Description of problem: VPN Concentrators that feed lists of split-tunneled networks back to the client for routing through the tunnel are silently ignored and only a default route is set through the tun/tap interface. Version-Release number of selected component (if applicable): All versions How reproducible: 100% Steps to Reproduce: 1. Configure a cisco vpn headednd device for split-tunnel ipsec. 2. Use vpnc on the command-line to connect to the headend device. The tunnelspecified routes will show up in the kernel routing table. Disconnect. 3. Configure networkmanager to connect to this same vpn. The kernel routing table will have the default route going through the tun/tap device every time, ignoring the tunneled networks list sent down from the concentrator. Actual results: A default route through the tun/tap device regardless of the concentrator's split tunnel setting. Expected results: Only routes specified by the concentrator to cross the ipsec tunnel should be added to the kernel routing table. If split tunneling is not turned on, a default route should be applied to the tun/tap device. Additional info: Contact me with any questions or for sample cisco device configurations which can be used to easily reproduce this issue.
Me too. I originially thought this was a vpnc problem but it turned out to be a routing problem (I think). Vpnc set up the connection but the tun0 and default had to be fiddled. At this point I'm using a script and a personal /etc/vpnc config file to invoke vpnc and fiddle the routes. Is the NetworkManager at fault? It still sets up the vpn connection (I get the vpn welcome message) but won't pass traffic since the routes aren't right. Thanks for your help.
It's both a design problem with vpnc (bad!) and something NetworkManager should definitely take into account. vpnc doesn't actually set kernel routes directly, and instead relies on a script which it calls post-connection to do it (/usr/sbin/vpnc-script or something). This is well-documented in the vpnc man page. NetworkManager is definitely the culprit in this case, as it either prevents vpnc-script from being run or doesn't perform the necessary steps itself which vpnc-script performs. -kelsey
NetworkManager-0.7.0-0.12.svn4326.fc9,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9,NetworkManager-openvpn-0.7.0-16.svn4326.fc9,NetworkManager-pptp-0.7.0-0.12.svn4326.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/NetworkManager-0.7.0-0.12.svn4326.fc9,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9,NetworkManager-openvpn-0.7.0-16.svn4326.fc9,NetworkManager-pptp-0.7.0-0.12.svn4326.fc9
NetworkManager-0.7.0-0.12.svn4326.fc8,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8,NetworkManager-openvpn-0.7.0-16.svn4326.fc8,NetworkManager-pptp-0.7.0-0.12.svn4326.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/NetworkManager-0.7.0-0.12.svn4326.fc8,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8,NetworkManager-openvpn-0.7.0-16.svn4326.fc8,NetworkManager-pptp-0.7.0-0.12.svn4326.fc8
NetworkManager-0.7.0-0.12.svn4326.fc8, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8, NetworkManager-openvpn-0.7.0-16.svn4326.fc8, NetworkManager-pptp-0.7.0-0.12.svn4326.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update NetworkManager NetworkManager-vpnc NetworkManager-openvpn NetworkManager-pptp'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-10263
NetworkManager-0.7.0-0.12.svn4326.fc9, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9, NetworkManager-openvpn-0.7.0-16.svn4326.fc9, NetworkManager-pptp-0.7.0-0.12.svn4326.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update NetworkManager NetworkManager-vpnc NetworkManager-openvpn NetworkManager-pptp'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-10321
NetworkManager-pptp-0.7.0-0.12.svn4326.fc10, NetworkManager-openvpn-0.7.0-16.svn4326.fc10, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc10, NetworkManager-0.7.0-0.12.svn4326.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
NetworkManager-0.7.0-0.12.svn4326.fc9, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9, NetworkManager-openvpn-0.7.0-16.svn4326.fc9, NetworkManager-pptp-0.7.0-0.12.svn4326.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
NetworkManager-0.7.0-0.12.svn4326.fc8, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8, NetworkManager-openvpn-0.7.0-16.svn4326.fc8, NetworkManager-pptp-0.7.0-0.12.svn4326.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.