Bug 829010 - No ipv6 support
No ipv6 support
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: NetworkManager-openconnect (Show other bugs)
18
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Dan Winship
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-05 14:48 EDT by Erinn Looney-Triggs
Modified: 2012-12-20 11:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-20 11:11:08 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch (17.56 KB, patch)
2012-09-21 07:37 EDT, Dan Winship
no flags Details | Diff

  None (edit)
Description Erinn Looney-Triggs 2012-06-05 14:48:11 EDT
Description of problem:
Not sure if this is a bug or a feature request. openconnect from the command line does support ipv6 (implying that the vpnc scripts are correct). Openconnect via networkmanager doesn't appear to, there is no ipv6 tab in the gnome version of networkmanager for an openconnect VPN (though there is one in the kde version), neither seems to work, when the connection is made the ipv6 address is not assigned.

Version-Release number of selected component (if applicable):
NetworkManager-openconnect-0.9.4.0-3.fc17.x86_64

How reproducible:
Use netowrkmanager to connect to an ipv6 enabled cisco device, note the lack of ipv6 address on the tunnel device.
Comment 1 David Woodhouse 2012-06-05 16:16:16 EDT
Support for IPv6 on VPN just got committed to NetworkManager and NetworkManager-openconnect upstream. Perhaps Dan has some test packages?
Comment 2 Erinn Looney-Triggs 2012-09-16 04:39:46 EDT
Still appears to be the case with Fedora 18. KDE networkmanager openconnect appears to at least have the option for IPv6, unlike its GNOME counterpart, however the IPv6 address still is not assigned.
Comment 3 Dan Winship 2012-09-17 09:05:10 EDT
Ah, NetworkManager-openconnect in F18 still hasn't been updated, so it's still the pre-IPv6 version.
Comment 4 David Woodhouse 2012-09-17 11:07:13 EDT
Ouch. What chance of getting that fixed before release?
Comment 5 Dan Winship 2012-09-21 07:37:12 EDT
Created attachment 615396 [details]
patch

you can either commit this or give me pkgdb bits on NM-openconnect...
Comment 6 David Woodhouse 2012-09-21 11:11:08 EDT
I have 15mins of battery left. Approved. But you are provenpackager anyway, aren't you? (Thanks)
Comment 7 Fedora Update System 2012-09-21 13:38:16 EDT
NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18
Comment 8 Erinn Looney-Triggs 2012-09-21 15:43:19 EDT
It looks very close, I tested the new build and an IPv6 address does indeed come down. However, the routes appear not to be getting put into place properly. In my case I have enabled hair pinning on the VPN server, since I don't have IPv6 from my own network.

Here is the difference between the routing tables just running openconnect (tun0) and then running it via NetworkManager (vpn0):

Destination                    Next Hop                   Flag Met Ref Use If
::1/128                        ::                         U    256 0     0 lo
2001:4870:800e:309::/64        ::                         U    256 0     0 tun0
fe80::/64                      ::                         !n   256 0     0 lo
fe80::/64                      ::                         U    256 0     0 wlan0
fe80::/64                      ::                         U    256 0     0 tun0
::/0                           ::                         U    1   0     0 tun0
::/0                           ::                         !n   -1  1   187 lo
::1/128                        ::                         Un   0   1    27 lo
2001:4870:800e:309::1/128      ::                         Un   0   1     0 lo
fe80::223:15ff:fe17:31f0/128   ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 0     0 wlan0
ff00::/8                       ::                         U    256 0     0 tun0
::/0                           ::                         !n   -1  1   187 lo


Destination                    Next Hop                   Flag Met Ref Use If
::1/128                        ::                         U    256 0     0 lo
2001:4870:800e:309::/64        ::                         U    256 0     0 vpn0
fe80::/64                      ::                         !n   256 0     0 lo
fe80::/64                      ::                         U    256 0     0 wlan0
fe80::/64                      ::                         U    256 0     0 vpn0
::/0                           ::                         !n   -1  1   251 lo
::1/128                        ::                         Un   0   1    27 lo
2001:4870:800e:309::1/128      ::                         Un   0   1     0 lo
fe80::223:15ff:fe17:31f0/128   ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 0     0 wlan0
ff00::/8                       ::                         U    256 0     0 vpn0
::/0                           ::                         !n   -1  1   251 lo

The key here being that the following is missing when using NetworkManager (I think):
::/0                           ::                         U    1   0     0 tun0

-Erinn
Comment 9 Dan Winship 2012-09-21 15:45:30 EDT
in nm-connection-editor, if you open the VPN connection, click the IPv6 tab, and then click the Routes button, is "Use this connection only for resources on its network" checked? If so, uncheck it and that should fix things.
Comment 10 Erinn Looney-Triggs 2012-09-21 15:51:59 EDT
Yeah sorry should have mentioned that, I looked into that, that option is indeed unchecked. My settings are set to automatic, and routes is all left at default (unchecked).

It is possible that this is some sort of KDE issue, kde networkmanager does not display the routes option, but I load up gnome networkmanager in KDE as well. The setting appear to be correct, but I will test in a pure gnome environement just in case.

-Erinn
Comment 11 Erinn Looney-Triggs 2012-09-21 16:30:17 EDT
Unfortunately, due to a confluence of other bugs I can't just test gnome. But that oughtn't be the cause. Any other ideas on a cause?

-Erinn
Comment 12 Fedora Update System 2012-09-22 02:32:09 EDT
Package NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-14552/NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18
then log in and leave karma (feedback).
Comment 13 Dan Winship 2012-09-26 10:02:33 EDT
Hm... I could have sworn this used to work, but AFAICT now, NM only supports default-route-through-VPN if the VPN advertises an internal router address for it to go through. There doesn't seem to be any way to get NM to do the equivalent of "ip -6 route add default dev vpn0"...

I just unpushed the NetworkManager-openconnect update, although that was wrong; that fix is correct as it is, we just need an additional fix to NM itself.
Comment 14 Dan Winship 2012-09-26 12:13:49 EDT
OK, try installing http://koji.fedoraproject.org/koji/taskinfo?taskID=4529202 (and restart NetworkManager after). I think that should fix it. (The bug wasn't as big as I thought.)
Comment 15 Erinn Looney-Triggs 2012-09-26 13:43:08 EDT
That did the trick. Just to be clear I am using NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18 in conjunction with the above build. IPv6 routes were established properly. 

-Erinn
Comment 16 Fedora Update System 2012-09-27 20:20:22 EDT
Package NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-14552/NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18
then log in and leave karma (feedback).
Comment 17 Fedora Update System 2012-10-04 10:27:44 EDT
NetworkManager-0.9.7.0-2.git20121004.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/NetworkManager-0.9.7.0-2.git20121004.fc18
Comment 18 Fedora Update System 2012-10-05 14:24:00 EDT
NetworkManager-0.9.7.0-3.git20121004.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/NetworkManager-0.9.7.0-3.git20121004.fc18
Comment 19 Fedora Update System 2012-10-06 16:10:43 EDT
NetworkManager-0.9.7.0-4.git20121004.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/NetworkManager-0.9.7.0-4.git20121004.fc18
Comment 20 Fedora Update System 2012-12-20 11:11:10 EST
NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.