Re: unable to use openvpn server which uses "push route..."

[Tomasz Chmielewski <mangoo wpkg org>]

On 2017-01-24 21:04, Thomas Haller wrote:
> On Tue, 2017-01-24 at 09:55 +0900, Tomasz Chmielewski wrote:
> > On 2017-01-24 03:05, Thomas Haller wrote:
> >
> > > > Please advise how to use NetworkManager for OpenVPN servers which
> > > > are 
> > > > not default gateways and which push their own routes.
> > >
> > > whether the VPN gets the default route, depends on the (inverse)
> > > "ipv4.never-default" setting. See `nmcli connection show "$MY_VPN"`
> >
> > Why does NM attempt to set a default route for a OpenVPN connection 
> > where the OpenVPN server does not advertise itself as a default
> > route? 
> > It would almost never work, and sounds like a bug to me.
>
> in many common setups, the VPN gateway will forward whatever packets
> you send it. I don't agree that "would almost never work" is accurate.

With OpenVPN? I'd disagree. If it's the case with OpenVPN, than it 
usually means that someone misconfigured OpenVPN server.

It wouldn't normally act as a gateway without:

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
;push "redirect-gateway def1 bypass-dhcp"


> Whether the default-route is routed along the VPN should be primarily
> configured client-side (NetworkManager).
>
> Optimally, ip4.never-default would support a 3rd value ~server-choice~,
> beside "yes" and "no". To allow the server to override it. This is a
> missing feature.

And it should default to ~server-choice~.


Tomasz Chmielewski
https://lxadm.com