On Tue, 2017-01-24 at 09:55 +0900, Tomasz Chmielewski wrote: > On 2017-01-24 03:05, Thomas Haller wrote: > > > > Please advise how to use NetworkManager for OpenVPN servers which > > > are > > > not default gateways and which push their own routes. > > > > whether the VPN gets the default route, depends on the (inverse) > > "ipv4.never-default" setting. See `nmcli connection show "$MY_VPN"` > > Why does NM attempt to set a default route for a OpenVPN connection > where the OpenVPN server does not advertise itself as a default > route? > It would almost never work, and sounds like a bug to me.
in many common setups, the VPN gateway will forward whatever packets you send it. I don't agree that "would almost never work" is accurate. Whether the default-route is routed along the VPN should be primarily configured client-side (NetworkManager). Optimally, ip4.never-default would support a 3rd value ~server-choice~, beside "yes" and "no". To allow the server to override it. This is a missing feature. > Anyway, with "Use this connection only for resources on its network" > set: > > # nmcli connection show $MY_VPN|grep never-default > ipv4.never-default: yes > ipv6.never-default: no > > > It no longer sets the connection as a default route. > > > > Try to enable debug-logging of the VPN server: > > > > sudo nmcli logging general level TRACE domains ALL:VPN_PLUGIN > > # nmcli logging general level TRACE domains ALL:VPN_PLUGIN > Error: Object 'logging' is unknown, try 'nmcli help'. ah, right. Typo > # nmcli general logging level TRACE domains ALL:VPN_PLUGIN > Error: failed to set logging: Unknown log level 'VPN_PLUGIN' > > So in the end I came up with this one: > > # nmcli general logging level TRACE domains VPN Another typo. sorry. Should be: sudo nmcli general logging level TRACE domains ALL,VPN_PLUGIN It should be "VPN_PLUGIN". This enables debug logging for the VPN service itself (openvpn). Contrary to the "VPN" logging domain, which is VPN related logging inside NetworkManager. If "VPN_PLUGIN" is unrecognized, your NM version is too old for it. In that case, you would need to follow https://wiki.gnome.org/Projects/NetworkManager/Debugging#Debugging_NetworkManager-openvpn to get debugging logs from the VPN service itself. > And it helped me debug this - thanks! cool Best, Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
