Re: IPv6 in network-manager-openvpn

[Nicolas Iooss <nicolas iooss m4x org>]

2013/8/21 Dan Winship

On 08/19/2013 12:47 PM, Nicolas Iooss wrote:
> The patches are working well in my testing environment with
> NetworkManager 0.9.8 but with the development revision I've got few
> issues such as https://bugzilla.gnome.org/show_bug.cgi?id=706286. Now NM
> crashes on a segmentation fault
> at http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/nm-policy.c#n788 as
> nm_vpn_connection_get_ip6_internal_gateway returns NULL for my VPN

Right. Does the attached patch fix it?

 Your patch fixed the segmentation fault but now NetworkManager sets up a default route via the VPN even if the OpenVPN server has not pushed any. More precisely, with NetworkManager OpenVPN plugin, "ip -6 route" shows "default dev tun0  proto static  metric 1024" whereas executing openvpn in command line doesn't add this default route. Moreover this route doesn't work as the next hop needs to be defined to be able to route packets in an OpenVPN tunnel. To fix this behavior, I opened a bug a few days ago which makes get_best_ip6_config no longer returns VPN connections which don't have any internal gateway : https://bugzilla.gnome.org/show_bug.cgi?id=706332.

In fact I don't know how to make an OpenVPN server route the IPv6 internet but by pushing to clients a route to 2000::/3 as described on http://tomsalmon.eu/2013/04/openvpn-ipv6-with-tun-device/ (last line of the config file), as there is no IPv6 equivalent of OpenVPN setting "route_vpn_gateway" (which is what NM uses as IPv4 internal gateway). This is why I think that a VPN plugin which doesn't set the "IPv6 internal gateway" connection parameter shouldn't be considered as a connection providing a default route to the Internet (and this is what I implemented in the patch for bug #706332).

Nicolas