Re: VPN reconnect

On Thu, 2018-03-08 at 22:16 +0100, Thomas Haller wrote:


I think on recent versions it should work mostly similar. On the other
hand, 1.2 is really old. It would be better to start testing on master,
fixing it there, and then see what it needs to get it working on older

Yeah. In fact I'm stuck with an even older version of NetworkManager
than the latest for Ubuntu 16.04 because all the latest packages have a
regression — they *used* to make all VPN DNS traffic go to the VPN, but
if I let it update then some of the DNS traffic escapes to the local
nameservers on my network.

This requirement that NM needs to add a route for the external gateway
is quite annoying. I wish there would be a special route type that
says, "do not ever route to destination $EXT_GW/32 via this interface,
and continue route-lookup". There are route types like "throw", but
that is only for policy routing and not really a nice solution. The
advantage is, that the NetworkManager can add this route to the VPN
device, instead of searching for some underlying device where it thinks
the gateway is reachable.

In my case it seems to think the gateway is reachable over 'vpn0'.
Which it thinks is a separate connection from 'My VPN'. I wonder if
that isn't helping...

$ nmcli con
NAME                             UUID                                  TYPE             DEVICE    
My VPN                           bda8e791-d172-491d-b41e-35aa8a26fb3d  vpn              vpn0      
Wired connection 1               2415d366-c770-4fd1-9f5a-403e417998af  802-3-ethernet   enp0s31f6 
virbr0                           491c2da0-a8b2-4a8f-8e88-9ad0ea56f282  bridge           virbr0    
vpn0                             ddacf9cb-0ea3-4317-8488-2f9ed0888c3a  tun              vpn0      

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]