On Do, 2015-06-04 at 04:55 -0600, Nicolas Bock wrote: > Hi, > > When I run the Juniper Network Connect client (ncsvc) it terminates > every time the DHCP license is renewed. The log files of ncsvc are > unfortunately rather cryptic, but it appears as if the DHCP renewal > leads to a change in the routing table which triggers a "rmon.error" > in ncsvc which then tears down the VPN tunnel. Using timestamps the > following two events correlate: > > 20150603133456.514649 ncsvc[p6870.t6870] rmon.error Route to > destination 192.168.1.1 is missing mask 255.255.255.255 with gw > 0.0.0.0, metric 1, if_id 0, disconnecting (routemon.cpp:628) > > which coincides with the following journal entries: > > Jun 03 13:34:55.454967 host NetworkManager[1805]: address > 192.168.1.16 > Jun 03 13:34:55.454985 host NetworkManager[1805]: plen 24 > Jun 03 13:34:55.454990 host NetworkManager[1805]: expires in 300 > seconds > Jun 03 13:34:55.455026 host NetworkManager[1805]: gateway 192.168.1.1 > Jun 03 13:34:55.455035 host NetworkManager[1805]: nameserver > '192.168.1.1' > Jun 03 13:34:55.455210 host NetworkManager[1805]: (wlp6s0): DHCPv4 > state changed bound -> bound > Jun 03 13:34:55.456679 host dbus[1799]: [system] Activating via > systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus > -org.freedesktop.nm-dispatcher.service' > Jun 03 13:34:55.461372 host dbus[1799]: [system] Successfully > activated service 'org.freedesktop.nm_dispatcher' > Jun 03 13:34:55.462021 host nm-dispatcher[8295]: Dispatching action > 'dhcp4-change' for wlp6s0 > Jun 03 13:34:56.514958 host systemd-networkd[1803]: tun0 : lost > carrier > > Besides the ncsvc error listed above I sometimes also see this one: > > 20150603132151.174661 ncsvc[p6870.t6870] rmon.error Unauthorized new > route to 192.168.1.0/0.0.0.0 has been added (conflicts with > our route to 0.0.0.0), disconnecting (routemon.cpp:598) > > Both seem to indicate that the routing table is changed on DHCP > renewal. Is there a way to prevent networkmanager from doing this? Or > is this problem caused by something else possibly?
as you suspect, this is caused by NetworkManager. At various times (e.g. when activating a connection, or on new DHCP lease), NM will reinstall routes. recently there was a related email thread: https://mail.gnome.org/archives/networkmanager-list/2015 -May/msg00016.html but no solution either. We could change NM not only do any system-modification when it will actually have any effect. Like, re-installing a route, only if it is not yet currently there. There was an idea to add a feature to "propert routes". https://bugzilla.gnome.org/show_bug.cgi?id=749376 It's not clear how this feature could look like, but probably it should be designed in a way, that you can tell NM ~not to configure~ certain routes. IMO ncsvc should allow you to white-list certain routes, so you could say: don't tear down VPN when somebody messes with 192.168.1.0/24. Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list