Re: Connman VPN: Do not replace default route
2013/2/4 Jukka Rissanen jukka.rissa...@linux.intel.com: Hi, On 03.02.2013 19:11, Yevhen Kyriukha wrote: 2013/2/3 Jukka Rissanen jukka.rissa...@gmail.com: Hi, On 2 February 2013 15:02, Yevhen Kyriukha kirg...@gmail.com wrote: My VPN server already push information about routes like: server 10.10.10.0 255.255.255.0 and push route 10.10.10.0 255.255.255.0 vpn_gateway If I use openvpn without connman the behavior is correct (routes are replaced only if I push redirect-gateway from the server). This sounds like a bug. Can you do following: - start vpnd with connman-vpnd -n -d and direct the output to a file - start test/monitor-vpn and direct the output to a file - connect to your vpn (you should see server pushed routes in debug output and also in monitor output) - after successful connection run test/vpn-get to see if we are really missing the ServerRoutes Cheers, Jukka Ok, I did these steps and here's what I got: When I run connman-vpnd -n -d program closes immediately (you can find output in connman-vpn.log file that is attached). Is it correct? Seems that system activates connman-vpnd by dbus. The log says No VPN configurations found, quitting. Meaning that you do not have any VPN configurations around. Did you remove all your VPN configurations from disk or are you running with read only filesystem for /var/lib/connman? In output of 'monitor-vpn' I see the following line: ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]] And output of 'vpn-get' contains following: ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]] This looks correct. But 'route -n' gives me the same picture that I was talking before (vpn is a default route iface). This is expected as you have not moved the services yet. If the /var/lib/connman is non-existent, then you will have weird problems anyway. Cheers, Jukka Hi! The log says No VPN configurations found, quitting. Meaning that you do not have any VPN configurations around. Did you remove all your VPN configurations from disk or are you running with read only filesystem for /var/lib/connman? I was writing about that problem on connman mailing list. I have /var/lib/connman folder and it doesn't disappear after reboot. I checked 'mount' and there was no /var or /var/lib directory mounted as read only file system partition. This problem appears when I restart connman-vpn and connman services with previously *connected* (active) VPN connection. I'm not rebooting PC! So all settings exist. So this is the second problem. The first one was overriding default route. You said that if server push some info about routes connman-vpn won't replace default route. ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Connman VPN: Do not replace default route
Hi, On 03.02.2013 19:11, Yevhen Kyriukha wrote: 2013/2/3 Jukka Rissanen jukka.rissa...@gmail.com: Hi, On 2 February 2013 15:02, Yevhen Kyriukha kirg...@gmail.com wrote: My VPN server already push information about routes like: server 10.10.10.0 255.255.255.0 and push route 10.10.10.0 255.255.255.0 vpn_gateway If I use openvpn without connman the behavior is correct (routes are replaced only if I push redirect-gateway from the server). This sounds like a bug. Can you do following: - start vpnd with connman-vpnd -n -d and direct the output to a file - start test/monitor-vpn and direct the output to a file - connect to your vpn (you should see server pushed routes in debug output and also in monitor output) - after successful connection run test/vpn-get to see if we are really missing the ServerRoutes Cheers, Jukka Ok, I did these steps and here's what I got: When I run connman-vpnd -n -d program closes immediately (you can find output in connman-vpn.log file that is attached). Is it correct? Seems that system activates connman-vpnd by dbus. The log says No VPN configurations found, quitting. Meaning that you do not have any VPN configurations around. Did you remove all your VPN configurations from disk or are you running with read only filesystem for /var/lib/connman? In output of 'monitor-vpn' I see the following line: ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]] And output of 'vpn-get' contains following: ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]] This looks correct. But 'route -n' gives me the same picture that I was talking before (vpn is a default route iface). This is expected as you have not moved the services yet. If the /var/lib/connman is non-existent, then you will have weird problems anyway. Cheers, Jukka ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Connman VPN: Do not replace default route
Hi, On 2 February 2013 15:02, Yevhen Kyriukha kirg...@gmail.com wrote: My VPN server already push information about routes like: server 10.10.10.0 255.255.255.0 and push route 10.10.10.0 255.255.255.0 vpn_gateway If I use openvpn without connman the behavior is correct (routes are replaced only if I push redirect-gateway from the server). This sounds like a bug. Can you do following: - start vpnd with connman-vpnd -n -d and direct the output to a file - start test/monitor-vpn and direct the output to a file - connect to your vpn (you should see server pushed routes in debug output and also in monitor output) - after successful connection run test/vpn-get to see if we are really missing the ServerRoutes Cheers, Jukka ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Connman VPN: Do not replace default route
