Re: openvpn and network manager



By default, NetworkManager will route all traffic through the VPN, so
the server supplied routes with a TUN connection are usually moot (as
long as the VPN gateway knows how to route things properly). If you
don't want to route all traffic through the VPN, you can manually
specify which subnets should be routed through the VPN in the advanced
properties dialog.


I have tried specifying the route manually, and it is not working. If I understand correctly what networkmanager is doing, this is caused because
it treats my TAP interface as a Point-to-Point link, while it actually creates a network bridge:

May 31 10:22:03 mitsos nm-openvpn[7063]: LZO compression initialized
May 31 10:22:03 mitsos nm-openvpn[7063]: Attempting to establish TCP connection with 1.2.3.4:443 [nonblock]
May 31 10:22:04 mitsos nm-openvpn[7063]: TCP connection established with 1.2.3.4:443
May 31 10:22:04 mitsos nm-openvpn[7063]: TCPv4_CLIENT link local: [undef]
May 31 10:22:04 mitsos nm-openvpn[7063]: TCPv4_CLIENT link remote: 1.2.3.4:443
May 31 10:22:06 mitsos nm-openvpn[7063]: event_wait : Interrupted system call (code=4)
May 31 10:22:06 mitsos nm-openvpn[7063]: SIGTERM[hard,] received, process exiting
May 31 10:22:19 mitsos NetworkManager: <info>  VPN plugin state changed: 3
May 31 10:22:19 mitsos nm-openvpn[7075]: OpenVPN 2.1_rc7 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 21 2008
May 31 10:22:19 mitsos nm-openvpn[7075]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
May 31 10:22:19 mitsos nm-openvpn[7075]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
May 31 10:22:19 mitsos NetworkManager: <info>  VPN connection 'server.physics.auth.gr' (Connect) reply received.
May 31 10:22:19 mitsos nm-openvpn[7075]: LZO compression initialized
May 31 10:22:19 mitsos nm-openvpn[7075]: Attempting to establish TCP connection with 1.2.3.4:443 [nonblock]
May 31 10:22:20 mitsos nm-openvpn[7075]: TCP connection established with 1.2.3.4:443
May 31 10:22:20 mitsos nm-openvpn[7075]: TCPv4_CLIENT link local: [undef]
May 31 10:22:20 mitsos nm-openvpn[7075]: TCPv4_CLIENT link remote: 1.2.3.4:443
May 31 10:22:25 mitsos nm-openvpn[7075]: [vpn.grid.auth.gr] Peer Connection Initiated with 1.2.3.4:443
May 31 10:22:27 mitsos nm-openvpn[7075]: TUN/TAP device tap0 opened
May 31 10:22:27 mitsos nm-openvpn[7075]: /sbin/ip link set dev tap0 up mtu 1500
May 31 10:22:27 mitsos nm-openvpn[7075]: /sbin/ip addr add dev tap0 192.168.1.1/24 broadcast 192.168.1.255
May 31 10:22:27 mitsos avahi-daemon[2577]: Joining mDNS multicast group on interface tap0.IPv4 with address 192.168.1.1.
May 31 10:22:27 mitsos avahi-daemon[2577]: New relevant interface tap0.IPv4 for mDNS.
May 31 10:22:27 mitsos avahi-daemon[2577]: Registering new address record for 192.168.1.1 on tap0.IPv4.
May 31 10:22:27 mitsos nm-openvpn[7075]: /usr/bin/nm-openvpn-service-openvpn-helper tap0 1500 1576 192.168.1.1 255.255.255.0 init
May 31 10:22:27 mitsos NetworkManager: <info>  VPN connection 'server.physics.auth.gr' (IP Config Get) reply received.
May 31 10:22:27 mitsos NetworkManager: <info>  VPN Gateway: 1.2.3.4
May 31 10:22:27 mitsos NetworkManager: <info>  Tunnel Device: tap0
May 31 10:22:27 mitsos NetworkManager: <info>  Internal IP4 Address: 192.168.1.1
May 31 10:22:27 mitsos NetworkManager: <info>  Internal IP4 Netmask: 255.255.255.0
May 31 10:22:27 mitsos NetworkManager: <info>  Internal IP4 Point-to-Point Address: 0.0.0.0
May 31 10:22:27 mitsos NetworkManager: <info>  Maximum Segment Size (MSS): 0
May 31 10:22:27 mitsos NetworkManager: <info>  Internal IP4 DNS: 192.168.1.2
May 31 10:22:27 mitsos NetworkManager: <info>  DNS Domain: '(none)'
May 31 10:22:27 mitsos NetworkManager: <info>  Login Banner:
May 31 10:22:27 mitsos NetworkManager: <info>  -----------------------------------------
May 31 10:22:27 mitsos NetworkManager: <info>  (null)
May 31 10:22:27 mitsos NetworkManager: <info>  -----------------------------------------
May 31 10:22:27 mitsos nm-openvpn[7075]: Initialization Sequence Completed
May 31 10:22:28 mitsos NetworkManager: <info>  VPN connection 'server.physics.auth.gr' (IP Config Get) complete.
May 31 10:22:28 mitsos NetworkManager: <info>  VPN plugin state changed: 4
May 31 10:22:28 mitsos avahi-daemon[2577]: Registering new address record for fe80::2ff:beff:fe18:557f on tap0.*.

If I specify the routes manually, they are assigned to the tap0 interface, while the requrirement is to specify for each route its gateway(which in my case is the same for all). I do not wish all traffic to go to vpn, only selected.


--
============================================================================

Dimitris Zilaskos

Department of Physics @ Aristotle University of Thessaloniki , Greece
PGP key : http://tassadar.physics.auth.gr/~dzila/pgp_public_key.asc
	  http://egnatia.ee.auth.gr/~dzila/pgp_public_key.asc
MD5sum  : de2bd8f73d545f0e4caf3096894ad83f  pgp_public_key.asc
============================================================================



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]