Re: OpenVPN and avoiding default route

[Anders Blomdell <anders blomdell control lth se>]

On 2016-11-29 15:40, Thomas Haller wrote:
> On Tue, 2016-11-29 at 15:03 +0100, Anders Blomdell wrote:
>
> > > First attempt of OpenVPN pull request in the RFE.
> > > NetworkManager should probably be modified to parse "redirect-
> > > gateway/redirect-private"
> > > while importing .ovpn files, pointer to the code that does this
> > > would be appreciated.
> >
> > I have started to look into the config parsing and settings handling,
> > is it an intended
> > behavior that NetworkManager brings up the IPv6/IPv4 that OpenVPN
> > provides, regardless of
> > the state of the GUI 'IPv4/IPv6 On/Off' settings?
>
>
> Hi Anders,
>
> I would expect, that if the connection has IPvX disabled, that NM
> doesn't configure any IPvX addresses, regardless of what it received
> from the server. If that is different, it sounds like a bug.
It enables everything it gets from the server, I also consider it a bug,
hence the question.

> The logic for that is entirely in the server (NMVpnConnection). The
> plugin collets the data from the environment and sends it back to the
> server. There, NMVpnConnection merges the event data with other
> configuration (from NMConnection).
So it's not nm-openvpn-service-openvpn-helper.c that should check On/Off
(as given by method=disabled (IPv4)/method=ignore (IPv6) in
/etc/NetworkManager/system-connections/some_vpnconf)?

> Not sure I understand your question though...
And I'm not quite clear of the architecture/order of events yet, so please bear with me...

/Anders
-- 
Anders Blomdell                  Email: anders blomdell control lth se
Department of Automatic Control
Lund University                  Phone:    +46 46 222 4625
P.O. Box 118                     Fax:      +46 46 138118
SE-221 00 Lund, Sweden