Re: OpenVPN and avoiding default route





On 2016-11-28 18:13, Anders Blomdell wrote:


On 2016-11-28 14:21, Anders Blomdell wrote:


On 2016-11-25 18:42, Thomas Haller wrote:
On Fri, 2016-11-25 at 17:08 +0100, Anders Blomdell wrote:
Would it make sense to let the OpenVPN server disable default-routing 
in network manager, for instance
by checking if a 'push "route-gateway x.y.z.w"' has been done from
the server?

I mean something like this, (nm-openvpn-service-openvpn-helper.c):

        /* Internal VPN subnet gateway */
   tmp = getenv ("route_vpn_gateway");
   if (tmp == NULL) {
           val = g_variant_new_boolean (TRUE);
           g_variant_builder_add (&ip4builder, "{sv}",
NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, val);
   }

Hi,

This sounds like RFE https://bugzilla.gnome.org/show_bug.cgi?id=762911
Indeed it does, further investigation indicates that openvpn has to be modified
to propagate redirect-gateway/redirect-private to the up-script. Will try to look
into this and add my findings to the RFE.
First attempt of OpenVPN pull request in the RFE.
NetworkManager should probably be modified to parse "redirect-gateway/redirect-private"
while importing .ovpn files, pointer to the code that does this would be appreciated.
I have started to look into the config parsing and settings handling, is it an intended
behavior that NetworkManager brings up the IPv6/IPv4 that OpenVPN provides, regardless of
the state of the GUI 'IPv4/IPv6 On/Off' settings?

/Anders

-- 
Anders Blomdell                  Email: anders blomdell control lth se
Department of Automatic Control
Lund University                  Phone:    +46 46 222 4625
P.O. Box 118                     Fax:      +46 46 138118
SE-221 00 Lund, Sweden



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]