Re: openvpn.conf working on the CLI and with systemd but not with NM: wrong IPv6 setting when configuring the tun interface?
- From: Samuel Le Thiec <sltrash posteo net>
- To: networkmanager-list gnome org
- Subject: Re: openvpn.conf working on the CLI and with systemd but not with NM: wrong IPv6 setting when configuring the tun interface?
- Date: Tue, 01 Jun 2021 21:52:42 +0000
Hello again:)
I don't know why this would be needed, but I noticed this can be worked around by pushing the route towards the server-ipv6 subnet from the openvpn server, with the directive:
push "route-ipv6 2001:bc8:3d1d:1337::/64"
I can totally live with that, but is it the expected behaviour? If so, why does it differ from starting openvpn manually from the cli or even as a systemd openvpn-client@.service?
Thanks in advance!
samuel
On Tue, 2021-06-01 at 13:27 +0000, Samuel Le Thiec via networkmanager-list wrote:
Note: sorry for the potential duplicate email, I sent it before & after having registered to the list!
Hello all,
I have a working openvpn config (see below) which I can't get to fully work with Network
Manager: the private IPv6 network is not accessible when connecting to the VPN with NM(*).
Here is what I get for tun0 when connecting with NM:
--------
$ ip a l tun0
17: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN
group default qlen 500
link/none
inet 10.66.6.4/24 brd 10.66.6.255 scope global noprefixroute tun0
valid_lft forever preferred_lft forever
inet6 2001:bc8:3d1d:1337::1002 peer 2001:bc8:3d1d:1337::1/64 scope global
noprefixroute
valid_lft forever preferred_lft forever
--------
When connecting with systemd or via the command line (sudo openvpn --config vpn.conf) :
--------
$ ip a l tun0
14: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN
group default qlen 500
link/none
inet 10.66.6.4/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 2001:bc8:3d1d:1337::1002/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::24b7:bb72:a319:252d/64 scope link stable-privacy
valid_lft forever preferred_lft forever
--------
→ Note the scope global inet6 differences above: peer vs subnet
(*) In order to avoid having all my trafic routed through the vpn, I did check "Use this
connection only for resources on its network" for IPv4 & IPv6.
Is there a way to make Network Manager behave like openvpn --config vpn.conf?
Here is additionnal informations:
--------
$ nmcli device show tun0
GENERAL.DEVICE: tun0
GENERAL.TYPE: tun
GENERAL.HWADDR: (unknown)
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected (externally))
GENERAL.CONNECTION: tun0
GENERAL.CON-PATH:
/org/freedesktop/NetworkManager/ActiveConnection/27
IP4.ADDRESS[1]: 10.66.6.4/24
IP4.GATEWAY: --
IP4.ROUTE[1]: dst = 10.66.6.0/24, nh = 0.0.0.0, mt = 50
IP6.ADDRESS[1]: 2001:bc8:3d1d:1337::1002/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = 2001:bc8:3d1d:1337::1/128, nh = ::, mt = 256
IP6.ROUTE[2]: dst = 2001:bc8:3d1d:1337::1002/128, nh = ::, mt =
50
IP6.ROUTE[3]: dst = 2001:bc8:3d1d:1337::1/128, nh = ::, mt = 50
--------
And the openvpn client config I imported from NM (minus the certs&keys):
| client
| dev tun
| # try standard port first
| remote hub.nsoc.fr
| remote hub.nsoc.fr 53
| ping 25
| ping-restart 120
| persist-key
| persist-tun
| tls-version-min 1.3
| remote-cert-tls server
| mute-replay-warnings
|
| askpass
| verb 3
|
| <ca></ca>
| <cert></cert>
| <key></key>
| <tls-crypt-v2></tls-crypt-v2>
Thank you in advance!
Samuel
_______________________________________________
networkmanager-list mailing list
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]