On Fri, 2016-02-05 at 09:01 +0100, Olaf Hering wrote:
The openvpn connection I have been using for months just gained support for ipv6. A few months ago I already set ipv6 to "Disabled" in the IPv6 tab of nm-connection-editor 1.0.8. But when the tunnel is established NM applies the settings received from the peer anyway.
There exists no ipv6 method "Disabled" until now. What exists is "Ignore" which means, NM leaves it all to the kernel.
I also tried to apply just the addresses, ignore the received routes. Whatever happens, all ipv6 traffic goes through the tunnel as a result. Why does NM ignore the knobs? It calls openvpn like that: /usr/sbin/openvpn --remote $host 443 tcp --comp-lzo --nobind --dev tun --dev-type tun --cipher AES-256-CBC --auth SHA512 --auth-nocache --tls-auth $key 1 --reneg-sec 0 --syslog nm-openvpn --script-security 2 --up /usr/lib/nm-openvpn-service-openvpn-helper --tun -- --up-restart --persist-key --persist-tun --management /var/run/NetworkManager/nm-openvpn-05c972e7-1f61-4bca- a5a0-c6b0ed7b44a6 unix --management-client-user root --management-client-group root --management-query-passwords --auth-retry interact --route-noexec --ifconfig-noexec --client --ca $crt --cert $crt --key $key --auth-user-pass --user nm-openvpn --group nm-openvpn Does openvpn do all the address assignment by itself?
The vpn service reports the addresses/routes back to NetworkManager, and NetworkManager does configuration according to the connection's configuration + the stuff reported from the VPN service. Can you show nmcli connection show $CONNECTION_ID ip addr ip route Thanks, Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part