Package: network-manager-openvpn Version: 0.9.10.0-1 Severity: important Dear Maintainer,
when trying to use nm-openvpn with standard config files provided by my vpn supplier I can connect to the vpn but have no access to the internet. Neither pinging of IP or Hostnames works. This is in contrast to using openvpn --config in a console. I suspect that nm- openvpn does not set routes correctly. Below are log files of a working openvpn connect using the console and the syslog output from nm- openvpn. I have also attached the routing table for both instances. example.ovpn file: client dev tun proto tcp remote vpn.vpnProvider.com 443 resolv-retry infinite nobind persist-key persist-tun persist-remote-ip ca ca.vpnProvider.com.crt tls-remote vpn.vpnProvider.com auth-user-pass comp-lzo verb 3 auth SHA256 cipher AES-256-CBC keysize 256 tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA ------------------------------------------------------------------------------------------------------------------------------------- Working Output from openvpn + Route Table at end: root@Laptop:/home/user1/vpn# openvpn --config example.ovpn Sat Nov 1 01:14:35 2014 DEPRECATED OPTION: --tls-remote, please update your configuration Sat Nov 1 01:14:35 2014 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Mar 17 2014 Enter Auth Username: ********* Enter Auth Password: ********** Sat Nov 1 01:15:20 2014 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA' Sat Nov 1 01:15:20 2014 Deprecated TLS cipher name 'DHE-DSS-AES256-SHA', please use IANA name 'TLS-DHE-DSS-WITH-AES-256-CBC-SHA' Sat Nov 1 01:15:20 2014 Deprecated TLS cipher name 'AES256-SHA', please use IANA name 'TLS-RSA-WITH-AES-256-CBC-SHA' Sat Nov 1 01:15:20 2014 Socket Buffers: R=[87380->131072] S=[16384->131072] Sat Nov 1 01:15:20 2014 Attempting to establish TCP connection with [AF_INET]***.***.85.2:443 [nonblock] Sat Nov 1 01:15:21 2014 TCP connection established with [AF_INET]***.***.85.2:443 Sat Nov 1 01:15:21 2014 TCPv4_CLIENT link local: [undef] Sat Nov 1 01:15:21 2014 TCPv4_CLIENT link remote: [AF_INET]***.***.85.2:443 Sat Nov 1 01:15:22 2014 TLS: Initial packet from [AF_INET]***.***.85.2:443, sid=fd6756b9 823927f3 Sat Nov 1 01:15:22 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sat Nov 1 01:15:22 2014 VERIFY OK: depth=1, /C=US/ST=FL/L=Winter_Park/O=vpnProvider/OU=vpnProvider_VPN/CN=vpnProvider_CA/emailAddress=supp...@vpnprovider.com Sat Nov 1 01:15:22 2014 VERIFY X509NAME OK: /C=US/ST=FL/L=Winter_Park/O=vpnProvider/OU=vpnProvider_VPN/CN=vpn.vpnProvider.com/emailAddress=supp...@vpnprovider.com Sat Nov 1 01:15:22 2014 VERIFY OK: depth=0, /C=US/ST=FL/L=Winter_Park/O=vpnProvider/OU=vpnProvider_VPN/CN=vpn.vpnProvider.com/emailAddress=supp...@vpnprovider.com Sat Nov 1 01:15:23 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sat Nov 1 01:15:23 2014 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Sat Nov 1 01:15:23 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sat Nov 1 01:15:23 2014 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Sat Nov 1 01:15:23 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA- AES256-SHA, 2048 bit RSA Sat Nov 1 01:15:23 2014 [vpn.vpnProvider.com] Peer Connection Initiated with [AF_INET]***.***.85.2:443 Sat Nov 1 01:15:25 2014 SENT CONTROL [vpn.vpnProvider.com]: 'PUSH_REQUEST' (status=1) Sat Nov 1 01:15:25 2014 PUSH: Received control message: 'PUSH_REPLY,redirect- gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.20.24.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.20.25.124 255.255.252.0' Sat Nov 1 01:15:25 2014 OPTIONS IMPORT: timers and/or timeouts modified Sat Nov 1 01:15:25 2014 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp Sat Nov 1 01:15:25 2014 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Sat Nov 1 01:15:25 2014 Socket Buffers: R=[131072->425984] S=[131072->131072] Sat Nov 1 01:15:25 2014 OPTIONS IMPORT: --ifconfig/up options modified Sat Nov 1 01:15:25 2014 OPTIONS IMPORT: route options modified Sat Nov 1 01:15:25 2014 OPTIONS IMPORT: route-related options modified Sat Nov 1 01:15:25 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sat Nov 1 01:15:25 2014 ROUTE_GATEWAY 10.194.0.1/255.255.248.0 IFACE=eth0 HWADDR=f0:de:f1:07:75:fd Sat Nov 1 01:15:25 2014 TUN/TAP device tun0 opened Sat Nov 1 01:15:25 2014 TUN/TAP TX queue length set to 100 Sat Nov 1 01:15:25 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Sat Nov 1 01:15:25 2014 /sbin/ip link set dev tun0 up mtu 1500 Sat Nov 1 01:15:25 2014 /sbin/ip addr add dev tun0 172.20.25.124/22 broadcast 172.20.27.255 Sat Nov 1 01:15:25 2014 /sbin/ip route add ***.