Public bug reported: Used versions: * Ubuntu 16.10 * network-manager 1.2.6-0ubuntu1 * network-manager-openvpn 1.2.6-2ubuntu1 * openvpn 2.3.11-1ubuntu2
Just like iputils refuses to add routes where it doesn't has a route to the gateway on the device, openvpn seems pretty much to do the same. % sudo /usr/lib/NetworkManager/nm-openvpn-service --debug [...] nm-openvpn[16132]: <debug> [helper-16342] environment: script_type=up nm-openvpn[16132]: <debug> [helper-16342] environment: dev_type=tun nm-openvpn[16132]: <debug> [helper-16342] environment: dev=tun0 nm-openvpn[16132]: <debug> [helper-16342] environment: link_mtu=1542 nm-openvpn[16132]: <debug> [helper-16342] environment: tun_mtu=1500 nm-openvpn[16132]: <debug> [helper-16342] environment: script_context=init nm-openvpn[16132]: <debug> [helper-16342] environment: route_gateway_2=172.19.200.141 nm-openvpn[16132]: <debug> [helper-16342] environment: route_netmask_2=255.255.255.0 nm-openvpn[16132]: <debug> [helper-16342] environment: route_network_2=172.19.200.0 nm-openvpn[16132]: <debug> [helper-16342] environment: route_gateway_1=172.19.200.141 nm-openvpn[16132]: <debug> [helper-16342] environment: route_netmask_1=255.255.0.0 nm-openvpn[16132]: <debug> [helper-16342] environment: route_network_1=172.19.0.0 nm-openvpn[16132]: <debug> [helper-16342] environment: route_vpn_gateway=172.19.200.141 nm-openvpn[16132]: <debug> [helper-16342] environment: route_net_gateway=192.168.178.1 nm-openvpn[16132]: <debug> [helper-16342] environment: ifconfig_remote=172.19.200.141 nm-openvpn[16132]: <debug> [helper-16342] environment: ifconfig_local=172.19.200.142 nm-openvpn[16132]: <debug> [helper-16342] environment: common_name=server nm-openvpn[16132]: <debug> [helper-16342] environment: trusted_port=1194 nm-openvpn[16132]: <debug> [helper-16342] environment: trusted_ip=IP_REMOVED nm-openvpn[16132]: <debug> [helper-16342] environment: untrusted_port=1194 nm-openvpn[16132]: <debug> [helper-16342] environment: untrusted_ip=IP_REMOVED [...TLS certs etc] nm-openvpn[16132]: <debug> [helper-16342] environment: verb=10 nm-openvpn[16132]: <debug> [helper-16342] environment: daemon=0 nm-openvpn[16132]: <debug> [helper-16342] environment: daemon_log_redirect=0 nm-openvpn[16132]: <debug> [helper-16342] environment: daemon_start_time=1489594872 nm-openvpn[16132]: <debug> [helper-16342] environment: daemon_pid=16267 nm-openvpn[16132]: <debug> [helper-16342] environment: proto_1=udp nm-openvpn[16132]: <debug> [helper-16342] environment: local_port_1=0 nm-openvpn[16132]: <debug> [helper-16342] environment: remote_1=HOST_NAME_REMOVED nm-openvpn[16132]: <debug> [helper-16342] environment: remote_port_1=1194 [...] % ip r l | grep 172.19 172.19.200.0/24 via 172.19.200.141 dev tun0 proto static metric 50 172.19.200.141 dev tun0 proto kernel scope link src 172.19.200.142 metric 50 I don't see anything happening to the routes wrt errors: Wed Mar 15 17:21:15 2017 us=306238 PUSH: Received control message: 'PUSH_REPLY,route 172.19.0.0 255.255.0.0,route 172.19.200.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 172.19.200.142 172.19.200.141' Wed Mar 15 17:21:15 2017 us=306271 OPTIONS IMPORT: timers and/or timeouts modified Wed Mar 15 17:21:15 2017 us=306287 OPTIONS IMPORT: --ifconfig/up options modified Wed Mar 15 17:21:15 2017 us=306290 OPTIONS IMPORT: route options modified Wed Mar 15 17:21:15 2017 us=306371 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=eth0 HWADDR=54:ee:75:51:75:eb Wed Mar 15 17:21:15 2017 us=324890 TUN/TAP device tun0 opened Wed Mar 15 17:21:15 2017 us=324925 TUN/TAP TX queue length set to 100 Wed Mar 15 17:21:15 2017 us=324964 /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 6 16132 --bus-name org.freedesktop.NetworkManager.openvpn --tun -- tun0 1500 1542 172.19.200.142 172.19.200.141 init Wed Mar 15 17:21:15 2017 us=325278 PKCS#11: __pkcs11h_forkFixup entry pid=16342, activate_slotevent=1 Wed Mar 15 17:21:15 2017 us=325329 PKCS#11: __pkcs11h_forkFixup return nm-openvpn[16132]: <debug> [helper-16342] command line: "/usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper" "--debug" "6" "16132" "--bus-name" "org.freedesktop.NetworkManager.openvpn" "--tun" "--" "tun0" "1500" "1542" "172.19.200.142" "172.19.200.141" "init" nm-openvpn[16132]: <debug> [helper-16342] environment: script_type=up I'm figuring it's trying to add the route before the network route itself is there, which leads to expected results when testing: % sudo ip link add foobar0 type dummy % sudo ip r a 172.19.0.0/16 dev foobar0 via 172.19.200.141 RTNETLINK answers: Network is unreachable If you use openvpn directly though, it works just fine: % ip r l | grep 172.19 % % sudo openvpn client.conf [...] Wed Mar 15 17:42:13 2017 /sbin/ip addr add dev tun0 local 172.19.200.142 peer 172.19.200.141 Wed Mar 15 17:42:13 2017 /sbin/ip route add 172.19.0.0/16 via 172.19.200.141 Wed Mar 15 17:42:13 2017 /sbin/ip route add 172.19.200.0/24 via 172.19.200.141 [...] % ip r l | grep 172.19 172.19.0.0/16 via 172.19.200.141 dev tun0 172.19.200.0/24 via 172.19.200.141 dev tun0 172.19.200.141 dev tun0 proto kernel scope link src 172.19.200.142 So I'll be blaming nm-openvpn-service-openvpn-helper for doing something weird. ** Affects: network-manager-openvpn (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1673165 Title: Ignores route depending on other route To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1673165/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs