Jon Escombe wrote: > ----- "Casey Harkins" <[EMAIL PROTECTED]> wrote: > >> I don't think openvpn should be trying to setup routes unless specific >> options are being passed (--route, --route-gateway), but I could be >> wrong. Either way, there's no harm in passing that option. >> > > Could be, my gateway etc is pushed from the server options so that might be > enough to prompt it. Here it sets up a specific route to the vpn server, and > then sets up the default route via the gateway address I'm pushing (see > below). I've added the --route-noexec option to nm-openvpn-service and that > definitely stops all three 'ip route' commands. NM at this point correctly > sets up the route to the vpn server, and changes the default route - just > doesn't include the remote gateway.. >
So, lets do this symbolically rather than with IP addressed: VPN_SERVER: public ip of vpn server This appears to be called "gateway" in vpnc and "remote" in openvpn. NM needs to establish a route to this ip over the underlying network connection. For openvpn, this ip is also returned in the "trusted_ip" env var and getting passed back to NM as the IP_CONFIG_GATEWAY. VPN_GATEWAY: gateway for vpn routed traffic This is what the vpn server is returning for a gateway for the vpn'ed traffic. This is in the "route_vpn_gateway" for openvpn, but is not being handled currently. For vpnc, it looks like this is "VPNGATEWAY" and is getting passed back to NM as the IP4_CONFIG_GATEWAY. NM should be using this as the gateway for the default route (if all traffic is going to be routed over the vpn). What I'm seeing is that NM is using IP4_CONFIG_GATEWAY to maintain a route to the vpn server, and not specifying a gateway for the default route. I presume this needs to be changed and we either need an additional IP4_CONFIG variable for specifying the VPN_SERVER or vpn plugins need to push a route to the VPN_SERVER to NM. Does this make sense? -casey _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