2013/2/3 Jukka Rissanen jukka.rissa...@gmail.com: Hi, On 2 February 2013 15:02, Yevhen Kyriukha kirg...@gmail.com wrote: My VPN server already push information about routes like: server 10.10.10.0 255.255.255.0 and push route 10.10.10.0 255.255.255.0 vpn_gateway If I use openvpn without connman the behavior is correct (routes are replaced only if I push redirect-gateway from the server). This sounds like a bug. Can you do following: - start vpnd with connman-vpnd -n -d and direct the output to a file - start test/monitor-vpn and direct the output to a file - connect to your vpn (you should see server pushed routes in debug output and also in monitor output) - after successful connection run test/vpn-get to see if we are really missing the ServerRoutes Cheers, Jukka Ok, I did these steps and here's what I got: When I run connman-vpnd -n -d program closes immediately (you can find output in connman-vpn.log file that is attached). Is it correct? Seems that system activates connman-vpnd by dbus. In output of 'monitor-vpn' I see the following line: ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]] And output of 'vpn-get' contains following: ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]] But 'route -n' gives me the same picture that I was talking before (vpn is a default route iface). connman-vpn.log Description: Binary data ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Connman VPN: Do not replace default route
Hi, On 1 February 2013 22:28, Yevhen Kyriukha kirg...@gmail.com wrote: I've tried 'service-move-before' but hadn't got any changes in routing table. If you want that default route is not routed via VPN, then connman needs to know which routes you want to route via VPN connection. This route information can come automatically from VPN server, or user can define the routes manually. The user settable property is called UserRoutes (see doc/vpn-connection-api.txt for details). If the route information is not known, the service-move-before cannot actually change the ordering as you have noticed. Cheers, Jukka ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Connman VPN: Do not replace default route
2013/2/2 Jukka Rissanen jukka.rissa...@gmail.com: Hi, On 1 February 2013 22:28, Yevhen Kyriukha kirg...@gmail.com wrote: I've tried 'service-move-before' but hadn't got any changes in routing table. If you want that default route is not routed via VPN, then connman needs to know which routes you want to route via VPN connection. This route information can come automatically from VPN server, or user can define the routes manually. The user settable property is called UserRoutes (see doc/vpn-connection-api.txt for details). If the route information is not known, the service-move-before cannot actually change the ordering as you have noticed. Cheers, Jukka I'm using OpenVPN, just in case. I think that if VPN server doesn't send push redirect-gateway to clients connman shouldn't replace default routes. My VPN server already push information about routes like: server 10.10.10.0 255.255.255.0 and push route 10.10.10.0 255.255.255.0 vpn_gateway If I use openvpn without connman the behavior is correct (routes are replaced only if I push redirect-gateway from the server). ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
RE: Connman VPN: Do not replace default route
Hi! How can I configure connman-vpn to leave my default route? I want that connman append VPN route so I can access my VPN network and have all other traffic go through default route. You can use connman test script service-move-before to move the service to the first one. The first service gets the default route. I've tried 'service-move-before' but hadn't got any changes in routing table. I have ethernet connection and I want to establish VPN connection. After VPN connection is established, I run 'service-move-before ethernet_service_path vpn_service_path' but 'route -n' command gives me the same result as before executing 'service-move-before' script. Is there any option besides executing 'service-move-before' to tell connman simply not to override default routes? ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
RE: Connman VPN: Do not replace default route
Hi Yevhen, -Original Message- From: connman-boun...@connman.net [mailto:connman-boun...@connman.net] On Behalf Of Yevhen Kyriukha Sent: Friday, February 01, 2013 7:28 AM To: connman@connman.net Subject: Connman VPN: Do not replace default route Hi! How can I configure connman-vpn to leave my default route? I want that connman append VPN route so I can access my VPN network and have all other traffic go through default route. You can use connman test script service-move-before to move the service to the first one. The first service gets the default route. Bests Jeff ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman