Hi, Thanks for clarification. Although I am little puzzled with NMs view of "best-device". That's definitely not the default gateway in many cases. Yes the case I described is not so widely (vpn over vpn) spread but in my lab I am using VPNs with similar routing all the time. Fortunately till now I havent tried to use NM for managing these VPN connections. And now I know why I shouldn't even try it.
As for your suggestion: How can I specify a route in format: 10.87.2.207 dev vpn0 proto static scope link src 10.144.204.217 ? To me it seems NM expects next-hop IP address in manual routes specification. And in my case I cant know this in advance (this is corporate VPN and I can land on any of dozens entry points). Jeka On Mon, Aug 15, 2016 at 7:46 PM Thomas Haller <thal...@redhat.com> wrote: > On Sun, 2016-08-14 at 17:44 +0000, Jetchko Jekov wrote: > > Hi guys, > > > > I have following problem: > > I am trying to setup openvpn connection to VPN server accessible not > > via default gateway. > > Wnen NM configures vpn connection it sets the route to VPN server's > > IP address wrongly via default gateway. > > Here is an example: > > - before activating VPN connection my routing table looks like this: > > > > default via 192.168.13.1 dev br0 proto static metric 425 > > 10.0.0.0/8 dev vpn0 proto kernel scope link src 10.144.204.250 > > metric 50 > > 10.39.49.28 dev vpn0 proto static scope link src 10.144.204.250 > > metric 425 > > 172.21.0.0/24 dev virbr0 proto kernel scope link src 172.21.0.1 > > linkdown > > 192.168.13.0/24 dev br0 proto kernel scope link src 192.168.13.11 > > metric 425 > > 194.251.119.216 via 192.168.13.1 dev br0 proto static metric 425 > > > > (yes, the vpn I am trying to connect to is accessible via another vpn > > (split-vpn) connection established in advance, but I guess this > > doesn't matter) > > > > Now, when I activate openvpn connection to server with address > > 192.167.3.254 accessible via http proxy at 10.39.49.28, > > and after successful connection my routing table look like this: > > > > default via 192.168.13.1 dev br0 proto static metric 425 > > 10.0.0.0/8 dev vpn0 proto kernel scope link src 10.144.204.250 > > metric 50 > > 10.39.49.28 via 192.168.13.1 dev br0 proto static metric 425 > > 172.21.0.0/24 dev virbr0 proto kernel scope link src 172.21.0.1 > > linkdown > > 192.167.0.0/16 via 192.167.15.1 dev tun0 proto static metric 50 > > 192.167.15.0/24 dev tun0 proto kernel scope link src 192.167.15.66 > > metric 50 > > 192.168.13.0/24 dev br0 proto kernel scope link src 192.168.13.11 > > metric 425 > > 194.251.119.216 via 192.168.13.1 dev br0 proto static metric 425 > > > > The problem is 3rd line. I have no idea why NM sets route this wrong > > way. > > If correct this route manually to > > 10.39.49.28 dev vpn0 proto static scope link src 10.144.204.250 > > metric 425 > > everything works as expected > > > > The question is: Have I missconfigured something on my end or NM (or > > openvpn plugin) is broken in this regard. > > > > hi, > > > NM always associates a VPN connection with the "best-device", that is > the device which currently has the default-route. And then it adds a > direct route to the external gateway via that device. That is a current > short-coming of NM, as it breaks down in your case. > > (there is no concrete plan how to fix that yet). > > How about you add a manual route to 10.39.49.28 to vpn0 with a metric > lower then 425? > > > Thomas
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list