Re: NM ignores knobs regarding ipv6

On Fri, Feb 05, Thomas Haller wrote:

On Fri, 2016-02-05 at 09:01 +0100, Olaf Hering wrote:
The openvpn connection I have been using for months just gained
support for ipv6. A few months ago I already set ipv6 to "Disabled"
in the IPv6 tab of nm-connection-editor 1.0.8. But when the tunnel
is established NM applies the settings received from the peer
There exists no ipv6 method "Disabled" until now. What exists is
"Ignore" which means, NM leaves it all to the kernel.

What does it leave to the kernel? I think there is nothing the kernel
can do on tun0, should there be some autonegitation for link-local? Its
unlikely, and tun0 gets just the provided ipv4+ipv6 address. And
addition also the ipv6 default route is set to tun0.
Every knob in the ipv6 tab is ignored.

Can you show
  nmcli connection show $CONNECTION_ID                          $VPN
connection.uuid:                        b210995e-b03d-4f35-882c-523fcf3fe264
connection.interface-name:              --
connection.type:                        vpn
connection.autoconnect:                 no
connection.autoconnect-priority:        0
connection.timestamp:                   1454686875                   no
connection.permissions:                 user:olaf                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
ipv4.method:                            auto
ipv4.gateway:                           --
ipv4.route-metric:                      -1
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.never-default:                     yes
ipv4.may-fail:                          yes
ipv6.method:                            ignore
ipv6.gateway:                           --
ipv6.route-metric:                      -1
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       0 (disabled)
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
vpn.service-type:                       org.freedesktop.NetworkManager.openvpn
vpn.user-name:                          --                               $cmdline
vpn.secrets:                            <hidden>
vpn.persistent:                         no
GENERAL.NAME:                           $VPN
GENERAL.UUID:                           b210995e-b03d-4f35-882c-523fcf3fe264
GENERAL.DEVICES:                        br0
GENERAL.STATE:                          activated
GENERAL.DEFAULT:                        no
GENERAL.DEFAULT6:                       no
GENERAL.VPN:                            yes
GENERAL.ZONE:                           --
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/ActiveConnection/12
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/4
GENERAL.SPEC-OBJECT:                    /org/freedesktop/NetworkManager/ActiveConnection/0
GENERAL.MASTER-PATH:                    /org/freedesktop/NetworkManager/Devices/1
IP4.ROUTE[1]:                           dst =, nh =, mt = 50
IP4.ROUTE[2]:                           dst =, nh =, mt = 50
IP4.ROUTE[3]:                           dst =, nh =, mt = 50
IP4.ROUTE[4]:                           dst =, nh =, mt = 50
IP4.ROUTE[5]:                           dst =, nh =, mt = 50
IP4.ROUTE[6]:                           dst =, nh =, mt = 50
IP4.ROUTE[7]:                           dst =, nh =, mt = 50
IP4.DOMAIN[1]:                          $domain
IP6.ADDRESS[1]:                         2620:113:80c0:8100:10:163:0:87/64
IP6.ROUTE[1]:                           dst = 2620:113:80c0:8000::/50, nh = 2620:113:80c0:8100:10:163:0:2, mt 
= 50
VPN.TYPE:                               openvpn
VPN.USERNAME:                           $user
VPN.GATEWAY:                            $gate
VPN.VPN-STATE:                          5 - VPN connected
VPN.CFG[1]:                             $ta
VPN.CFG[2]:                             $key
VPN.CFG[3]:                             $ca
VPN.CFG[4]:                             $cert
VPN.CFG[5]:                             username = $user
VPN.CFG[6]:                             dev-type = tun
VPN.CFG[7]:                             cert-pass-flags = 2
VPN.CFG[8]:                             comp-lzo = yes
VPN.CFG[9]:                             cipher = AES-256-CBC
VPN.CFG[10]:                            remote = $gate
VPN.CFG[11]:                            password-flags = 2
VPN.CFG[12]:                            auth = SHA512
VPN.CFG[13]:                            connection-type = password-tls
VPN.CFG[14]:                            ta-dir = 1

  ip addr
  ip route

Not easily, and this misses ipv6: ip -6 a|r s


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]