Red Hat Bugzilla – Bug 804563
Unable to set default route for VPN
Last modified: 2012-03-23 13:43:16 EDT
Description of problem:
The company I work for (web host) has a VPN setup internally to allow connections from the office to the private network at the DC which can be logged into with the VPN settings in NetworkManager.
Unfortunately, one of the routes on the VPN conflicts with a route in my office's private network, however I do not use that specific route on the VPN. So to work around this, I have to manually set all of the routes through the VPN config dialog in NM, and tell it to ignore automatically obtained routes.
We do use split tunneling since this is a connection to the DC on a private network which does not have any connection with the internet other than through the tunnel, so I leave my normal default route in place, and add a secondary one.
Note: I do NOT have "Use this connection only for resources on its network" checked.
If I run '/sbin/route add default gw (ip) dev tun0' then everything works fine.
I have attempted to tell NM to set a default route, by adding 0.0.0.0/0.0.0.0 with the proper gateway, into NM. When I do this, I cannot check the OK button to accept these settings.
I also tried manually adding the route to the NetworkManager settings file in /etc/NetworkManager/system-connections/(vpn profile name) and then restarting NM. That causes the VPN to disappear from the NM menu, so I undid that change and it is visible again.
Lastly, I added the default gw to all of the subnets that I access through the VPN, and that went over well, except for the subnet where the gw itself is, which still shows 0.0.0.0 for the gw, even though I've verified that the settings show it should ha
Bear in mind that this has been happening since I first started here in January 2012, and that manually adding the route with the /sbin/route command works fine.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Setup a VPN
3.Attempt any of several ways to add a default route using only NM.
Upon establishing VPN connection, no default route added. Cannot create default route through NM.
Can use 0.0.0.0 ip with 0.0.0.0 netmask and actual gw ip in NM dialog. Currently protection is in place to stop user from saving config with that setup.
It's always better to see logs. But, I think I know what's going on.
When a VPN server provides routes, NM never allows this connection to have default route. That's not quite correct.
Btw, this seems to be a regression caused by https://bugzilla.gnome.org/show_bug.cgi?id=621698.
I've pushed a fix upstream to allow setting default route for the VPN connection
if user checked "Ignore automatically obtained routes":
I tried to find that commit in the gnome gitweb, but I'm probably Doing It Wrong (tm). Anyways, assuming that the patch goes into network-manager-applet, or both network-manager-vpnc and network-manager-openconnect I'll be happy to test it as soon as it is in the Fedora testing repo.
Actually, the fix is in NetworkManager daemon itself that dwells at freedesktop.org.
You can try this scratch build if you want (latest f17 release + the commit):
I'm running F16, so I'll have to wait until it hits the testing repo.
That being said, once the build is installed, I should be able to add 0.0.0.0/0.0.0.0 as a route in the GUI? Or should I be attempting to do it some other way?
NetworkManager-0.9.3.997-1.git20120321.fc17 has been submitted as an update for Fedora 17.
NetworkManager-0.9.3.997-1.git20120321.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.