On Thu, 2007-12-06 at 09:25 +0000, Jon Escombe wrote: > Casey Harkins wrote: > >> Also, I'm not getting a route added for the VPN subnet. > > > > Are you talking about the "Only use VPN connection for these > > addresses" option, or it's not setting your default route to your TAP > > device? > > I'll provide some examples to be clearer. I'm not using the "only use > for local addresses" option, and am connecting back to my VPN over a > UMTS link (as I can't connect from inside my own network). > > -- So, when I'm inside my network I get a routing table like this: > > # ip route > 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.175 > default via 192.168.1.1 dev wlan0 > > -- And when I've made the UMTS connection to the internet it's like this: > > # ip route > default dev ppp0 scope link > > at this point using wvdial instead of NM would give me an additional > route for the ppp connection - but I don't think it's relevant - > 10.x.x.64 dev ppp0 proto kernel scope link src 10.x.x.192 > > -- Running openvpn from the command line gives me this: > > # ip route > 192.168.1.0/24 dev tap0 proto kernel scope link src 192.168.1.75 > default dev ppp0 scope link > > which sets up the local subnet access, but doesn't route other traffic > through the VPN tunnel. I see an error about not being able to determine > the local gateway (NOTE: unable to redirect default gateway -- Cannot > read current default gateway from system) which may be something to do > with the UMTS connection - would need to confirm that from another location. > > -- Initiating the openvpn connection through NM gives me this: > > # ip route > default dev tap0 scope link > > so it changes the default route from ppp0 to tap0, but doesn't retain a > specific route to the VPN server over ppp0 - so the tunnel stalls. Also > doesn't add a gateway (however - this may be related to the problem above).
With vpnc this definitely isn't a problem; that's what the "gateway" address bits are for. NM will ensure that there is always a route to the VPN server via the connected interface. That's how it should work in openvpn too, but maybe openvpn plugin isn't setting the right bits in NMIP4Config? Dan > -- And my 'usual' config where I run openvpn from the command line and > them set up the routes manually is > > # ip route > 82.x.x.174 dev ppp0 scope link > 192.168.1.0/24 dev tap0 proto kernel scope link src 192.168.1.95 > default via 192.168.1.1 dev tap0 > > Hope that makes sense and is some help, I can provide sanitised versions > of my openvpn config files too if you want? > > Regards, > Jon > _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
