Re: openvpn and network manager
- From: Dan Williams <dcbw redhat com>
- To: Casey Harkins <caseyharkins gmail com>
- Cc: networkmanager-list gnome org
- Subject: Re: openvpn and network manager
- Date: Sun, 01 Jun 2008 10:16:03 -0400
On Sat, 2008-05-31 at 13:18 -0500, Casey Harkins wrote:
> On Sat, 2008-05-31 at 10:42 +0300, Dimitris Zilaskos wrote:
> > > By default, NetworkManager will route all traffic through the VPN, so
> > > the server supplied routes with a TUN connection are usually moot (as
> > > long as the VPN gateway knows how to route things properly). If you
> > > don't want to route all traffic through the VPN, you can manually
> > > specify which subnets should be routed through the VPN in the advanced
> > > properties dialog.
> >
> >
> > I have tried specifying the route manually, and it is not working. If I
> > understand correctly what networkmanager is doing, this is caused because
> > it treats my TAP interface as a Point-to-Point link, while it actually creates a network bridge:
>
> Right, I forgot about that part of the problem. I really need to sit
> down and set up a TAP openvpn server to test this stuff out with and see
Yeah, I poked at this some ago. The issue here is that since TAP looks
like an ethernet device, it doesn't have the same IP configuration
characteristics as TUN devices do. In the TAP case, you can also do
DHCP over the TAP interface and get an IP that way too, or you can use
static IP, or you can have the server push the IP down I think.
There was also a lot of stuff about bridging in some of the HOWTOs that
I read about TAP-mode. Do you have to set up bridging to use openvpn
TAP mode on the client? It wasn't clear to me if that was required or
not.
> what I can come up with. As Dan mentioned earlier, Tambet has a patch
> that will clean up routing in NMIP4Config (not sure what all that
> covers). After that, we need to figure out how to optionally specify a
> gateway (and device?) for each route. All the information we need is
> available to us, its just a matter of getting it between the openvpn
> plugin and NM and having NM do the right thing.
Tambet's patch fixes that internally in NM, so I think it's just a
matter of getting the tuple of (ip, netmask/prefix, gateway) associated
together when they are passed back to NM from the vpn control daemon.
dan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
