On Thu, 2013-08-22 at 21:39 +0200, Nicolas Iooss wrote: > 2013/8/21 Dan Winship > > > On 08/19/2013 12:47 PM, Nicolas Iooss wrote: > > > The patches are working well in my testing environment with > > > NetworkManager 0.9.8 but with the development revision I've got few > > > issues such as https://bugzilla.gnome.org/show_bug.cgi?id=706286. Now NM > > > crashes on a segmentation fault > > > at > > http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/nm-policy.c#n788as > > > nm_vpn_connection_get_ip6_internal_gateway returns NULL for my VPN > > > > Right. Does the attached patch fix it? > > > > Your patch fixed the segmentation fault but now NetworkManager sets up a > default route via the VPN even if the OpenVPN server has not pushed any.
Unfortunately we cannot rely on administrators always pushing a default route if the VPN can actually route all traffic. What we *could* do is the same thing that openconnect and vpnc do, which is that if any other routes are pushed to the client, then nm-openvpn-service-openvpn-helper sets the NEVER_DEFAULT flag which prevents the tunnel from claiming the default route in NetworkManager. The problem you're going to run into is that the NM-openvpn plugin doesn't yet support IPv6, because last time some patches got proposed, openvpn didn't have full IPv6 support and didn't pass back the necessary stuff to the helper script :( That may have changed? Dan > More precisely, with NetworkManager OpenVPN plugin, "ip -6 route" shows > "default dev tun0 proto static metric 1024" whereas executing openvpn in > command line doesn't add this default route. Moreover this route doesn't > work as the next hop needs to be defined to be able to route packets in an > OpenVPN tunnel. To fix this behavior, I opened a bug a few days ago which > makes get_best_ip6_config no longer returns VPN connections which don't > have any internal gateway : > https://bugzilla.gnome.org/show_bug.cgi?id=706332. > > In fact I don't know how to make an OpenVPN server route the IPv6 internet > but by pushing to clients a route to 2000::/3 as described on > http://tomsalmon.eu/2013/04/openvpn-ipv6-with-tun-device/ (last line of the > config file), as there is no IPv6 equivalent of OpenVPN setting > "route_vpn_gateway" (which is what NM uses as IPv4 internal gateway). This > is why I think that a VPN plugin which doesn't set the "IPv6 internal > gateway" connection parameter shouldn't be considered as a connection > providing a default route to the Internet (and this is what I implemented > in the patch for bug #706332). > > Nicolas > _______________________________________________ > networkmanager-list mailing list > networkmanager-list@gnome.org > https://mail.gnome.org/mailman/listinfo/networkmanager-list _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list