Re: IPv6 in network-manager-openvpn

From: Tore Anderson <tore fud no>
To: Nicolas Iooss <nicolas iooss m4x org>
Cc: networkmanager-list gnome org
Subject: Re: IPv6 in network-manager-openvpn
Date: Fri, 23 Aug 2013 11:16:28 +0200

* Nicolas Iooss

As I understand things after reading
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage:
(a) With IPv4, OpenVPN server issues an push "redirect-gateway def1"
command which tells the client to configure a default route via what is
in the route-gateway option. This option is retrieved by OpenVPN plugin
using environment variable "route_vpn_gateway" but the first push
command is lost and that's why NetworkManager provides a checkbox to
allow the user to choose whether this VPN connection may be used as
default route or not.
(b) With IPv6, push "redirect-gateway def1" command doesn't do anything
and there is nothing like "route_vpn_gateway". A simple workaround
consists in pushing a route to 2000::/3 but there should be another way
for an OpenVPN server to push IPv6 default routes to its clients.


Yeah, I tried pushing ::/0 but that didn't work at all, the client just
ignored it. The work VPN server doesn't push any default routes, nor
will it actually route traffic to the internet, only to the specific
networks for which it does push a route. So I think it is broken
behaviour by NM to redirect the default route to the VPN tunnel by
default, when there is absolutely nothing suggesting it should do so.
But in any case this has nothing to do with your patches.

Right now, NetworkManager is acting in IPv6 like in IPv4: it creates a
default route unless "use this connection only for resources on its
network" is checked. For OpenVPN I think NM should never create a
default route as the server pushes what is needed, but for other VPN the
situation is certainly different. To be compatible with every VPN
plugin, I've written a patch in bug 706332 which would allow the IPv6
internal gateway associated with a connection to be NULL, which is
different from "::" (this latest value meaning "configure a default
route without any gateway").


It's kind of pointless to be talking about "gateways" anyway, since this
is a point-to-point interface anyway where the gateway concept (i.e. a
next-hop pointing to an IP address rather than the interface directly)
doesn't make any sense... I guess this is due to limitations in the
NetworkManager/OpenVPN code though.

Tore

References:
- IPv6 in network-manager-openvpn
  - From: Nicolas Iooss
- Re: IPv6 in network-manager-openvpn
  - From: Tore Anderson
- Re: IPv6 in network-manager-openvpn
  - From: Nicolas Iooss

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]