Re: Problem with vpn connection
- From: Jetchko Jekov <jetchko jekov gmail com>
- To: Thomas Haller <thaller redhat com>, "networkmanager-list gnome org" <networkmanager-list gnome org>
- Subject: Re: Problem with vpn connection
- Date: Mon, 15 Aug 2016 21:51:36 +0000
Hi,
Thanks for clarification.
Although I am little puzzled with NMs view of "best-device". That's definitely not the default gateway in many cases.
Yes the case I described is not so widely (vpn over vpn) spread but in my lab I am using VPNs with similar routing all the time.
Fortunately till now I havent tried to use NM for managing these VPN connections. And now I know why I shouldn't even try it.
As for your suggestion:
How can I specify a route in format:
10.87.2.207 dev vpn0 proto static scope link src 10.144.204.217 ?
To me it seems NM expects next-hop IP address in manual routes specification.
And in my case I cant know this in advance (this is corporate VPN and I can land on any of dozens entry points).
Jeka
On Sun, 2016-08-14 at 17:44 +0000, Jetchko Jekov wrote:
> Hi guys,
>
> I have following problem:
> I am trying to setup openvpn connection to VPN server accessible not
> via default gateway.
> Wnen NM configures vpn connection it sets the route to VPN server's
> IP address wrongly via default gateway.
> Here is an example:
> - before activating VPN connection my routing table looks like this:
>
> default via 192.168.13.1 dev br0 proto static metric 425
> 10.0.0.0/8 dev vpn0 proto kernel scope link src 10.144.204.250
> metric 50
> 10.39.49.28 dev vpn0 proto static scope link src 10.144.204.250
> metric 425
> 172.21.0.0/24 dev virbr0 proto kernel scope link src 172.21.0.1
> linkdown
> 192.168.13.0/24 dev br0 proto kernel scope link src 192.168.13.11
> metric 425
> 194.251.119.216 via 192.168.13.1 dev br0 proto static metric 425
>
> (yes, the vpn I am trying to connect to is accessible via another vpn
> (split-vpn) connection established in advance, but I guess this
> doesn't matter)
>
> Now, when I activate openvpn connection to server with address
> 192.167.3.254 accessible via http proxy at 10.39.49.28,
> and after successful connection my routing table look like this:
>
> default via 192.168.13.1 dev br0 proto static metric 425
> 10.0.0.0/8 dev vpn0 proto kernel scope link src 10.144.204.250
> metric 50
> 10.39.49.28 via 192.168.13.1 dev br0 proto static metric 425
> 172.21.0.0/24 dev virbr0 proto kernel scope link src 172.21.0.1
> linkdown
> 192.167.0.0/16 via 192.167.15.1 dev tun0 proto static metric 50
> 192.167.15.0/24 dev tun0 proto kernel scope link src 192.167.15.66
> metric 50
> 192.168.13.0/24 dev br0 proto kernel scope link src 192.168.13.11
> metric 425
> 194.251.119.216 via 192.168.13.1 dev br0 proto static metric 425
>
> The problem is 3rd line. I have no idea why NM sets route this wrong
> way.
> If correct this route manually to
> 10.39.49.28 dev vpn0 proto static scope link src 10.144.204.250
> metric 425
> everything works as expected
>
> The question is: Have I missconfigured something on my end or NM (or
> openvpn plugin) is broken in this regard.
>
hi,
NM always associates a VPN connection with the "best-device", that is
the device which currently has the default-route. And then it adds a
direct route to the external gateway via that device. That is a current
short-coming of NM, as it breaks down in your case.
(there is no concrete plan how to fix that yet).
How about you add a manual route to 10.39.49.28 to vpn0 with a metric
lower then 425?
Thomas
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
