Hello again:) I don't know why this would be needed, but I noticed this can be worked around by pushing the route towards the server-ipv6 subnet from the openvpn server, with the directive:
push "route-ipv6 2001:bc8:3d1d:1337::/64" I can totally live with that, but is it the expected behaviour? If so, why does it differ from starting openvpn manually from the cli or even as a systemd openvpn-client@.service? Thanks in advance! samuel On Tue, 2021-06-01 at 13:27 +0000, Samuel Le Thiec via networkmanager-list wrote: > Note: sorry for the potential duplicate email, I sent it before & after having > registered to the list! > > Hello all, > > I have a working openvpn config (see below) which I can't get to fully work > with Network > Manager: the private IPv6 network is not accessible when connecting to the > VPN with > NM(*). > > Here is what I get for tun0 when connecting with NM: > > -------- > $ ip a l tun0 > 17: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel > state > UNKNOWN > group default qlen 500 > link/none > inet 10.66.6.4/24 brd 10.66.6.255 scope global noprefixroute tun0 > valid_lft forever preferred_lft forever > inet6 2001:bc8:3d1d:1337::1002 peer 2001:bc8:3d1d:1337::1/64 scope global > noprefixroute > valid_lft forever preferred_lft forever > -------- > > When connecting with systemd or via the command line (sudo openvpn --config > vpn.conf) : > -------- > $ ip a l tun0 > > 14: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel > state > UNKNOWN > group default qlen 500 > link/none > > inet 10.66.6.4/24 scope global tun0 > > valid_lft forever preferred_lft forever > > inet6 2001:bc8:3d1d:1337::1002/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::24b7:bb72:a319:252d/64 scope link stable-privacy > valid_lft forever preferred_lft forever > -------- > > → Note the scope global inet6 differences above: peer vs subnet > > (*) In order to avoid having all my trafic routed through the vpn, I did > check "Use this > connection only for resources on its network" for IPv4 & IPv6. > > Is there a way to make Network Manager behave like openvpn --config vpn.conf? > > Here is additionnal informations: > > -------- > $ nmcli device show tun0 > GENERAL.DEVICE: tun0 > GENERAL.TYPE: tun > GENERAL.HWADDR: (unknown) > GENERAL.MTU: 1500 > GENERAL.STATE: 100 (connected (externally)) > GENERAL.CONNECTION: tun0 > GENERAL.CON-PATH: > /org/freedesktop/NetworkManager/ActiveConnection/27 > IP4.ADDRESS[1]: 10.66.6.4/24 > IP4.GATEWAY: -- > IP4.ROUTE[1]: dst = 10.66.6.0/24, nh = 0.0.0.0, mt > = 50 > IP6.ADDRESS[1]: 2001:bc8:3d1d:1337::1002/64 > IP6.GATEWAY: -- > IP6.ROUTE[1]: dst = 2001:bc8:3d1d:1337::1/128, nh = > ::, mt = > 256 > IP6.ROUTE[2]: dst = 2001:bc8:3d1d:1337::1002/128, > nh = ::, mt > = > 50 > IP6.ROUTE[3]: dst = 2001:bc8:3d1d:1337::1/128, nh = > ::, mt = > 50 > -------- > > And the openvpn client config I imported from NM (minus the certs&keys): > | client > | dev tun > | # try standard port first > | remote hub.nsoc.fr > | remote hub.nsoc.fr 53 > | ping 25 > | ping-restart 120 > | persist-key > | persist-tun > | tls-version-min 1.3 > | remote-cert-tls server > | mute-replay-warnings > | > | askpass > | verb 3 > | > | <ca></ca> > | <cert></cert> > | <key></key> > | <tls-crypt-v2></tls-crypt-v2> > > > Thank you in advance! > > Samuel > > _______________________________________________ > networkmanager-list mailing list > networkmanager-list@gnome.org > https://mail.gnome.org/mailman/listinfo/networkmanager-list
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
