On Sun, 2016-08-14 at 17:44 +0000, Jetchko Jekov wrote: > Hi guys, > > I have following problem: > I am trying to setup openvpn connection to VPN server accessible not > via default gateway. > Wnen NM configures vpn connection it sets the route to VPN server's > IP address wrongly via default gateway. > Here is an example: > - before activating VPN connection my routing table looks like this: > > default via 192.168.13.1 dev br0 proto static metric 425 > 10.0.0.0/8 dev vpn0 proto kernel scope link src 10.144.204.250 > metric 50 > 10.39.49.28 dev vpn0 proto static scope link src 10.144.204.250 > metric 425 > 172.21.0.0/24 dev virbr0 proto kernel scope link src 172.21.0.1 > linkdown > 192.168.13.0/24 dev br0 proto kernel scope link src 192.168.13.11 > metric 425 > 194.251.119.216 via 192.168.13.1 dev br0 proto static metric 425 > > (yes, the vpn I am trying to connect to is accessible via another vpn > (split-vpn) connection established in advance, but I guess this > doesn't matter) > > Now, when I activate openvpn connection to server with address > 192.167.3.254 accessible via http proxy at 10.39.49.28, > and after successful connection my routing table look like this: > > default via 192.168.13.1 dev br0 proto static metric 425 > 10.0.0.0/8 dev vpn0 proto kernel scope link src 10.144.204.250 > metric 50 > 10.39.49.28 via 192.168.13.1 dev br0 proto static metric 425 > 172.21.0.0/24 dev virbr0 proto kernel scope link src 172.21.0.1 > linkdown > 192.167.0.0/16 via 192.167.15.1 dev tun0 proto static metric 50 > 192.167.15.0/24 dev tun0 proto kernel scope link src 192.167.15.66 > metric 50 > 192.168.13.0/24 dev br0 proto kernel scope link src 192.168.13.11 > metric 425 > 194.251.119.216 via 192.168.13.1 dev br0 proto static metric 425 > > The problem is 3rd line. I have no idea why NM sets route this wrong > way. > If correct this route manually to > 10.39.49.28 dev vpn0 proto static scope link src 10.144.204.250 > metric 425 > everything works as expected > > The question is: Have I missconfigured something on my end or NM (or > openvpn plugin) is broken in this regard. >
hi, NM always associates a VPN connection with the "best-device", that is the device which currently has the default-route. And then it adds a direct route to the external gateway via that device. That is a current short-coming of NM, as it breaks down in your case. (there is no concrete plan how to fix that yet). How about you add a manual route to 10.39.49.28 to vpn0 with a metric lower then 425? Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
