Re: Route configuration

From: Dan Williams <dcbw redhat com>
To: Benoit Boissinot <bboissin+networkmanager gmail com>
Cc: NetworkManager-list <NetworkManager-list gnome org>
Subject: Re: Route configuration
Date: Mon, 02 Nov 2009 13:34:14 -0800

On Mon, 2009-11-02 at 22:18 +0100, Benoit Boissinot wrote:
> On Mon, Nov 02, 2009 at 01:02:38PM -0800, Dan Williams wrote:
> > On Fri, 2009-10-30 at 17:58 +0100, Benoit Boissinot wrote:
> > > Hi list,
> > > 
> > > I have a small feature request regarding the custom routing option.
> > > Currently you can easily direct direct a subnetwork to a connection
> > > (the "use this connection only for ressources on its network"
> > > checkbox).
> > > But if you want something more complex (e.g. the vpn has a private IP
> > > (192.68.0.X), but you want to direct all traffic to the site through
> > > the vpn, not just 192.168.0.0/24, but a global ipv4 prefix) it won't
> > > work and you have to add custom routes.
> > > But custom routes are not automagic at all, for example the gateway
> > > must be static, it means that if the routeur ip changes, you have to
> > > update the route, etc.
> > > 
> > > I guess most people uses that setting to route a subnetwork to the
> > > gateway provided by the connection, so wouldn't it be better to have
> > > an UI to facilitate it?
> > > 
> > > eg:
> > > Use this connection for ressources on the following network (and a way
> > > to input a network, only address+netmask or address/prefix, no metric
> > > needed)
> > 
> > I may not exactly understand, but maybe we could repurpose a blank
> > gateway to mean the connection's current gateway if any.
> 
> Yes, and that's what I've actually been doing (using a blank gateway).
> But it probably only works because of the way openvpn works: I ended up
> with the following route:
> 
> 192.168.0.0/16 dev tun0  proto static  scope link
> 
> And I would acutally prefer:
> 
> 192.168.0.0/16 via <vpn gw> dev tun0  proto static
> 
> Is the first behavious actually useful for anyone (add a new network
> reachable directly from the link)?
> 
> > Then you leave "Use this connection only for resources on its network"
> > *un* checked, and you enter in your 192.168.0.0/24 route and you'd end
> > up with something like this in your routing table:
> > 
> > 192.168.0.0   <vpn gw>   255.255.0.0   U     0      0        0 tun0
> > 
> > Maybe?
> 
> Yes, so I guess I should get the gateway by iterating the NMIP4Address's
> from the config, and pick the first one with a gateway?

If you have the NMVPNConnection object internally, you'd use
nm_vpn_connection_get_ip4_internal_gateway() to get it.  You don't want
to use the external public IP of the VPN gateway, you want to use the
internal gateway that tun0 will actually forward packets to I think.  We
should do the same thing for other device types though, so what you'd
really want to do is perform the substitution in nm-vpn-connection.c
around here:

	/* Merge in user overrides from the NMConnection's IPv4 setting */
	s_ip4 = NM_SETTING_IP4_CONFIG (nm_connection_get_setting (priv->connection, NM_TYPE_SETTING_IP4_CONFIG));
	nm_utils_merge_ip4_config (config, s_ip4);

the user-specified routes will be in the "s_ip4" which is an
NMSettingIP4Config object (libnm-util/nm-setting-ip4-config.c).  Maybe
add a new parameter to nm_utils_merge_ip4_config() that takes a default
gateway to be used if any ip-address gateway is 0.

Care to take a stab at it?

Thanks!
Dan

Follow-Ups:
- Re: Route configuration
  - From: Benoit Boissinot

References:
- Re: Route configuration
  - From: Dan Williams
- Re: Route configuration
  - From: Benoit Boissinot

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]