Red Hat Bugzilla – Bug 492208
NetworkManager-vpnc sets default route to vpn
Last modified: 2009-11-06 01:42:10 EST
Description of problem:
When connecting to VPN with NetworkManager-vpnc, it sets the default route to the VPN device. When I connect with "vpnc" it leaves the default route alone.
There are also a couple of other routes missing when I use NetworkManager to connect.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Connect to vpn
2.Check route with "route"
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
The diff between the vpnc routing and the NetworkManager-vpnc routing is:
--- vpnc 2009-03-25 14:38:59.629563747 -0700
+++ nwman 2009-03-25 14:39:25.283537596 -0700
@@ -1,7 +1,5 @@
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
-10.yy.yy.yy 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
-10.zz.zz.zz 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
xx.xx.xx.xx 192.168.1.1 255.255.255.255 UGH 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0
10.69.148.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
@@ -32,4 +30,4 @@
10.224.0.0 0.0.0.0 255.224.0.0 U 0 0 0 tun0
10.0.0.0 0.0.0.0 255.192.0.0 U 0 0 0 tun0
10.128.0.0 0.0.0.0 255.192.0.0 U 0 0 0 tun0
-0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
+0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
Same problem here.
Actually, looking a bit more at the vpn configuration I can tell that it's all configurable.
Click on the Network Manager icon and choose "VPN Connections" -> "Configure VPN...". Then choose the connection name and click "Edit". Go to "IPv4 Settings" tab and click the "Routes" button at the lower-right corner.
Check off "Use this connection only for resources on its network".
This should make vpn use the old default route instead of redirecting all traffic to tun0.
Additional routes can be set up here as well.
But I really think that leaving the default route intact should be the default vpnc behaviour.
I have a very similar problem here. But I cannot work around it using the technique mentioned in #2 because that box is not checked.
When I connect using vpnc from the command line my name servers are correctly tunnelled down tun0 as in the bug description. However when I connect using NetworkManager-vpnc (default settings, and in fact every combination of settings I have tried so far) my name servers are not send down tun0 and consequently I cannot access any internal systems.
NetworkManager-vpnc should have the same behaviour as the vpnc command line client.
(In reply to comment #2)
> But I really think that leaving the default route intact should be the default
> vpnc behaviour.
It must be a behaviour change, because it used to work OK. Anyway, checking that box does fix the problem for me.
Confirmed that checking the box fixes the problem here as well.
By default, VPNs get the default route as that is the most secure configuration of a VPN. If that is not your VPN configuration, you'll need to check the "Only use this connection for resources on its network" and then only the specific routes sent by the VPN server (or ones you enter manually) will be routed over the VPN tunnel.
If you have further problems, please re-open and include some of /var/log/messages that show the IP configuration that NM is getting from vpnc. It will look like this:
NetworkManager: <info> VPN connection 'foobar' (Connect) reply received.
NetworkManager: <info> VPN connection 'foobar' (IP Config Get) reply received.
NetworkManager: <info> VPN Gateway: 18.104.22.168
NetworkManager: <info> Tunnel Device: tun0
NetworkManager: <info> Internal IP4 Address: 10.3.227.85
NetworkManager: <info> Internal IP4 Prefix: 20
NetworkManager: <info> Internal IP4 Point-to-Point Address: 10.3.227.85
NetworkManager: <info> Maximum Segment Size (MSS): 0
NetworkManager: <info> Static Route: 172.16.0.0/16 Next Hop: 172.16.0.0
NetworkManager: <info> Static Route: 10.0.0.0/8 Next Hop: 10.0.0.0
NetworkManager: <info> Internal IP4 DNS: 10.5.26.20
NetworkManager: <info> Internal IP4 DNS: 10.5.26.21
NetworkManager: <info> DNS Domain: 'foobar.com'
that will help us determine if vpnc and NM are getting the right data.