Re: IPv6 in network-manager-openvpn

From: Dan Williams <dcbw redhat com>
To: Nicolas Iooss <nicolas iooss m4x org>
Cc: networkmanager-list gnome org
Subject: Re: IPv6 in network-manager-openvpn
Date: Mon, 26 Aug 2013 11:51:41 -0500

On Thu, 2013-08-22 at 21:39 +0200, Nicolas Iooss wrote:

2013/8/21 Dan Winship

On 08/19/2013 12:47 PM, Nicolas Iooss wrote:

The patches are working well in my testing environment with
NetworkManager 0.9.8 but with the development revision I've got few
issues such as https://bugzilla.gnome.org/show_bug.cgi?id=706286. Now NM
crashes on a segmentation fault
at

http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/nm-policy.c#n788as

nm_vpn_connection_get_ip6_internal_gateway returns NULL for my VPN


Right. Does the attached patch fix it?


 Your patch fixed the segmentation fault but now NetworkManager sets up a
default route via the VPN even if the OpenVPN server has not pushed any.


Unfortunately we cannot rely on administrators always pushing a default
route if the VPN can actually route all traffic.

What we *could* do is the same thing that openconnect and vpnc do, which
is that if any other routes are pushed to the client, then
nm-openvpn-service-openvpn-helper sets the NEVER_DEFAULT flag which
prevents the tunnel from claiming the default route in NetworkManager.

The problem you're going to run into is that the NM-openvpn plugin
doesn't yet support IPv6, because last time some patches got proposed,
openvpn didn't have full IPv6 support and didn't pass back the necessary
stuff to the helper script :(  That may have changed?

Dan

More precisely, with NetworkManager OpenVPN plugin, "ip -6 route" shows
"default dev tun0  proto static  metric 1024" whereas executing openvpn in
command line doesn't add this default route. Moreover this route doesn't
work as the next hop needs to be defined to be able to route packets in an
OpenVPN tunnel. To fix this behavior, I opened a bug a few days ago which
makes get_best_ip6_config no longer returns VPN connections which don't
have any internal gateway :
https://bugzilla.gnome.org/show_bug.cgi?id=706332.

In fact I don't know how to make an OpenVPN server route the IPv6 internet
but by pushing to clients a route to 2000::/3 as described on
http://tomsalmon.eu/2013/04/openvpn-ipv6-with-tun-device/ (last line of the
config file), as there is no IPv6 equivalent of OpenVPN setting
"route_vpn_gateway" (which is what NM uses as IPv4 internal gateway). This
is why I think that a VPN plugin which doesn't set the "IPv6 internal
gateway" connection parameter shouldn't be considered as a connection
providing a default route to the Internet (and this is what I implemented
in the patch for bug #706332).

Nicolas
_______________________________________________
networkmanager-list mailing list
networkmanager-list gnome org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Follow-Ups:
- Re: IPv6 in network-manager-openvpn
  - From: Tore Anderson

References:
- IPv6 in network-manager-openvpn
  - From: Nicolas Iooss
- Re: IPv6 in network-manager-openvpn
  - From: Dan Winship
- Re: IPv6 in network-manager-openvpn
  - From: Nicolas Iooss

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]