Bug 456685

Summary: routing all traffic through vpn is no longer possible with ppp
Product: [Fedora] Fedora Reporter: Fabrice Bellet <fabrice>
Component: NetworkManagerAssignee: Dan Williams <dcbw>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: dcbw, fabrice, kevin, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-28 18:46:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
fix route_in_same_subnet()
none
fix route_in_same_subnet() using prefix instead of netmask none

Description Fabrice Bellet 2008-07-25 15:22:46 UTC
Hi,

Since nm respects openvpn provided routes, it is no longer possible to route all
traffic through the vpn, when the real device is a ppp device : the
"redirect-gateway" directive is not honored by the vpn client that receives it,
because there's no default gw in a ppp session (error message "Cannot read
current default gateway from system" in openvpn/route.c).

This problem always existed in openvpn, but nm, until recently, was somewhat a
workaround, by providing its own (correct) routes in this case.

Maybe the problem should be reported to the openvpn component instead ?

Comment 1 Fabrice Bellet 2008-07-25 20:39:08 UTC
I think a bug has been introduced in route_in_same_subnet() in commit 3812,
where only the prefix is compared, and not the address/prefix.

And about the problem of the default route for ppp0 being not replaced by tun0,
this occurs in nm_system_vpn_device_set_from_ip4_config(), with this snippet of
code:

       if (num == 0)
                nm_system_device_replace_default_ip4_route (iface, 0, 0);

So, not pushing extra static routes in the openvpn server resolves this issue,
after route_in_same_subnet() has been fixed.

Comment 2 Fabrice Bellet 2008-07-25 21:10:55 UTC
Created attachment 312684 [details]
fix route_in_same_subnet()

Comment 3 Fabrice Bellet 2008-07-26 20:47:16 UTC
Created attachment 312716 [details]
fix route_in_same_subnet() using prefix instead of netmask

Comment 4 Dan Williams 2008-07-28 14:38:50 UTC
upstream svn r3868, thanks!

Comment 5 Fabrice Bellet 2008-07-29 12:01:42 UTC
it works for me!

Comment 6 Fedora Update System 2008-08-12 02:29:58 UTC
NetworkManager-openvpn-0.7.0-15.svn3930.fc9,NetworkManager-vpnc-0.7.0-0.10.svn3928.fc9,NetworkManager-0.7.0-0.11.svn3930.fc9 has been submitted as an update for Fedora 9

Comment 7 Fedora Update System 2008-08-12 02:34:50 UTC
NetworkManager-openvpn-0.7.0-15.svn3930.fc8,NetworkManager-vpnc-0.7.0-0.10.svn3928.fc8,NetworkManager-0.7.0-0.11.svn3930.fc8 has been submitted as an update for Fedora 8

Comment 8 Fabrice Bellet 2008-08-12 16:07:10 UTC
This update for F-9 doesn't complete the openvpn tunnel setup. Here is the relevant part of /var/log/messages:


Aug 12 11:23:59 localhost NetworkManager: <info>  Policy set (ttyUSB0) as default device for routing and DNS.
Aug 12 11:23:59 localhost NetworkManager: <info>  Activation (ttyUSB0) successful, device activated.
Aug 12 11:23:59 localhost NetworkManager: <info>  Activation (ttyUSB0) Stage 5 of 5 (IP Configure Commit) complete.
Aug 12 11:24:03 localhost NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Aug 12 11:24:03 localhost NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 23542
Aug 12 11:24:03 localhost NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Aug 12 11:24:03 localhost NetworkManager: <info>  VPN plugin state changed: 1
Aug 12 11:24:03 localhost NetworkManager: <info>  VPN plugin state changed: 3
Aug 12 11:24:03 localhost NetworkManager: <info>  VPN connection 'xxxxxx' (Connect) reply received.
Aug 12 11:24:03 localhost NetworkManager: <WARN>  nm_vpn_connection_connect_cb(): (VPN connection 'xxxxxx' failed to connect: 'Method invoked for Connect returned FALSE but did not set error'.
Aug 12 11:24:03 localhost NetworkManager: <WARN>  connection_state_changed(): Could not process the request because no VPN connection was active.

Comment 9 Fedora Update System 2008-08-29 14:56:30 UTC
NetworkManager-openvpn-0.7.0-15.svn4027.fc9,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9,NetworkManager-0.7.0-0.11.svn4022.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/NetworkManager-openvpn-0.7.0-15.svn4027.fc9,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9,NetworkManager-0.7.0-0.11.svn4022.fc9

Comment 10 Fedora Update System 2008-09-02 20:41:43 UTC
NetworkManager-0.7.0-0.11.svn4022.fc8,NetworkManager-openvpn-0.7.0-15.svn4027.fc8,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8,NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/NetworkManager-0.7.0-0.11.svn4022.fc8,NetworkManager-openvpn-0.7.0-15.svn4027.fc8,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8,NetworkManager-pptp-0.7.0-0.10.svn4027.fc8

Comment 11 Fedora Update System 2008-09-10 06:36:39 UTC
NetworkManager-pptp-0.7.0-0.10.svn4027.fc9, NetworkManager-openvpn-0.7.0-15.svn4027.fc9, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9, NetworkManager-0.7.0-0.11.svn4022.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update NetworkManager-pptp NetworkManager-openvpn NetworkManager-vpnc NetworkManager'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-7375

Comment 12 Fedora Update System 2008-09-10 06:54:18 UTC
NetworkManager-0.7.0-0.11.svn4022.fc8, NetworkManager-openvpn-0.7.0-15.svn4027.fc8, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8, NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update NetworkManager NetworkManager-openvpn NetworkManager-vpnc NetworkManager-pptp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-7484

Comment 13 Fabrice Bellet 2008-09-18 20:11:22 UTC
ack! the updated package for Fedora 9 fixed this bug.

Comment 14 Fedora Update System 2008-09-28 18:42:30 UTC
NetworkManager-0.7.0-0.11.svn4022.fc8, NetworkManager-openvpn-0.7.0-15.svn4027.fc8, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8, NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2008-09-28 18:45:26 UTC
NetworkManager-pptp-0.7.0-0.10.svn4027.fc9, NetworkManager-openvpn-0.7.0-15.svn4027.fc9, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9, NetworkManager-0.7.0-0.11.svn4022.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.