492208 – NetworkManager-vpnc sets default route to vpn

Bug 492208 - NetworkManager-vpnc sets default route to vpn

Summary: NetworkManager-vpnc sets default route to vpn

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	NetworkManager-vpnc
Sub Component:
Version:	10
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Dan Williams
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-03-25 21:44 UTC by Jeremy Fitzhardinge
Modified:	2009-11-06 06:42 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-11-06 06:42:10 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jeremy Fitzhardinge 2009-03-25 21:44:28 UTC

Description of problem:
When connecting to VPN with NetworkManager-vpnc, it sets the default route to the VPN device.  When I connect with "vpnc" it leaves the default route alone.

There are also a couple of other routes missing when I use NetworkManager to connect.

Version-Release number of selected component (if applicable):
NetworkManager-vpnc-0.7.0.99-1.fc10.x86_64

How reproducible:
Always

Steps to Reproduce:
1.Connect to vpn
2.Check route with "route"
3.
  
Actual results:
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0

Expected results:
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0

Additional info:
The diff between the vpnc routing and the NetworkManager-vpnc routing is:
--- vpnc	2009-03-25 14:38:59.629563747 -0700
+++ nwman	2009-03-25 14:39:25.283537596 -0700
@@ -1,7 +1,5 @@
 Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
-10.yy.yy.yy     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
-10.zz.zz.zz     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
 xx.xx.xx.xx     192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0
 192.168.1.0     0.0.0.0         255.255.255.0   U     2      0        0 wlan0
 10.69.148.0     0.0.0.0         255.255.255.0   U     0      0        0 tun0
@@ -32,4 +30,4 @@
 10.224.0.0      0.0.0.0         255.224.0.0     U     0      0        0 tun0
 10.0.0.0        0.0.0.0         255.192.0.0     U     0      0        0 tun0
 10.128.0.0      0.0.0.0         255.192.0.0     U     0      0        0 tun0
-0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
+0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0

Comment 1 vaxon 2009-04-03 23:16:23 UTC

Same problem here.

Comment 2 vaxon 2009-04-04 00:22:18 UTC

Actually, looking a bit more at the vpn configuration I can tell that it's all configurable.

Click on the Network Manager icon and choose "VPN Connections" -> "Configure VPN...". Then choose the connection name and click "Edit". Go to "IPv4 Settings" tab and click the "Routes" button at the lower-right corner.
Check off "Use this connection only for resources on its network".
This should make vpn use the old default route instead of redirecting all traffic to tun0.
Additional routes can be set up here as well.

But I really think that leaving the default route intact should be the default vpnc behaviour.

Thanks,
Vax.

Comment 3 Stephen Rowles 2009-05-01 10:43:16 UTC

I have a very similar problem here. But I cannot work around it using the technique mentioned in #2 because that box is not checked.

When I connect using vpnc from the command line my name servers are correctly tunnelled down tun0 as in the bug description. However when I connect using NetworkManager-vpnc (default settings, and in fact every combination of settings I have tried so far) my name servers are not send down tun0 and consequently I cannot access any internal systems.

NetworkManager-vpnc should have the same behaviour as the vpnc command line client.

Comment 4 Jeremy Fitzhardinge 2009-05-01 17:54:02 UTC

(In reply to comment #2)
> But I really think that leaving the default route intact should be the default
> vpnc behaviour.

It must be a behaviour change, because it used to work OK.  Anyway, checking that box does fix the problem for me.

Comment 5 Don Seiler 2009-11-05 14:33:37 UTC

Confirmed that checking the box fixes the problem here as well.

Comment 6 Dan Williams 2009-11-06 06:42:10 UTC

By default, VPNs get the default route as that is the most secure configuration of a VPN.  If that is not your VPN configuration, you'll need to check the "Only use this connection for resources on its network" and then only the specific routes sent by the VPN server (or ones you enter manually) will be routed over the VPN tunnel.

If you have further problems, please re-open and include some of /var/log/messages that show the IP configuration that NM is getting from vpnc.  It will look like this:

NetworkManager: <info>  VPN connection 'foobar' (Connect) reply received.
NetworkManager: <info>  VPN connection 'foobar' (IP Config Get) reply received.
NetworkManager: <info>  VPN Gateway: 101.22.183.53
NetworkManager: <info>  Tunnel Device: tun0
NetworkManager: <info>  Internal IP4 Address: 10.3.227.85
NetworkManager: <info>  Internal IP4 Prefix: 20
NetworkManager: <info>  Internal IP4 Point-to-Point Address: 10.3.227.85
NetworkManager: <info>  Maximum Segment Size (MSS): 0
NetworkManager: <info>  Static Route: 172.16.0.0/16   Next Hop: 172.16.0.0
NetworkManager: <info>  Static Route: 10.0.0.0/8   Next Hop: 10.0.0.0
NetworkManager: <info>  Internal IP4 DNS: 10.5.26.20
NetworkManager: <info>  Internal IP4 DNS: 10.5.26.21
NetworkManager: <info>  DNS Domain: 'foobar.com'

that will help us determine if vpnc and NM are getting the right data.

Note You need to log in before you can comment on or make changes to this bug.