Re: Broken OpenVPN

From: Dan Williams <dcbw redhat com>
To: Nathaniel McCallum <nathaniel themccallums org>
Cc: networkmanager-list gnome org
Subject: Re: Broken OpenVPN
Date: Fri, 08 Aug 2008 10:58:02 -0400

On Thu, 2008-08-07 at 19:02 -0400, Nathaniel McCallum wrote:
> Dan Williams wrote:
> > On Fri, 2008-08-01 at 17:46 -0400, Nathaniel McCallum wrote:
> >   
> >> So I upgraded to the stuff in F9 updates-testing and it broke
> >> NM-OpenVPN.  Particularly, the problem is routing.
> >>
> >> Routing before the upgrade:
> >> $ route -n | grep tun
> >> 10.254.0.1      10.254.0.9      255.255.255.255 UGH   0      0
> >> 0 tun0
> >> 10.254.0.9      0.0.0.0         255.255.255.255 UH    0      0
> >> 0 tun0
> >>
> >> Routing after the upgrade:
> >> $ route -n | grep tun
> >> 10.254.0.1      10.254.0.9      255.255.255.255 UGH   0      0
> >> 0 tun0
> >> 10.254.0.0      0.0.0.0         255.255.255.0   U     0      0
> >> 0 tun0
> >>     
> >
> > What ends up breaking here?  Do you just want traffic to 10.254.0.9 to
> > go out over tun0 and everything else (including all other 10.254.0.x/24)
> > to still go out over the local network?
> >
> > Also, what does the openvpn server config look like?
> >
> > The only difference between the two dumps above should be that in the
> > second, all 10.254.0.0/24 traffic goes out over the tunnel now.
> >   
> Sorry, I think I pasted the wrong thing before.
> 
> Routing before the upgrade:
> $ route -n | grep tun0
> 10.254.0.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
> 10.254.0.1      10.254.0.5      255.255.255.255 UGH   0      0        0 tun0
> 10.175.211.0    10.254.0.5      255.255.255.0   UG    0      0        0 tun0
> 
> Routing after the upgrade:
> $ route -n | grep tun0
> 10.254.0.1      10.254.0.5      255.255.255.255 UGH   0      0        0 tun0
> 10.254.0.0      0.0.0.0         255.255.255.0   U     0      0        0 tun0
> 
> You can see that after the update the route to 10.175.211.0/24 is gone.  
> Using openvpn directly from the CLI, I get the same results as 
> pre-upgrade.  So apparently the new NM is dropping the 10.175.211.0/24 
> advertised route somewhere (I've not manually configured this route 
> anywhere)...

Is that route pushed down from the server, and if so, any idea how
exactly it shows up for an openvpn ipup script?  i.e. what environment
variable does it end up getting passed in.  The current handler might
have some bugs of course, just want to make sure it's looking at the
right thing.

> There is also another bug I've found.  When going into the new VPN 
> connection editing interface, and to IPv4 Settings I can add static 
> routes.  If I add a static route, when I make the connection, the 
> gateways are always "0.0.0.0" regardless of what is in the Gateway field.

That sounds like a bug.

Dan

References:
- Broken OpenVPN
  - From: Nathaniel McCallum
- Re: Broken OpenVPN
  - From: Dan Williams
- Re: Broken OpenVPN
  - From: Nathaniel McCallum

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]