Re: Static Routes for VPN

From: Xen <list xenhideout nl>
To: Networkmanager list <networkmanager-list gnome org>
Subject: Re: Static Routes for VPN
Date: Thu, 06 Oct 2016 00:03:03 +0200

Greg Oliver schreef op 05-10-2016 22:55:

The easiest is if your server pushes them with push.


You are absolutely correct - and I do that for our company.  Other
companies that we are partners with where our engineers log into their
networks do not like it when they push default routes on us though.
It is much more convenient to say 10.0.0.0/8 [1] is all I want to
reach on this connection (leave my default route alone).  This in the
past was achievable with NM-gui - at some point, it has been stripped
out.  I did not go to F24 until recently and I honestly do not
remember the version I was on prior, but it worked using tun0/ppp0,
etc as gateways - and therefore applied routing the way I wanted.

Just looking for the proper way to do that today.

Just saying that a pushed route doesn't have to be a default route. Thisis a simple static route pushed to a client:


push "route 192.168.20.0 255.255.255.0"

I must say I really have no clue about NM at present; but in the past Iachieved it with a script.

Eventually I migrated to NM and at some point I must have deleted thescripts so I do not have them handy.

In the version I am using (the KDE version) I can simply edit staticroutes. Oh yes, I believe I just ran.. wait, you want a static route tothe gateway? So you don't have a VPN route yet? Either you can reach thegateway directly using your ordinary routes or you are doing somethingstrange? You need a route to the internal subnet, right? Oh, so youdon't know the VPN you are connecting to in advance.

You can always ..baah, I may have thrown away my scripts. You can alwaysput a script in /etc/NetworkManager/dispatcher.d that will check whetherthe interface is tun0 ($1) and the action is up (or vpn-up, don't knowif that works) ($2) and then feeding that to ip route:


ip addr show $1 | grep "inet " | awk '{print $2}'

[ "$1" == "tun0" ] && { [ "$2" == "up" ] || [ "$2" == "vpn-up" ]; } && {
    ip=$(ip addr show $1 | grep "inet " | awk '{print $2}')
    subnet=${ip%.*/*}.0/24
    ip route add $subnet via $ip dev $1
}

Or your other, better way of doing things ;-).

But I'm not sure what else. Regards.

References:
- Static Routes for VPN
  - From: Greg Oliver
- Re: Static Routes for VPN
  - From: Xen
- Re: Static Routes for VPN
  - From: Greg Oliver

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]