Bug#1067052: [Pkg-utopia-maintainers] Bug#1067052: network-manager: Wrong priorities for OpenVPN connections

[Evgeny Fishgalov]

The problem is that when connected to VPN via Network Manager

a) I can't access the resources of the remote local network;

b) the traffic does not get tunneled over VPN routes.


This problem doesn't appear when connected via sudo openvpn


Here are (anonymised) contents of the .nmconnection file for my VPN
connection in /etc/NetworkManager/system-connections

[connection]
id=korolev
uuid=ANONYMISED-UUID
type=vpn
autoconnect=false

[vpn]
auth=SHA256
ca=/home/eugrus/.cert/nm-openvpn/korolev-ca.pem
cert=/home/eugrus/.cert/nm-openvpn/korolev-cert.pem
cert-pass-flags=0
cipher=AES-128-GCM
connection-type=tls
dev=tun
key=/home/eugrus/.cert/nm-openvpn/korolev-key.pem
remote=ANONYMISED.IP:1194
remote-cert-tls=server
tls-cipher=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
tls-crypt=/home/eugrus/.cert/nm-openvpn/korolev-tls-crypt.pem
tls-version-min=1.2
verify-x509-name=name:server_ANONYMISED
service-type=org.freedesktop.NetworkManager.openvpn

[ipv4]
may-fail=false
method=auto

[ipv6]
addr-gen-mode=stable-privacy
may-fail=false
method=auto

[proxy]


On Sun, 17 Mar 2024 18:27:58 +0100 Michael Biebl  wrote:

> Control: tags -1 + moreinfo

>

> Where exactly is the problem?

> Please highlight it explicitly.

> Please also share your NM configuration for the openvpn connection.

>

Bug#1067052: [Pkg-utopia-maintainers] Bug#1067052: network-manager: Wrong priorities for OpenVPN connections

[Michael Biebl]

Control: tags -1 + moreinfo

Where exactly is the problem?
Please highlight it explicitly.
Please also share your NM configuration for the openvpn connection.

Am 17.03.2024 um 18:18 schrieb Evgeny Fishgalov:


eugrus@eugensdebianpc:~$ ip route # without VPN
default via 192.168.178.1 dev enp0s25
default via 192.168.178.1 dev enp0s25 proto dhcp src 192.168.178.25 
metric 100
10.0.3.0/24  dev lxcbr0 proto kernel scope link src 
10.0.3.1 linkdown

169.254.0.0/16  dev enp0s25 scope link metric 1000
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25 metric

100
192.168.178.1 dev enp0s25 scope link
eugrus@eugensdebianpc:~$ ip route # VPN established from Network Manager
default via 192.168.178.1 dev enp0s25
default via 10.8.0.1 dev tun0 proto static metric 50
default via 192.168.178.1 dev enp0s25 proto dhcp src 192.168.178.25 
metric 100
10.0.3.0/24  dev lxcbr0 proto kernel scope link src 
10.0.3.1 linkdown
10.8.0.0/24  dev tun0 proto kernel scope link src 
10.8.0.2 metric 50

94.198.134.88 via 192.168.178.1 dev enp0s25 proto static metric 50
169.254.0.0/16  dev enp0s25 scope link metric 1000
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25 metric

100
192.168.178.1 dev enp0s25 scope link
192.168.178.1 dev enp0s25 proto static scope link metric 50
eugrus@eugensdebianpc:~$ ip route # VPN established with sudo openvpn
0.0.0.0/1  via 10.8.0.1 dev tun0
default via 192.168.178.1 dev enp0s25
default via 192.168.178.1 dev enp0s25 proto dhcp src 192.168.178.25 
metric 100
10.0.3.0/24  dev lxcbr0 proto kernel scope link src 
10.0.3.1 linkdown
10.8.0.0/24  dev tun0 proto kernel scope link src 
10.8.0.2

94.198.134.88 via 192.168.178.1 dev enp0s25
128.0.0.0/1  via 10.8.0.1 dev tun0
169.254.0.0/16  dev enp0s25 scope link metric 1000
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25
192.168.178.0/24  dev enp0s25 proto kernel 
scope link src 192.168.178.25 metric

100
192.168.178.1 dev enp0s25 scope link

Kind regards,
Evgeny Fishgalov


-- System Information:
Debian Release: 12.5
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable')

Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-17-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), 
LANGUAGE=ru_RU:ru

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages network-manager depends on:
ii  adduser                         3.134
ii  dbus [default-dbus-system-bus]  1.14.10-1~deb12u1
ii  libaudit1                       1:3.0.9-1
ii  libbluetooth3                   5.66-1+deb12u1
ii  libc6                           2.36-9+deb12u4
ii  libcurl3-gnutls                 7.88.1-10+deb12u5
ii  libglib2.0-0                    2.74.6-2
ii  libgnutls30                     3.7.9-2+deb12u2
ii  libjansson4                     2.14-2
ii  libmm-glib0                     1.20.4-1
ii  libndp0                         1.8-1
ii  libnewt0.52                     0.52.23-1+b1
ii  libnm0                          1.42.4-1
ii  libpsl5                         0.21.2-1
ii  libreadline8                    8.2-1.3
ii  libselinux1                     3.4-1+b6
ii  libsystemd0                     252.22-1~deb12u1
ii  libteamdctl0                    1.31-1
ii  libudev1                        252.22-1~deb12u1
ii  policykit-1                     122-3
ii  polkitd                         122-3
ii  udev                            252.22-1~deb12u1

Versions of packages network-manager recommends:
ii  dnsmasq-base [dnsmasq-base]  2.89-1
ii  libpam-systemd               252.22-1~deb12u1
ii  modemmanager                 1.20.4-1
ii  ppp                          2.4.9-1+1.1+b1
ii  wireless-regdb               2022.06.06-1
ii  wpasupplicant                2:2.10-12

Versions of packages network-manager suggests:
ii  iptables       1.8.9-2
pn  libteam-utils  

Versions of packages network-manager is related to:
ii  isc-dhcp-client  4.4.3-P1-2

-- no debconf information

___
Pkg-utopia-maintainers mailing list
pkg-utopia-maintain...@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers




OpenPGP_signature.asc
Description: OpenPGP digital signature