Casey Harkins wrote:
>> Also, I'm not getting a route added for the VPN subnet.
>
> Are you talking about the "Only use VPN connection for these 
> addresses" option, or it's not setting your default route to your TAP 
> device?

I'll provide some examples to be clearer. I'm not using the "only use 
for local addresses" option, and am connecting back to my VPN over a 
UMTS link (as I can't connect from inside my own network).

-- So, when I'm inside my network I get a routing table like this:

# ip route
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.175
default via 192.168.1.1 dev wlan0

-- And when I've made the UMTS connection to the internet it's like this:

# ip route
default dev ppp0  scope link

at this point using wvdial instead of NM would give me an additional 
route for the ppp connection -  but I don't think it's relevant -
10.x.x.64 dev ppp0  proto kernel  scope link  src 10.x.x.192

-- Running openvpn from the command line gives me this:

# ip route
192.168.1.0/24 dev tap0  proto kernel  scope link  src 192.168.1.75
default dev ppp0  scope link

which sets up the local subnet access, but doesn't route other traffic 
through the VPN tunnel. I see an error about not being able to determine 
the local gateway (NOTE: unable to redirect default gateway -- Cannot 
read current default gateway from system) which may be something to do 
with the UMTS connection - would need to confirm that from another location.

-- Initiating the openvpn connection through NM gives me this:

# ip route
default dev tap0  scope link

so it changes the default route from ppp0 to tap0, but doesn't retain a 
specific route to the VPN server over ppp0 - so the tunnel stalls. Also 
doesn't add a gateway (however - this may be related to the problem above).

-- And my 'usual' config where I run openvpn from the command line and 
them set up the routes manually is

# ip route
82.x.x.174 dev ppp0  scope link
192.168.1.0/24 dev tap0  proto kernel  scope link  src 192.168.1.95
default via 192.168.1.1 dev tap0

Hope that makes sense and is some help, I can provide sanitised versions 
of my openvpn config files too if you want?

Regards,
Jon

_______________________________________________
NetworkManager-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to