Re: NM ignores knobs regarding ipv6

On Fri, 2016-02-05 at 09:01 +0100, Olaf Hering wrote:
The openvpn connection I have been using for months just gained
for ipv6. A few months ago I already set ipv6 to "Disabled" in the
tab of nm-connection-editor 1.0.8. But when the tunnel is established
applies the settings received from the peer anyway.

There exists no ipv6 method "Disabled" until now. What exists is
"Ignore" which means, NM leaves it all to the kernel.

I also tried to apply just the addresses, ignore the received routes.
Whatever happens, all ipv6 traffic goes through the tunnel as a

Why does NM ignore the knobs? It calls openvpn like that:

--remote $host 443 tcp
--dev tun
--dev-type tun
--cipher AES-256-CBC
--auth SHA512
--tls-auth $key 1
--reneg-sec 0
--syslog nm-openvpn
--script-security 2
--up /usr/lib/nm-openvpn-service-openvpn-helper
--management /var/run/NetworkManager/nm-openvpn-05c972e7-1f61-4bca-
a5a0-c6b0ed7b44a6 unix
--management-client-user root
--management-client-group root
--auth-retry interact
--ca $crt
--cert $crt
--key $key
--user nm-openvpn
--group nm-openvpn

Does openvpn do all the address assignment by itself?

The vpn service reports the addresses/routes back to NetworkManager,
and NetworkManager does configuration according to the connection's
configuration + the stuff reported from the VPN service.

Can you show
  nmcli connection show $CONNECTION_ID
  ip addr
  ip route


Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]