Re: OpenVPN and avoiding default route

From: Thomas Haller <thaller redhat com>
To: Anders Blomdell <anders blomdell control lth se>, networkmanager-list gnome org
Subject: Re: OpenVPN and avoiding default route
Date: Tue, 29 Nov 2016 18:09:07 +0100

Hi,


On Tue, 2016-11-29 at 17:48 +0100, Anders Blomdell wrote:

On 2016-11-29 15:40, Thomas Haller wrote:

On Tue, 2016-11-29 at 15:03 +0100, Anders Blomdell wrote:

First attempt of OpenVPN pull request in the RFE.
NetworkManager should probably be modified to parse "redirect-
gateway/redirect-private"
while importing .ovpn files, pointer to the code that does this
would be appreciated.


I have started to look into the config parsing and settings
handling,
is it an intended
behavior that NetworkManager brings up the IPv6/IPv4 that OpenVPN
provides, regardless of
the state of the GUI 'IPv4/IPv6 On/Off' settings?



Hi Anders,

I would expect, that if the connection has IPvX disabled, that NM
doesn't configure any IPvX addresses, regardless of what it
received
from the server. If that is different, it sounds like a bug.


It enables everything it gets from the server, I also consider it a
bug,
hence the question.

The logic for that is entirely in the server (NMVpnConnection). The
plugin collets the data from the environment and sends it back to
the
server. There, NMVpnConnection merges the event data with other
configuration (from NMConnection).


So it's not nm-openvpn-service-openvpn-helper.c that should check
On/Off
(as given by method=disabled (IPv4)/method=ignore (IPv6) in
/etc/NetworkManager/system-connections/some_vpnconf)?


Correct. Because nm-openvpn-service-openvpn-helper doesn't even have
the connection to know that the configuration is disabled.



NM spawns nm-openvpn-service and sends it the current NMConnection via
D-Bus. Based on that, nm-openvpn-service spawns openvpn with some
arguments.

Eventually, the openvpn process connects and calls back to nm-openvpn-
service-openvpn-helper. That one gathers information from argv and the
environment variables, and sends the via D-Bus back to nm-openvpn-
service (SetConfig call).
nm-openvpn-service then emits a "Config" signal, which is received by
NetworkManager core... ending up in nm_vpn_connection_config_get().

Then, NM goes through the config that it received and applies it, such
as IP addresses. It especially should thereby also consider the
configuration in the corresponding NMConnection.


Thomas

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- OpenVPN and avoiding default route
  - From: Anders Blomdell
- Re: OpenVPN and avoiding default route
  - From: Thomas Haller
- Re: OpenVPN and avoiding default route
  - From: Anders Blomdell
- Re: OpenVPN and avoiding default route
  - From: Anders Blomdell
- Re: OpenVPN and avoiding default route
  - From: Anders Blomdell
- Re: OpenVPN and avoiding default route
  - From: Thomas Haller
- Re: OpenVPN and avoiding default route
  - From: Anders Blomdell

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]