Re: unable to use openvpn server which uses "push route..."

[Anders Blomdell <anders blomdell control lth se>]

On 2017-01-24 01:55, Tomasz Chmielewski wrote:
> On 2017-01-24 03:05, Thomas Haller wrote:
>
> > > Please advise how to use NetworkManager for OpenVPN servers which
> > > are 
> > > not default gateways and which push their own routes.
> >
> > whether the VPN gets the default route, depends on the (inverse)
> > "ipv4.never-default" setting. See `nmcli connection show "$MY_VPN"`
>
> Why does NM attempt to set a default route for a OpenVPN connection where the OpenVPN server does not 
> advertise itself as a default route? It would
> almost never work, and sounds like a bug to me.
>
> Anyway, with "Use this connection only for resources on its network" set:
>
> # nmcli connection show $MY_VPN|grep never-default
> ipv4.never-default:                     yes
> ipv6.never-default:                     no
>
>
> It no longer sets the connection as a default route.
>
>
> > Try to enable debug-logging of the VPN server:
> >
> >   sudo nmcli logging general level TRACE domains ALL:VPN_PLUGIN
>
> # nmcli logging general level TRACE domains ALL:VPN_PLUGIN
> Error: Object 'logging' is unknown, try 'nmcli help'.
> # nmcli general logging level TRACE domains ALL:VPN_PLUGIN
> Error: failed to set logging: Unknown log level 'VPN_PLUGIN'
>
> So in the end I came up with this one:
>
> # nmcli general logging level TRACE domains VPN
>
> And it helped me debug this - thanks!

The main problem is that OpenVPN does not export if the route is intended
as a default-route to the --up script, hence NetworkManager can't deduce what it should do.
I submitted a pull request a few months ago, but haven't got any response yet:

  https://github.com/OpenVPN/openvpn/pull/69

/Anders Blomdell
-- 
Anders Blomdell                  Email: anders blomdell control lth se
Department of Automatic Control
Lund University                  Phone:    +46 46 222 4625
P.O. Box 118                     Fax:      +46 46 138118
SE-221 00 Lund, Sweden