Re: NM ignores knobs regarding ipv6
- From: Dan Williams <dcbw redhat com>
- To: Olaf Hering <olaf aepfle de>, Thomas Haller <thaller redhat com>
- Cc: networkmanager-list gnome org
- Subject: Re: NM ignores knobs regarding ipv6
- Date: Fri, 05 Feb 2016 11:50:37 -0600
On Fri, 2016-02-05 at 16:49 +0100, Olaf Hering wrote:
On Fri, Feb 05, Thomas Haller wrote:
On Fri, 2016-02-05 at 09:01 +0100, Olaf Hering wrote:
The openvpn connection I have been using for months just gained
support for ipv6. A few months ago I already set ipv6 to
"Disabled"
in the IPv6 tab of nm-connection-editor 1.0.8. But when the
tunnel
is established NM applies the settings received from the peer
anyway.
There exists no ipv6 method "Disabled" until now. What exists is
"Ignore" which means, NM leaves it all to the kernel.
What does it leave to the kernel? I think there is nothing the kernel
can do on tun0, should there be some autonegitation for link-local?
Its
unlikely, and tun0 gets just the provided ipv4+ipv6 address. And
addition also the ipv6 default route is set to tun0.
Every knob in the ipv6 tab is ignored.
Can you grab some NM log output? the NetworkManager openvpn plugin
does have support for IPv6, but we need to figure out if:
1) NM or NM-openvpn is somehow ignoring your request to have them
ignore IPv6 configuration
OR
2) NM is honoring your ipv6.method=ignore, and leaving everything to
the kernel, which sends Router Solictiations over tun0 and gets a reply
back from an IPv6 router on the other side of the VPN.
The NM logs should make that pretty clear, and they'll look something
like this:
<info> VPN connection 'My VPN' (IP4 Config Get) reply received.
<info> VPN Gateway: 1.2.3.4
<info> Tunnel Device: asdadf
<info> IPv4 configuration:
<info> Internal Address: 2.3.4.5
<info> Internal Prefix: 32
<info> Internal Point-to-Point Address: 2.3.4.6
<info> Maximum Segment Size (MSS): 0
<info> Forbid Default Route: yes
<info> Internal DNS: 5.6.7.8
<info> Internal DNS: 5.6.7.9
<info> DNS Domain: 'myvpn.com'
<info> No IPv6 configuration
If in your logs you see "No IPv6 configuration", then it's the kernel
doing it's IPv6 stuff on the interface. If you see "IPv6
configuration: <stuff>" then it's NM not honoring ipv6.method=ignore.
Dan
Can you show
nmcli connection show $CONNECTION_ID
connection.id: $VPN
connection.uuid: b210995e-b03d-4f35-882c
-523fcf3fe264
connection.interface-name: --
connection.type: vpn
connection.autoconnect: no
connection.autoconnect-priority: 0
connection.timestamp: 1454686875
connection.read-only: no
connection.permissions: user:olaf
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries:
connection.gateway-ping-timeout: 0
connection.metered: unknown
ipv4.method: auto
ipv4.dns:
ipv4.dns-search:
ipv4.addresses:
ipv4.gateway: --
ipv4.routes:
ipv4.route-metric: -1
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.never-default: yes
ipv4.may-fail: yes
ipv6.method: ignore
ipv6.dns:
ipv6.dns-search:
ipv6.addresses:
ipv6.gateway: --
ipv6.routes:
ipv6.route-metric: -1
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: 0 (disabled)
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
vpn.service-type:
org.freedesktop.NetworkManager.openvpn
vpn.user-name: --
vpn.data: $cmdline
vpn.secrets: <hidden>
vpn.persistent: no
GENERAL.NAME: $VPN
GENERAL.UUID: b210995e-b03d-4f35-882c
-523fcf3fe264
GENERAL.DEVICES: br0
GENERAL.STATE: activated
GENERAL.DEFAULT: no
GENERAL.DEFAULT6: no
GENERAL.VPN: yes
GENERAL.ZONE: --
GENERAL.DBUS-PATH:
/org/freedesktop/NetworkManager/ActiveConnection/12
GENERAL.CON-PATH:
/org/freedesktop/NetworkManager/Settings/4
GENERAL.SPEC-OBJECT:
/org/freedesktop/NetworkManager/ActiveConnection/0
GENERAL.MASTER-PATH:
/org/freedesktop/NetworkManager/Devices/1
IP4.ADDRESS[1]: 10.163.0.87/32
IP4.GATEWAY: 10.163.0.1
IP4.ROUTE[1]: dst = 10.163.0.0/21, nh =
10.163.0.1, mt = 50
IP4.ROUTE[2]: dst = 10.0.0.0/8, nh =
10.163.0.1, mt = 50
IP4.ROUTE[3]: dst = 149.44.0.0/16, nh =
10.163.0.1, mt = 50
IP4.ROUTE[4]: dst = 147.2.0.0/16, nh =
10.163.0.1, mt = 50
IP4.ROUTE[5]: dst = 164.99.0.0/16, nh =
10.163.0.1, mt = 50
IP4.ROUTE[6]: dst = 137.65.0.0/16, nh =
10.163.0.1, mt = 50
IP4.ROUTE[7]: dst = 151.155.128.0/17, nh =
10.163.0.1, mt = 50
IP4.DNS[1]: 10.160.0.1
IP4.DNS[2]: 10.160.2.88
IP4.DOMAIN[1]: $domain
IP6.ADDRESS[1]:
2620:113:80c0:8100:10:163:0:87/64
IP6.GATEWAY:
IP6.ROUTE[1]: dst =
2620:113:80c0:8000::/50, nh = 2620:113:80c0:8100:10:163:0:2, mt = 50
VPN.TYPE: openvpn
VPN.USERNAME: $user
VPN.GATEWAY: $gate
VPN.BANNER:
VPN.VPN-STATE: 5 - VPN connected
VPN.CFG[1]: $ta
VPN.CFG[2]: $key
VPN.CFG[3]: $ca
VPN.CFG[4]: $cert
VPN.CFG[5]: username = $user
VPN.CFG[6]: dev-type = tun
VPN.CFG[7]: cert-pass-flags = 2
VPN.CFG[8]: comp-lzo = yes
VPN.CFG[9]: cipher = AES-256-CBC
VPN.CFG[10]: remote = $gate
VPN.CFG[11]: password-flags = 2
VPN.CFG[12]: auth = SHA512
VPN.CFG[13]: connection-type = password
-tls
VPN.CFG[14]: ta-dir = 1
ip addr
ip route
Not easily, and this misses ipv6: ip -6 a|r s
Olaf
_______________________________________________
networkmanager-list mailing list
networkmanager-list gnome org
https://mail.gnome.org/mailman/listinfo/networkmanager-list
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]