Re: Connman VPN: Do not replace default route

2013-02-05 Thread Yevhen Kyriukha
2013/2/4 Jukka Rissanen jukka.rissa...@linux.intel.com:
 Hi,


 On 03.02.2013 19:11, Yevhen Kyriukha wrote:

 2013/2/3 Jukka Rissanen jukka.rissa...@gmail.com:

 Hi,

 On 2 February 2013 15:02, Yevhen Kyriukha kirg...@gmail.com wrote:

 My VPN server already push information about routes like:
 server 10.10.10.0 255.255.255.0
 and
 push route 10.10.10.0 255.255.255.0 vpn_gateway

 If I use openvpn without connman the behavior is correct (routes are
 replaced only if I push redirect-gateway from the server).


 This sounds like a bug.
 Can you do following:

 - start vpnd with connman-vpnd -n -d and direct the output to a file
 - start test/monitor-vpn and direct the output to a file
 - connect to your vpn (you should see server pushed routes in debug
 output and also in monitor output)
 - after successful connection run test/vpn-get to see if we are really
 missing the ServerRoutes


 Cheers,
 Jukka


 Ok, I did these steps and here's what I got:

 When I run connman-vpnd -n -d program closes immediately (you can
 find output in connman-vpn.log file that is attached). Is it
 correct? Seems that system activates connman-vpnd by dbus.


 The log says

 No VPN configurations found, quitting.

 Meaning that you do not have any VPN configurations around. Did you remove
 all your VPN configurations from disk or are you running with read only
 filesystem for /var/lib/connman?



 In output of 'monitor-vpn' I see the following line:
 ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0
 Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4
 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]]

 And output of 'vpn-get' contains following:
 ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0
 Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4
 Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]]


 This looks correct.



 But 'route -n' gives me the same picture that I was talking before
 (vpn is a default route iface).


 This is expected as you have not moved the services yet.

 If the /var/lib/connman is non-existent, then you will have weird problems
 anyway.


 Cheers,
 Jukka


Hi!

 The log says

 No VPN configurations found, quitting.

 Meaning that you do not have any VPN configurations around. Did you remove
 all your VPN configurations from disk or are you running with read only
 filesystem for /var/lib/connman?

I was writing about that problem on connman mailing list.
I have /var/lib/connman folder and it doesn't disappear after reboot.
I checked 'mount' and there was no /var or /var/lib directory mounted
as read only file system partition.

This problem appears when I restart connman-vpn and connman services
with previously *connected* (active) VPN connection. I'm not rebooting
PC! So all settings exist.

So this is the second problem.

The first one was overriding default route.
You said that if server push some info about routes connman-vpn won't
replace default route.
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman


Re: Connman VPN: Do not replace default route

2013-02-04 Thread Jukka Rissanen

Hi,

On 03.02.2013 19:11, Yevhen Kyriukha wrote:

2013/2/3 Jukka Rissanen jukka.rissa...@gmail.com:

Hi,

On 2 February 2013 15:02, Yevhen Kyriukha kirg...@gmail.com wrote:

My VPN server already push information about routes like:
server 10.10.10.0 255.255.255.0
and
push route 10.10.10.0 255.255.255.0 vpn_gateway

If I use openvpn without connman the behavior is correct (routes are
replaced only if I push redirect-gateway from the server).


This sounds like a bug.
Can you do following:

- start vpnd with connman-vpnd -n -d and direct the output to a file
- start test/monitor-vpn and direct the output to a file
- connect to your vpn (you should see server pushed routes in debug
output and also in monitor output)
- after successful connection run test/vpn-get to see if we are really
missing the ServerRoutes


Cheers,
Jukka


Ok, I did these steps and here's what I got:

When I run connman-vpnd -n -d program closes immediately (you can
find output in connman-vpn.log file that is attached). Is it
correct? Seems that system activates connman-vpnd by dbus.


The log says

No VPN configurations found, quitting.

Meaning that you do not have any VPN configurations around. Did you 
remove all your VPN configurations from disk or are you running with 
read only filesystem for /var/lib/connman?




In output of 'monitor-vpn' I see the following line:
ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0
Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4
Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]]

And output of 'vpn-get' contains following:
ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0
Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4
Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]]


This looks correct.



But 'route -n' gives me the same picture that I was talking before
(vpn is a default route iface).


This is expected as you have not moved the services yet.

If the /var/lib/connman is non-existent, then you will have weird 
problems anyway.



Cheers,
Jukka

___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman


Re: Connman VPN: Do not replace default route

2013-02-03 Thread Jukka Rissanen
Hi,

On 2 February 2013 15:02, Yevhen Kyriukha kirg...@gmail.com wrote:
 My VPN server already push information about routes like:
 server 10.10.10.0 255.255.255.0
 and
 push route 10.10.10.0 255.255.255.0 vpn_gateway

 If I use openvpn without connman the behavior is correct (routes are
 replaced only if I push redirect-gateway from the server).

