Hi, Since nm respects openvpn provided routes, it is no longer possible to route all traffic through the vpn, when the real device is a ppp device : the "redirect-gateway" directive is not honored by the vpn client that receives it, because there's no default gw in a ppp session (error message "Cannot read current default gateway from system" in openvpn/route.c). This problem always existed in openvpn, but nm, until recently, was somewhat a workaround, by providing its own (correct) routes in this case. Maybe the problem should be reported to the openvpn component instead ?
I think a bug has been introduced in route_in_same_subnet() in commit 3812, where only the prefix is compared, and not the address/prefix. And about the problem of the default route for ppp0 being not replaced by tun0, this occurs in nm_system_vpn_device_set_from_ip4_config(), with this snippet of code: if (num == 0) nm_system_device_replace_default_ip4_route (iface, 0, 0); So, not pushing extra static routes in the openvpn server resolves this issue, after route_in_same_subnet() has been fixed.
Created attachment 312684 [details] fix route_in_same_subnet()
Created attachment 312716 [details] fix route_in_same_subnet() using prefix instead of netmask
upstream svn r3868, thanks!
it works for me!
NetworkManager-openvpn-0.7.0-15.svn3930.fc9,NetworkManager-vpnc-0.7.0-0.10.svn3928.fc9,NetworkManager-0.7.0-0.11.svn3930.fc9 has been submitted as an update for Fedora 9
NetworkManager-openvpn-0.7.0-15.svn3930.fc8,NetworkManager-vpnc-0.7.0-0.10.svn3928.fc8,NetworkManager-0.7.0-0.11.svn3930.fc8 has been submitted as an update for Fedora 8
This update for F-9 doesn't complete the openvpn tunnel setup. Here is the relevant part of /var/log/messages: Aug 12 11:23:59 localhost NetworkManager: <info> Policy set (ttyUSB0) as default device for routing and DNS. Aug 12 11:23:59 localhost NetworkManager: <info> Activation (ttyUSB0) successful, device activated. Aug 12 11:23:59 localhost NetworkManager: <info> Activation (ttyUSB0) Stage 5 of 5 (IP Configure Commit) complete. Aug 12 11:24:03 localhost NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'... Aug 12 11:24:03 localhost NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 23542 Aug 12 11:24:03 localhost NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections Aug 12 11:24:03 localhost NetworkManager: <info> VPN plugin state changed: 1 Aug 12 11:24:03 localhost NetworkManager: <info> VPN plugin state changed: 3 Aug 12 11:24:03 localhost NetworkManager: <info> VPN connection 'xxxxxx' (Connect) reply received. Aug 12 11:24:03 localhost NetworkManager: <WARN> nm_vpn_connection_connect_cb(): (VPN connection 'xxxxxx' failed to connect: 'Method invoked for Connect returned FALSE but did not set error'. Aug 12 11:24:03 localhost NetworkManager: <WARN> connection_state_changed(): Could not process the request because no VPN connection was active.
NetworkManager-openvpn-0.7.0-15.svn4027.fc9,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9,NetworkManager-0.7.0-0.11.svn4022.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/NetworkManager-openvpn-0.7.0-15.svn4027.fc9,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9,NetworkManager-0.7.0-0.11.svn4022.fc9
NetworkManager-0.7.0-0.11.svn4022.fc8,NetworkManager-openvpn-0.7.0-15.svn4027.fc8,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8,NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/NetworkManager-0.7.0-0.11.svn4022.fc8,NetworkManager-openvpn-0.7.0-15.svn4027.fc8,NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8,NetworkManager-pptp-0.7.0-0.10.svn4027.fc8
NetworkManager-pptp-0.7.0-0.10.svn4027.fc9, NetworkManager-openvpn-0.7.0-15.svn4027.fc9, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9, NetworkManager-0.7.0-0.11.svn4022.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update NetworkManager-pptp NetworkManager-openvpn NetworkManager-vpnc NetworkManager'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-7375
NetworkManager-0.7.0-0.11.svn4022.fc8, NetworkManager-openvpn-0.7.0-15.svn4027.fc8, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8, NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update NetworkManager NetworkManager-openvpn NetworkManager-vpnc NetworkManager-pptp'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-7484
ack! the updated package for Fedora 9 fixed this bug.
NetworkManager-0.7.0-0.11.svn4022.fc8, NetworkManager-openvpn-0.7.0-15.svn4027.fc8, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc8, NetworkManager-pptp-0.7.0-0.10.svn4027.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
NetworkManager-pptp-0.7.0-0.10.svn4027.fc9, NetworkManager-openvpn-0.7.0-15.svn4027.fc9, NetworkManager-vpnc-0.7.0-0.10.svn4024.fc9, NetworkManager-0.7.0-0.11.svn4022.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.