On Mon, 2017-01-23 at 23:34 +0900, Tomasz Chmielewski wrote: > I have a VPN server which uses "push route..." options to push > specific > routes to the clients: > > # testing1 > push "route 10.11.0.0 255.255.255.0" > > # testing2 > push "route 10.12.0.0 255.255.255.0" > > # testing3 > push "route 10.13.1.0 255.255.255.0" > > > The same config file works correctly with command line openvpn on > Linux > (openvpn --config some.conf), with OpenVPN client for Windows, with > OpenVPN client for Mac (TunnelBlick), with OpenVPN clients for > Android > and iOS - the routes are pushed to the clients. However, it does not > work when the config is imported via NetworkManager (used version > 1.2.6 > on Ubuntu 16.10, but also tried several earlier Ubuntu versions, to > no > avail). > > > To reproduce: > > case 1) in NM, import a openvpn config file where the server uses > "push > route..." option, but is *not* a default gateway (i.e. no "push > redirect-gateway..." on the server). > > Expected result: config file is imported, when we initiate the > connection via NM, the routes pushed by the server are applied on > the > client > > Real result: NM routes *all* traffic through the established > connection. > There is no connectivity anywhere anymore (device is "offlined"). > > > > case 2) in NM, import a openvpn config file where the server uses > "push > route..." option, but is *not* a default gateway (i.e. no "push > redirect-gateway..." on the server). > Additionally, in IPv4 settings -> Routes for this OpenVPN config, we > select "Use this connection only for resources on its network". > > Expected result: config file is imported, when we initiate the > connection via NM, the routes pushed by the server are applied on > the > client > > Real result: routes pushed by the server are not applied on the > client. > > > > Please advise how to use NetworkManager for OpenVPN servers which > are > not default gateways and which push their own routes. >
Hi, whether the VPN gets the default route, depends on the (inverse) "ipv4.never-default" setting. See `nmcli connection show "$MY_VPN"` Try to enable debug-logging of the VPN server: sudo nmcli logging general level TRACE domains ALL:VPN_PLUGIN (you need to re-activate the VPN connection for the change to take effect). (don't send the logfile with VPN_PLUGIN domain enabled, because it might contain private data) The "import" step is entirely separate from the later activation handling. That is, during import, the ovpn file is transformed to a NetworkManager connection profile. Whether you import a ovpn or click it manually makes no difference for the activation. Of course, it would be interesting *what* you actually import, and how NM's connection profile looks after the import step. best, Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
