On Thu, Jun 4, 2015 at 6:07 AM, Thomas Haller <thal...@redhat.com> wrote: > On Do, 2015-06-04 at 05:56 -0600, Nicolas Bock wrote: >> Thanks Thomas for the helpful comments. >> >> It sounds like that there is no solution at the moment through >> networkmanager-1.0.2, right? I was naively considering some script in >> /etc/NetworkManager/dispatcher.d, but from the email threads you link >> it sounds like as if the routing table update would happen anyway. > > A dispatcher script would not prevent NM from adding any routes. > > Maybe using the VPN, you use it together with a connection > that either only has static configuration > ipv4.method=manual > ipv4.addresses=... > ipv4.routes=... > or that suppresses routes from DHCP > ipv4.method=auto > ipv4.routes=... > ipv4.ignore-auto-routes=yes > that might work well enough, but that's not a real solution. > Could I do that such that nm uses the normal approach while not using ncsvc, and switches to ignoring routes while under VPN?
> > Thomas > > >> >> Thanks again for the help! >> >> nick >> >> >> On Thu, Jun 4, 2015 at 5:45 AM, Thomas Haller <thal...@redhat.com> >> wrote: >> > On Do, 2015-06-04 at 04:55 -0600, Nicolas Bock wrote: >> > > Hi, >> > > >> > > When I run the Juniper Network Connect client (ncsvc) it >> > > terminates >> > > every time the DHCP license is renewed. The log files of ncsvc >> > > are >> > > unfortunately rather cryptic, but it appears as if the DHCP >> > > renewal >> > > leads to a change in the routing table which triggers a >> > > "rmon.error" >> > > in ncsvc which then tears down the VPN tunnel. Using timestamps >> > > the >> > > following two events correlate: >> > > >> > > 20150603133456.514649 ncsvc[p6870.t6870] rmon.error Route to >> > > destination 192.168.1.1 is missing mask 255.255.255.255 with gw >> > > 0.0.0.0, metric 1, if_id 0, disconnecting (routemon.cpp:628) >> > > >> > > which coincides with the following journal entries: >> > > >> > > Jun 03 13:34:55.454967 host NetworkManager[1805]: address >> > > 192.168.1.16 >> > > Jun 03 13:34:55.454985 host NetworkManager[1805]: plen 24 >> > > Jun 03 13:34:55.454990 host NetworkManager[1805]: expires in 300 >> > > seconds >> > > Jun 03 13:34:55.455026 host NetworkManager[1805]: gateway >> > > 192.168.1.1 >> > > Jun 03 13:34:55.455035 host NetworkManager[1805]: nameserver >> > > '192.168.1.1' >> > > Jun 03 13:34:55.455210 host NetworkManager[1805]: (wlp6s0): >> > > DHCPv4 >> > > state changed bound -> bound >> > > Jun 03 13:34:55.456679 host dbus[1799]: [system] Activating via >> > > systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus >> > > -org.freedesktop.nm-dispatcher.service' >> > > Jun 03 13:34:55.461372 host dbus[1799]: [system] Successfully >> > > activated service 'org.freedesktop.nm_dispatcher' >> > > Jun 03 13:34:55.462021 host nm-dispatcher[8295]: Dispatching >> > > action >> > > 'dhcp4-change' for wlp6s0 >> > > Jun 03 13:34:56.514958 host systemd-networkd[1803]: tun0 : lost >> > > carrier >> > > >> > > Besides the ncsvc error listed above I sometimes also see this >> > > one: >> > > >> > > 20150603132151.174661 ncsvc[p6870.t6870] rmon.error Unauthorized >> > > new >> > > route to 192.168.1.0/0.0.0.0 has been added (conflicts >> > > with >> > > our route to 0.0.0.0), disconnecting (routemon.cpp:598) >> > > >> > > Both seem to indicate that the routing table is changed on DHCP >> > > renewal. Is there a way to prevent networkmanager from doing >> > > this? Or >> > > is this problem caused by something else possibly? >> > >> > as you suspect, this is caused by NetworkManager. At various times >> > (e.g. when activating a connection, or on new DHCP lease), NM will >> > reinstall routes. >> > >> > >> > recently there was a related email thread: >> > https://mail.gnome.org/archives/networkmanager-list/2015 >> > -May/msg00016.html >> > >> > but no solution either. >> > >> > >> > We could change NM not only do any system-modification when it will >> > actually have any effect. >> > Like, re-installing a route, only if it is not yet currently there. >> > >> > >> > There was an idea to add a feature to "propert routes". >> > https://bugzilla.gnome.org/show_bug.cgi?id=749376 >> > It's not clear how this feature could look like, but probably it >> > should >> > be designed in a way, that you can tell NM ~not to configure~ >> > certain >> > routes. >> > >> > >> > IMO ncsvc should allow you to white-list certain routes, so you >> > could >> > say: don't tear down VPN when somebody messes with 192.168.1.0/24. >> > >> > >> > Thomas >> > _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
