On Thu, 2018-03-08 at 22:16 +0100, Thomas Haller wrote:
Hi, I think on recent versions it should work mostly similar. On the other hand, 1.2 is really old. It would be better to start testing on master, fixing it there, and then see what it needs to get it working on older versions.
Yeah. In fact I'm stuck with an even older version of NetworkManager than the latest for Ubuntu 16.04 because all the latest packages have a regression — they *used* to make all VPN DNS traffic go to the VPN, but if I let it update then some of the DNS traffic escapes to the local nameservers on my network.
This requirement that NM needs to add a route for the external gateway is quite annoying. I wish there would be a special route type that says, "do not ever route to destination $EXT_GW/32 via this interface, and continue route-lookup". There are route types like "throw", but that is only for policy routing and not really a nice solution. The advantage is, that the NetworkManager can add this route to the VPN device, instead of searching for some underlying device where it thinks the gateway is reachable.
In my case it seems to think the gateway is reachable over 'vpn0'. Which it thinks is a separate connection from 'My VPN'. I wonder if that isn't helping... $ nmcli con NAME UUID TYPE DEVICE My VPN bda8e791-d172-491d-b41e-35aa8a26fb3d vpn vpn0 Wired connection 1 2415d366-c770-4fd1-9f5a-403e417998af 802-3-ethernet enp0s31f6 virbr0 491c2da0-a8b2-4a8f-8e88-9ad0ea56f282 bridge virbr0 vpn0 ddacf9cb-0ea3-4317-8488-2f9ed0888c3a tun vpn0
Attachment:
smime.p7s
Description: S/MIME cryptographic signature