This sounds like a bug.
Can you do following:

- start vpnd with connman-vpnd -n -d and direct the output to a file
- start test/monitor-vpn and direct the output to a file
- connect to your vpn (you should see server pushed routes in debug
output and also in monitor output)
- after successful connection run test/vpn-get to see if we are really
missing the ServerRoutes


Cheers,
Jukka
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman


Re: Connman VPN: Do not replace default route

2013-02-03 Thread Yevhen Kyriukha
2013/2/3 Jukka Rissanen jukka.rissa...@gmail.com:
 Hi,

 On 2 February 2013 15:02, Yevhen Kyriukha kirg...@gmail.com wrote:
 My VPN server already push information about routes like:
 server 10.10.10.0 255.255.255.0
 and
 push route 10.10.10.0 255.255.255.0 vpn_gateway

 If I use openvpn without connman the behavior is correct (routes are
 replaced only if I push redirect-gateway from the server).

 This sounds like a bug.
 Can you do following:

 - start vpnd with connman-vpnd -n -d and direct the output to a file
 - start test/monitor-vpn and direct the output to a file
 - connect to your vpn (you should see server pushed routes in debug
 output and also in monitor output)
 - after successful connection run test/vpn-get to see if we are really
 missing the ServerRoutes


 Cheers,
 Jukka

Ok, I did these steps and here's what I got:

When I run connman-vpnd -n -d program closes immediately (you can
find output in connman-vpn.log file that is attached). Is it
correct? Seems that system activates connman-vpnd by dbus.

In output of 'monitor-vpn' I see the following line:
ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0
Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4
Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]]

And output of 'vpn-get' contains following:
ServerRoutes = [[{ ProtocolFamily=4 Netmask=255.255.255.0
Network=10.10.10.0 Gateway=10.10.10.81 }][{ ProtocolFamily=4
Netmask=255.255.255.0 Network=10.10.10.0 Gateway=10.10.10.81 }]]

But 'route -n' gives me the same picture that I was talking before
(vpn is a default route iface).


connman-vpn.log
Description: Binary data
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman

Re: Connman VPN: Do not replace default route

2013-02-02 Thread Jukka Rissanen
Hi,

On 1 February 2013 22:28, Yevhen Kyriukha kirg...@gmail.com wrote:
 I've tried 'service-move-before' but hadn't got any changes in routing table.

If you want that default route is not routed via VPN, then connman
needs to know which routes you want to route via VPN connection. This
route information can come automatically from VPN server, or user can
define the routes manually. The user settable property is called
UserRoutes (see doc/vpn-connection-api.txt for details).
If the route information is not known, the service-move-before cannot
actually change the ordering as you have noticed.

Cheers,
Jukka
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman


Re: Connman VPN: Do not replace default route

2013-02-02 Thread Yevhen Kyriukha
2013/2/2 Jukka Rissanen jukka.rissa...@gmail.com:
 Hi,

 On 1 February 2013 22:28, Yevhen Kyriukha kirg...@gmail.com wrote:
 I've tried 'service-move-before' but hadn't got any changes in routing table.

 If you want that default route is not routed via VPN, then connman
 needs to know which routes you want to route via VPN connection. This
 route information can come automatically from VPN server, or user can
 define the routes manually. The user settable property is called
 UserRoutes (see doc/vpn-connection-api.txt for details).
 If the route information is not known, the service-move-before cannot
 actually change the ordering as you have noticed.

 Cheers,
 Jukka

I'm using OpenVPN, just in case.
I think that if VPN server doesn't send push redirect-gateway to
clients connman shouldn't replace default routes.
My VPN server already push information about routes like:
server 10.10.10.0 255.255.255.0
and
push route 10.10.10.0 255.255.255.0 vpn_gateway

If I use openvpn without connman the behavior is correct (routes are
replaced only if I push redirect-gateway from the server).
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman


RE: Connman VPN: Do not replace default route

2013-02-01 Thread Yevhen Kyriukha
 Hi!

 How can I configure connman-vpn to leave my default route?
 I want that connman append VPN route so I can access my VPN network and
 have all other traffic go through default route.

You can use connman test script service-move-before to move the service
to the first one. The first service gets the default route.

I've tried 'service-move-before' but hadn't got any changes in routing table.
I have ethernet connection and I want to establish VPN connection.
After VPN connection is established, I run 'service-move-before
ethernet_service_path vpn_service_path' but 'route -n' command
gives me the same result as before executing 'service-move-before'
script.

Is there any option besides executing 'service-move-before' to tell
connman simply not to override default routes?
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman


RE: Connman VPN: Do not replace default route

2013-01-31 Thread Zheng, Jeff
Hi Yevhen,

 -Original Message-
 From: connman-boun...@connman.net
 [mailto:connman-boun...@connman.net] On Behalf Of Yevhen Kyriukha
 Sent: Friday, February 01, 2013 7:28 AM
 To: connman@connman.net
 Subject: Connman VPN: Do not replace default route
 
 Hi!
 
 How can I configure connman-vpn to leave my default route?
 I want that connman append VPN route so I can access my VPN network and
 have all other traffic go through default route.

You can use connman test script service-move-before to move the service
to the first one. The first service gets the default route.

Bests
Jeff
___
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman