NetworkManager VPN and routing in bridged mode

[Valentine Sinitsyn <Valentine Sinitsyn usu ru>]

Hello,

I've came across an interesting misbehavior while trying to connect my
NM 0.6.5 on Arch Linux box to OpenVPN (2.0.9) server and thought it
may be useful to raise this question in the mailing list.

Looks like NetworkManagerSystem.c nm_system_vpn_device_set_from_ip4_config() function (both
in 0.6.5 barnch and in trunk) quietly assumes that VPN device is
always P-t-P tunnel, which is not true for some cases. This works ok for PPTP
(obviously) and maybe other VPN servers I have no experience with, but
when it comes to OpenVPN with server-bridged mode, it fails to create
correct configuration on the client side. The problem is routes are
added through _device_ although in the aforementioned setup it should
be done through a gateway in remote network. The route to the remote
network itself (added by OpenVPN daemon) is also killed by

nm_system_device_flush_routes_with_iface (iface);

call. Since IP4Config's gateway is already filled with VPN Gateway (i.e. the
host running OpenVPN server) in this case, there is no possibility to
pass remote gateway to the function, although it's no-problem to
obtain it from OpenVPN in nm-openvpn-helper binary. Looks like there
is no way to implement desired behavior without breaking the API.

There are many ways to fix this by a hack. Any ideas on how to get
this working in proper way? Is this planned for 0.7 or some future
release?

Many thanks,
Valentine Sinitsyn