Fedora Account System
Red Hat Associate
Red Hat Customer
Hi, Since nm respects openvpn provided routes, it is no longer possible to route all traffic through the vpn, when the real device is a ppp device : the "redirect-gateway" directive is not honored by the vpn client that receives it, because there's no default gw in a ppp session (error message "Cannot read current default gateway from system" in openvpn/route.c). This problem always existed in openvpn, but nm, until recently, was somewhat a workaround, by providing its own (correct) routes in this case. Maybe the problem should be reported to the openvpn component instead ?
I think a bug has been introduced in route_in_same_subnet() in commit 3812, where only the prefix is compared, and not the address/prefix. And about the problem of the default route for ppp0 being not replaced by tun0, this occurs in nm_system_vpn_device_set_from_ip4_config(), with this snippet of code: if (num == 0) nm_system_device_replace_default_ip4_route (iface, 0, 0); So, not pushing extra static routes in the openvpn server resolves this issue, after route_in_same_subnet() has been fixed.
Created attachment 312684 [details] fix route_in_same_subnet()
Created attachment 312716 [details] fix route_in_same_subnet() using prefix instead of netmask
upstream svn r3868, thanks!
it works for me!
NetworkManager-openvpn-0.7.0-15.svn3930.fc9,NetworkManager-vpnc-0.7.0-0.10.svn3928.fc9,NetworkManager-0.7.0-0.11.svn3930.fc9 has been submitted as an update for Fedora 9
NetworkManager-openvpn-0.7.0-15.svn3930.fc8,NetworkManager-vpnc-0.7.0-0.10.svn3928.fc8,NetworkManager-0.7.0-0.11.svn3930.fc8 has been submitted as an update for Fedora 8
This update for F-9 doesn't complete the openvpn tunnel setup. Here is the relevant part of /var/log/messages: Aug 12 11:23:59 localhost NetworkManager: <info> Policy set (ttyUSB0) as default device for routing and DNS. Aug 12 11:23:59 localhost NetworkManager: <info> Activation (ttyUSB0) successful, device activated. Aug 12 11:23:59 localhost NetworkManager: <info> Activation (ttyUSB0) Stage 5 of 5 (IP Configure Commit) complete. Aug 12 11:24:03 localhost NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'... Aug 12 11:24:03 localhost NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 23542 Aug 12 11:24:03 localhost NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections Aug 12 11:24:03 localhost NetworkManager: <info> VPN plugin state changed: 1 Aug 12 11:24:03 localhost NetworkManager: <info> VPN plugin state changed: 3 Aug 12 11:24:03 localhost NetworkManager: <info> VPN connection 'xxxxxx' (Connect) reply received. Aug 12 11:24:03 localhost NetworkManager: <WARN> nm_vpn_connection_connect_cb(): (VPN connection 'xxxxxx' failed to connect: 'Method invoked for Connect returned FALSE but did not set error'. Aug 12 11:24:03 localhost NetworkManager: <WARN> connection_state_changed(): Could not process the request because no VPN connection was active.
NetworkManager-openvpn-0.7.0-15.svn4027.fc9,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9,NetworkManager-0.7.0-0.11.svn4022.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/NetworkManager-openvpn-0.7.0-15.svn4027.fc9,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9,NetworkManager-0.7.0-0.11.svn4022.fc9
NetworkManager-0.7.0-0.11.svn4022.fc8,NetworkManager-openvpn-0.7.0-15.svn4027.fc8,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8,NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/NetworkManager-0.7.0-0.11.svn4022.fc8,NetworkManager-openvpn-0.7.0-15.svn4027.fc8,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8,NetworkManager-pptp-0.7.0-0.10.svn4027.fc8
NetworkManager-pptp-0.7.0-0.10.svn4027.fc9, NetworkManager-openvpn-0.7.0-15.svn4027.fc9, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9, NetworkManager-0.7.0-0.11.svn4022.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update NetworkManager-pptp NetworkManager-openvpn NetworkManager-vpnc NetworkManager'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-7375
NetworkManager-0.7.0-0.11.svn4022.fc8, NetworkManager-openvpn-0.7.0-15.svn4027.fc8, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8, NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update NetworkManager NetworkManager-openvpn NetworkManager-vpnc NetworkManager-pptp'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-7484
ack! the updated package for Fedora 9 fixed this bug.
NetworkManager-0.7.0-0.11.svn4022.fc8, NetworkManager-openvpn-0.7.0-15.svn4027.fc8, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8, NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
NetworkManager-pptp-0.7.0-0.10.svn4027.fc9, NetworkManager-openvpn-0.7.0-15.svn4027.fc9, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9, NetworkManager-0.7.0-0.11.svn4022.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.