[Pkg-utopia-maintainers] Bug#838907: network-manager-openvpn: Network Manager adds weird routes after connecting to OpenVPN
Alexander Betaev
betaev at gmail.com
Mon Sep 26 10:44:01 UTC 2016
Package: network-manager-openvpn
Version: 1.2.4-1
Severity: important
Dear Maintainer,
* What led up to the situation?
Connecting to VPN network using OpenVPN plugin with disabled default route over
VPN setting.
* What was the outcome of this action?
Routing table before establishing VPN connection:
infestator at inftop ~ $ ip route
default via 192.168.1.1 dev wlan0 proto static metric 600
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.134 metric
600
Network Manager log for connection:
Sep 26 12:07:55 inftop nm-openvpn[8246]: TUN/TAP device tun0 opened
Sep 26 12:07:55 inftop nm-openvpn[8246]: /usr/lib/NetworkManager/nm-openvpn-
service-openvpn-helper --debug 0 8241 --bus-name
org.freedesktop.NetworkManager.openvpn.Connection_11 --tun -- tun0 1500 1544
172.18.152.6 255.255.255.0 init
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8321] manager:
(tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/10)
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8380] devices
added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8383] device
added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown
configuration found.
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8437] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",0]: VPN
connection: (IP Config Get) reply received.
Sep 26 12:07:55 inftop nm-openvpn[8246]: GID set to nogroup
Sep 26 12:07:55 inftop nm-openvpn[8246]: UID set to nobody
Sep 26 12:07:55 inftop nm-openvpn[8246]: Initialization Sequence Completed
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8446] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
VPN connection: (IP4 Config Get) reply received
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8460] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: VPN Gateway: 89.22.4.2
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8460] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Tunnel Device: "tun0"
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8460] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: IPv4 configuration:
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8460] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Internal Gateway: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8460] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Internal Address: 172.18.152.6
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Internal Prefix: 24
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Internal Point-to-Point Address: 172.18.152.6
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Maximum Segment Size (MSS): 0
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 10.64.255.0/24 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 11.0.0.0/8 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 64.151.85.176/28 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 69.59.168.184/32 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 69.59.168.185/32 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 69.59.168.186/32 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 69.59.168.187/32 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 69.59.174.65/32 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8461] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 172.16.0.0/12 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8462] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 173.1.54.208/28 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8462] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 173.1.205.0/25 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8462] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 173.204.123.128/25 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8462] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 204.51.129.144/28 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8462] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 204.51.236.0/25 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8462] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 208.113.72.160/28 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8462] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 208.113.76.160/27 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8462] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 216.121.3.128/25 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8462] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Static Route: 216.121.43.192/26 Next Hop: 172.18.152.1
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8462] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Forbid Default Route: yes
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8463] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: Internal DNS: 172.18.144.232
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8463] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: DNS Domain: '(none)'
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8463] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
Data: No IPv6 configuration
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8463] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
VPN plugin: state changed: started (4)
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8473] vpn-
connection[0x2947700,42458014-f0aa-49df-8926-8c3ef358bc91,"lupus",11:(tun0)]:
VPN connection: (IP Config Get) complete
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8475] device
(tun0): state change: unmanaged -> unavailable (reason 'connection-assumed')
[10 20 41]
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8845] keyfile:
add connection in-memory (ee5fde1c-3906-44e9-97d4-312f74d8c708,"tun0")
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8855] device
(tun0): state change: unavailable -> disconnected (reason 'connection-assumed')
[20 30 41]
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.8867] device
(tun0): Activation: starting connection 'tun0'
(ee5fde1c-3906-44e9-97d4-312f74d8c708)
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.9004] device
(tun0): state change: disconnected -> prepare (reason 'none') [30 40 0]
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.9013] device
(tun0): state change: prepare -> config (reason 'none') [40 50 0]
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.9019] device
(tun0): state change: config -> ip-config (reason 'none') [50 70 0]
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.9021] device
(tun0): state change: ip-config -> ip-check (reason 'none') [70 80 0]
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.9026] device
(tun0): state change: ip-check -> secondaries (reason 'none') [80 90 0]
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.9028] device
(tun0): state change: secondaries -> activated (reason 'none') [90 100 0]
Sep 26 12:07:55 inftop NetworkManager[2941]: <info> [1474880875.9267] device
(tun0): Activation: successful, device activated.
Routing table after establishing connection:
infestator at inftop ~ $ ip route
default via 192.168.1.1 dev wlan0 proto static metric 600
89.22.4.2 via 192.168.1.1 dev wlan0 proto static metric 600
172.18.152.0/24 dev tun0 proto kernel scope link src 172.18.152.6 metric 50
173.1.205.0/25 via 172.18.152.1 dev tun0 proto static metric 50
173.204.123.128/25 via 172.18.152.1 dev tun0 proto static metric 50
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.134 metric
600
192.168.1.1 dev wlan0 proto static scope link metric 600
204.51.129.144/28 via 172.18.152.1 dev tun0 proto static metric 50
204.51.236.0/25 via 172.18.152.1 dev tun0 proto static metric 50
208.113.72.160/28 via 172.18.152.1 dev tun0 proto static metric 50
208.113.76.160/27 via 172.18.152.1 dev tun0 proto static metric 50
216.121.3.128/25 via 172.18.152.1 dev tun0 proto static metric 50
216.121.43.192/26 via 172.18.152.1 dev tun0 proto static metric 50
You may see that 172.16.0.0/12, 11.0.0.0/8, 64.151.85.176/28 and all /32 routes
routes are missing. However there is one route 172.18.152.0/24 which does not
come from VPN DHCP and 89.22.4.2 route which is not necessary when setting
default route through VPN is turned off.
* What outcome did you expect instead?
I expect to see all routes which pushed by DHCP server in routing table after
connection is established.
* What exactly did you do (or not do) that was effective (or ineffective)?
1. Testing (1.2.4) and unstable (1.4.0) version of Network Manager do no change
behavior
2. Trying to manually add 172.16.0.0/12 route (using GNOME Network Setup UI) do
no affect anything
3. [Workaround] Adding separate routes to 172.16.0.0/16, 172.17.0.0/16 and
172.18.0.0/18 networks solves the problem partially.
It is not easy to add 256 routes to 11.0.0.0/8 network using UI, but it is
possible. Also /32 routes are not added in any way.
4. [Workaround] Using setting default route through 172.18.152.1 also makes VPN
resources accessible (local resources become not accessible at all).
Thanks,
Alex
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.utf8, LC_CTYPE=ru_RU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages network-manager-openvpn depends on:
ii adduser 3.115
ii libc6 2.23-5
ii libglib2.0-0 2.49.6-1
ii libnm0 1.4.0-4
ii network-manager 1.4.0-4
ii openvpn 2.3.11-2
network-manager-openvpn recommends no packages.
network-manager-openvpn suggests no packages.
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list