Description of problem: Not sure if this is a bug or a feature request. openconnect from the command line does support ipv6 (implying that the vpnc scripts are correct). Openconnect via networkmanager doesn't appear to, there is no ipv6 tab in the gnome version of networkmanager for an openconnect VPN (though there is one in the kde version), neither seems to work, when the connection is made the ipv6 address is not assigned. Version-Release number of selected component (if applicable): NetworkManager-openconnect-0.9.4.0-3.fc17.x86_64 How reproducible: Use netowrkmanager to connect to an ipv6 enabled cisco device, note the lack of ipv6 address on the tunnel device.
Support for IPv6 on VPN just got committed to NetworkManager and NetworkManager-openconnect upstream. Perhaps Dan has some test packages?
Still appears to be the case with Fedora 18. KDE networkmanager openconnect appears to at least have the option for IPv6, unlike its GNOME counterpart, however the IPv6 address still is not assigned.
Ah, NetworkManager-openconnect in F18 still hasn't been updated, so it's still the pre-IPv6 version.
Ouch. What chance of getting that fixed before release?
Created attachment 615396 [details] patch you can either commit this or give me pkgdb bits on NM-openconnect...
I have 15mins of battery left. Approved. But you are provenpackager anyway, aren't you? (Thanks)
NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18
It looks very close, I tested the new build and an IPv6 address does indeed come down. However, the routes appear not to be getting put into place properly. In my case I have enabled hair pinning on the VPN server, since I don't have IPv6 from my own network. Here is the difference between the routing tables just running openconnect (tun0) and then running it via NetworkManager (vpn0): Destination Next Hop Flag Met Ref Use If ::1/128 :: U 256 0 0 lo 2001:4870:800e:309::/64 :: U 256 0 0 tun0 fe80::/64 :: !n 256 0 0 lo fe80::/64 :: U 256 0 0 wlan0 fe80::/64 :: U 256 0 0 tun0 ::/0 :: U 1 0 0 tun0 ::/0 :: !n -1 1 187 lo ::1/128 :: Un 0 1 27 lo 2001:4870:800e:309::1/128 :: Un 0 1 0 lo fe80::223:15ff:fe17:31f0/128 :: Un 0 1 0 lo ff00::/8 :: U 256 0 0 wlan0 ff00::/8 :: U 256 0 0 tun0 ::/0 :: !n -1 1 187 lo Destination Next Hop Flag Met Ref Use If ::1/128 :: U 256 0 0 lo 2001:4870:800e:309::/64 :: U 256 0 0 vpn0 fe80::/64 :: !n 256 0 0 lo fe80::/64 :: U 256 0 0 wlan0 fe80::/64 :: U 256 0 0 vpn0 ::/0 :: !n -1 1 251 lo ::1/128 :: Un 0 1 27 lo 2001:4870:800e:309::1/128 :: Un 0 1 0 lo fe80::223:15ff:fe17:31f0/128 :: Un 0 1 0 lo ff00::/8 :: U 256 0 0 wlan0 ff00::/8 :: U 256 0 0 vpn0 ::/0 :: !n -1 1 251 lo The key here being that the following is missing when using NetworkManager (I think): ::/0 :: U 1 0 0 tun0 -Erinn
in nm-connection-editor, if you open the VPN connection, click the IPv6 tab, and then click the Routes button, is "Use this connection only for resources on its network" checked? If so, uncheck it and that should fix things.
Yeah sorry should have mentioned that, I looked into that, that option is indeed unchecked. My settings are set to automatic, and routes is all left at default (unchecked). It is possible that this is some sort of KDE issue, kde networkmanager does not display the routes option, but I load up gnome networkmanager in KDE as well. The setting appear to be correct, but I will test in a pure gnome environement just in case. -Erinn
Unfortunately, due to a confluence of other bugs I can't just test gnome. But that oughtn't be the cause. Any other ideas on a cause? -Erinn
Package NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-14552/NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18 then log in and leave karma (feedback).
Hm... I could have sworn this used to work, but AFAICT now, NM only supports default-route-through-VPN if the VPN advertises an internal router address for it to go through. There doesn't seem to be any way to get NM to do the equivalent of "ip -6 route add default dev vpn0"... I just unpushed the NetworkManager-openconnect update, although that was wrong; that fix is correct as it is, we just need an additional fix to NM itself.
OK, try installing http://koji.fedoraproject.org/koji/taskinfo?taskID=4529202 (and restart NetworkManager after). I think that should fix it. (The bug wasn't as big as I thought.)
That did the trick. Just to be clear I am using NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18 in conjunction with the above build. IPv6 routes were established properly. -Erinn
NetworkManager-0.9.7.0-2.git20121004.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/NetworkManager-0.9.7.0-2.git20121004.fc18
NetworkManager-0.9.7.0-3.git20121004.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/NetworkManager-0.9.7.0-3.git20121004.fc18
NetworkManager-0.9.7.0-4.git20121004.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/NetworkManager-0.9.7.0-4.git20121004.fc18
NetworkManager-openconnect-0.9.7.0-1.git20120918.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.