Casey Harkins
- Re: openvpn fixes against svn 3140
  - From: Jon Escombe

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]