On Tue, 2006-11-14 at 15:25 +0100, Helmut Schaa wrote: > Hi, > I have set up a small OpenVPN configuration using shared keys. > > The first peer is set up using the following command: > > openvpn --remote x.x.x.x --dev tun --ifconfig 10.4.0.2 10.4.0.1 --secret > openvpn.key --float > > The second peer can connect to the first one using this command: > > openvpn --remote y.y.y.y --dev tun --ifconfig 10.4.0.1 10.4.0.2 --secret > openvpn.key > > I tried the same with NetworkManager and this configuration: > > Gateway: y.y.y.y > Connection Type: Pre-shared Key > Shared Key: openvpn.key > Local IP: 10.4.0.2 > Remote IP: 10.4.0.1 > > Result was that no connection was established. Watching a bit deeper in the > code I noticed that nm-openvpn-service-openvpn-helper returned an error > because it did not receive a gateway. > The following patch allows to use an OpenVPN Connection without getting a > gateway. This patch applies fine against HEAD and STABLE.
Well, NM will fail the VPN connection anyway on the NM side, since it does require a gateway (see nm-vpn-service.c, nm_vpn_service_stage4_ip4_config_get()). NM's got a fairly simplistic idea of VPNs at the moment, mainly targetted at mobile users connecting to a corporate VPN. Is your config here just a point-to-point VPN connection to one host? Are you only routing traffic for 10.4.0.1 over the VPN, and everything else over the normal interface gateway? Interestingly enough, after doing the normal VPN code, we changed the routing to allow the user to only route certain subnets over the VPN and everything else to the normal gateway. That's not really that much different from this case of point-to-point VPN. Thanks, Dan > Does somebody have any concerns about giving NM no gateway address? > > Regards, > Helmut > _______________________________________________ > NetworkManager-list mailing list > [email protected] > http://mail.gnome.org/mailman/listinfo/networkmanager-list _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
