Bug 456685 - routing all traffic through vpn is no longer possible with ppp
routing all traffic through vpn is no longer possible with ppp
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-25 11:22 EDT by Fabrice Bellet
Modified: 2008-09-28 14:46 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-28 14:46:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
fix route_in_same_subnet() (1.09 KB, patch)
2008-07-25 17:10 EDT, Fabrice Bellet
no flags Details | Diff
fix route_in_same_subnet() using prefix instead of netmask (960 bytes, patch)
2008-07-26 16:47 EDT, Fabrice Bellet
no flags Details | Diff

  None (edit)
Description Fabrice Bellet 2008-07-25 11:22:46 EDT
Hi,

Since nm respects openvpn provided routes, it is no longer possible to route all
traffic through the vpn, when the real device is a ppp device : the
"redirect-gateway" directive is not honored by the vpn client that receives it,
because there's no default gw in a ppp session (error message "Cannot read
current default gateway from system" in openvpn/route.c).

This problem always existed in openvpn, but nm, until recently, was somewhat a
workaround, by providing its own (correct) routes in this case.

Maybe the problem should be reported to the openvpn component instead ?
Comment 1 Fabrice Bellet 2008-07-25 16:39:08 EDT
I think a bug has been introduced in route_in_same_subnet() in commit 3812,
where only the prefix is compared, and not the address/prefix.

And about the problem of the default route for ppp0 being not replaced by tun0,
this occurs in nm_system_vpn_device_set_from_ip4_config(), with this snippet of
code:

       if (num == 0)
                nm_system_device_replace_default_ip4_route (iface, 0, 0);

So, not pushing extra static routes in the openvpn server resolves this issue,
after route_in_same_subnet() has been fixed.
Comment 2 Fabrice Bellet 2008-07-25 17:10:55 EDT
Created attachment 312684 [details]
fix route_in_same_subnet()
Comment 3 Fabrice Bellet 2008-07-26 16:47:16 EDT
Created attachment 312716 [details]
fix route_in_same_subnet() using prefix instead of netmask
Comment 4 Dan Williams 2008-07-28 10:38:50 EDT
upstream svn r3868, thanks!
Comment 5 Fabrice Bellet 2008-07-29 08:01:42 EDT
it works for me!
Comment 6 Fedora Update System 2008-08-11 22:29:58 EDT
NetworkManager-openvpn-0.7.0-15.svn3930.fc9,NetworkManager-vpnc-0.7.0-0.10.svn3928.fc9,NetworkManager-0.7.0-0.11.svn3930.fc9 has been submitted as an update for Fedora 9
Comment 7 Fedora Update System 2008-08-11 22:34:50 EDT
NetworkManager-openvpn-0.7.0-15.svn3930.fc8,NetworkManager-vpnc-0.7.0-0.10.svn3928.fc8,NetworkManager-0.7.0-0.11.svn3930.fc8 has been submitted as an update for Fedora 8
Comment 8 Fabrice Bellet 2008-08-12 12:07:10 EDT
This update for F-9 doesn't complete the openvpn tunnel setup. Here is the relevant part of /var/log/messages:


Aug 12 11:23:59 localhost NetworkManager: <info>  Policy set (ttyUSB0) as default device for routing and DNS.
Aug 12 11:23:59 localhost NetworkManager: <info>  Activation (ttyUSB0) successful, device activated.
Aug 12 11:23:59 localhost NetworkManager: <info>  Activation (ttyUSB0) Stage 5 of 5 (IP Configure Commit) complete.
Aug 12 11:24:03 localhost NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Aug 12 11:24:03 localhost NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 23542
Aug 12 11:24:03 localhost NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Aug 12 11:24:03 localhost NetworkManager: <info>  VPN plugin state changed: 1
Aug 12 11:24:03 localhost NetworkManager: <info>  VPN plugin state changed: 3
Aug 12 11:24:03 localhost NetworkManager: <info>  VPN connection 'xxxxxx' (Connect) reply received.
Aug 12 11:24:03 localhost NetworkManager: <WARN>  nm_vpn_connection_connect_cb(): (VPN connection 'xxxxxx' failed to connect: 'Method invoked for Connect returned FALSE but did not set error'.
Aug 12 11:24:03 localhost NetworkManager: <WARN>  connection_state_changed(): Could not process the request because no VPN connection was active.
Comment 9 Fedora Update System 2008-08-29 10:56:30 EDT
NetworkManager-openvpn-0.7.0-15.svn4027.fc9,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9,NetworkManager-0.7.0-0.11.svn4022.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/NetworkManager-openvpn-0.7.0-15.svn4027.fc9,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9,NetworkManager-0.7.0-0.11.svn4022.fc9
Comment 10 Fedora Update System 2008-09-02 16:41:43 EDT
NetworkManager-0.7.0-0.11.svn4022.fc8,NetworkManager-openvpn-0.7.0-15.svn4027.fc8,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8,NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/NetworkManager-0.7.0-0.11.svn4022.fc8,NetworkManager-openvpn-0.7.0-15.svn4027.fc8,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8,NetworkManager-pptp-0.7.0-0.10.svn4027.fc8
Comment 11 Fedora Update System 2008-09-10 02:36:39 EDT
NetworkManager-pptp-0.7.0-0.10.svn4027.fc9, NetworkManager-openvpn-0.7.0-15.svn4027.fc9, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9, NetworkManager-0.7.0-0.11.svn4022.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update NetworkManager-pptp NetworkManager-openvpn NetworkManager-vpnc NetworkManager'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-7375
Comment 12 Fedora Update System 2008-09-10 02:54:18 EDT
NetworkManager-0.7.0-0.11.svn4022.fc8, NetworkManager-openvpn-0.7.0-15.svn4027.fc8, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8, NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update NetworkManager NetworkManager-openvpn NetworkManager-vpnc NetworkManager-pptp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-7484
Comment 13 Fabrice Bellet 2008-09-18 16:11:22 EDT
ack! the updated package for Fedora 9 fixed this bug.
Comment 14 Fedora Update System 2008-09-28 14:42:30 EDT
NetworkManager-0.7.0-0.11.svn4022.fc8, NetworkManager-openvpn-0.7.0-15.svn4027.fc8, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8, NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2008-09-28 14:45:26 EDT
NetworkManager-pptp-0.7.0-0.10.svn4027.fc9, NetworkManager-openvpn-0.7.0-15.svn4027.fc9, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9, NetworkManager-0.7.0-0.11.svn4022.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.