***.85.2/32 via 10.194.0.1 Sat Nov 1 01:15:25 2014 /sbin/ip route add 0.0.0.0/1 via 172.20.24.1 Sat Nov 1 01:15:25 2014 /sbin/ip route add 128.0.0.0/1 via 172.20.24.1 Sat Nov 1 01:15:25 2014 Initialization Sequence Completed Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.20.24.1 128.0.0.0 UG 0 0 0 tun0 default 10.194.0.1 0.0.0.0 UG 1024 0 0 eth0 10.194.0.0 * 255.255.248.0 U 0 0 0 eth0 ***.***.85.2 10.194.0.1 255.255.255.255 UGH 0 0 0 eth0 128.0.0.0 172.20.24.1 128.0.0.0 UG 0 0 0 tun0 172.20.24.0 * 255.255.252.0 U 0 0 0 tun0 ------------------------------------------------------------------------------------------------------------------ Non Working Syslog Log from NetworkManger + Route Table at end: Nov 1 01:19:17 Laptop NetworkManager[783]: <info> Starting VPN service 'openvpn'... Nov 1 01:19:17 Laptop NetworkManager[783]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3119 Nov 1 01:19:17 Laptop NetworkManager[783]: <info> VPN service 'openvpn' appeared; activating connections Nov 1 01:19:17 Laptop NetworkManager[783]: <info> VPN plugin state changed: starting (3) Nov 1 01:19:17 Laptop NetworkManager[783]: nm-openvpn-Message: openvpn started with pid 3124 Nov 1 01:19:17 Laptop NetworkManager[783]: <info> VPN connection 'vpnProvider' (ConnectInteractive) reply received. Nov 1 01:19:17 Laptop NetworkManager[783]: Sat Nov 1 01:19:17 2014 DEPRECATED OPTION: --tls-remote, please update your configuration Nov 1 01:19:17 Laptop nm-openvpn[3124]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Mar 17 2014 Nov 1 01:19:17 Laptop nm-openvpn[3124]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Nov 1 01:19:17 Laptop nm-openvpn[3124]: Attempting to establish TCP connection with [AF_INET]***.***.85.3:443 [nonblock] Nov 1 01:19:18 Laptop nm-openvpn[3124]: TCP connection established with [AF_INET]***.***.85.3:443 Nov 1 01:19:18 Laptop nm-openvpn[3124]: TCPv4_CLIENT link local: [undef] Nov 1 01:19:18 Laptop nm-openvpn[3124]: TCPv4_CLIENT link remote: [AF_INET]***.***.85.3:443 Nov 1 01:19:19 Laptop nm-openvpn[3124]: [vpn.vpnProvider.com] Peer Connection Initiated with [AF_INET]***.***.85.3:443 Nov 1 01:19:22 Laptop nm-openvpn[3124]: TUN/TAP device tun0 opened Nov 1 01:19:22 Laptop nm-openvpn[3124]: /usr/lib/NetworkManager/nm-openvpn- service-openvpn-helper --tun -- tun0 1500 1572 172.20.25.27 255.255.252.0 init Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): carrier is OFF Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): new Tun device (driver: 'unknown' ifindex: 6) Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): exported as /org/freedesktop/NetworkManager/Devices/5 Nov 1 01:19:22 Laptop systemd-udevd[269]: Network interface NamePolicy= disabled on kernel commandline, ignoring. Nov 1 01:19:22 Laptop NetworkManager[783]: <info> VPN connection 'vpnProvider' (IP Config Get) reply received. Nov 1 01:19:22 Laptop nm-openvpn[3124]: Initialization Sequence Completed Nov 1 01:19:22 Laptop NetworkManager[783]: <info> VPN connection 'vpnProvider' (IP4 Config Get) reply received. Nov 1 01:19:22 Laptop NetworkManager[783]: <info> VPN Gateway: ***.***.85.3 Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Tunnel Device: tun0 Nov 1 01:19:22 Laptop NetworkManager[783]: <info> IPv4 configuration: Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Internal Gateway: 172.20.24.1 Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Internal Address: 172.20.25.27 Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Internal Prefix: 22 Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Internal Point-to-Point Address: 0.0.0.0 Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Maximum Segment Size (MSS): 0 Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Forbid Default Route: no Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Internal DNS: 198.18.0.1 Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Internal DNS: 198.18.0.2 Nov 1 01:19:22 Laptop NetworkManager[783]: <info> DNS Domain: '(none)' Nov 1 01:19:22 Laptop NetworkManager[783]: <info> No IPv6 configuration Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): link connected Nov 1 01:19:22 Laptop NetworkManager[783]: <info> VPN connection 'vpnProvider' (IP Config Get) complete. Nov 1 01:19:22 Laptop NetworkManager[783]: <info> VPN plugin state changed: started (4) Nov 1 01:19:22 Laptop NetworkManager[783]: <info> NetworkManager state is now CONNECTED_LOCAL Nov 1 01:19:22 Laptop NetworkManager[783]: <info> NetworkManager state is now CONNECTED_GLOBAL Nov 1 01:19:22 Laptop dbus[771]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm- dispatcher.service' Nov 1 01:19:22 Laptop NetworkManager[783]: <info> devices added (path: /sys/devices/virtual/net/tun0, iface: tun0) Nov 1 01:19:22 Laptop NetworkManager[783]: <info> device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found. Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): device state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41] Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): device state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41] Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) starting connection 'tun0' Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 1 of 5 (Device Prepare) scheduled... Nov 1 01:19:22 Laptop dbus[771]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher' Nov 1 01:19:22 Laptop nm-dispatcher: Dispatching action 'vpn-up' for tun0 Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 1 of 5 (Device Prepare) started... Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): device state change: disconnected -> prepare (reason 'none') [30 40 0] Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 2 of 5 (Device Configure) scheduled... Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 1 of 5 (Device Prepare) complete. Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 2 of 5 (Device Configure) starting... Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): device state change: prepare -> config (reason 'none') [40 50 0] Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 2 of 5 (Device Configure) successful. Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 3 of 5 (IP Configure Start) scheduled. Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 2 of 5 (Device Configure) complete. Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 3 of 5 (IP Configure Start) started... Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): device state change: config -> ip-config (reason 'none') [50 70 0] Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 5 of 5 (IPv4 Configure Commit) scheduled... Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 3 of 5 (IP Configure Start) complete. Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 5 of 5 (IPv4 Commit) started... Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): device state change: ip-config -> ip-check (reason 'none') [70 80 0] Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) Stage 5 of 5 (IPv4 Commit) complete. Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): device state change: ip-check -> secondaries (reason 'none') [80 90 0] Nov 1 01:19:22 Laptop NetworkManager[783]: <info> (tun0): device state change: secondaries -> activated (reason 'none') [90 100 0] Nov 1 01:19:22 Laptop NetworkManager[783]: <info> Activation (tun0) successful, device activated. Nov 1 01:19:23 Laptop ntpd[859]: Listen normally on 10 tun0 172.20.25.27 UDP 123 Nov 1 01:19:23 Laptop ntpd[859]: ***.***.160.57 interface 10.194.4.254 -> 172.20.25.27 Nov 1 01:19:23 Laptop ntpd[859]: ***.***.246.10 interface 10.194.4.254 -> 172.20.25.27 Nov 1 01:19:23 Laptop ntpd[859]: ***.***.190.190 interface 10.194.4.254 -> 172.20.25.27 Nov 1 01:19:23 Laptop ntpd[859]: ***.***.164.1 interface 10.194.4.254 -> 172.20.25.27 Nov 1 01:19:23 Laptop ntpd[859]: peers refreshed Nov 1 01:19:36 Laptop nm-dispatcher: Dispatching action 'up' for tun0 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.20.24.1 0.0.0.0 UG 1024 0 0 tun0 10.194.0.0 * 255.255.248.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 1000 0 0 tun0 172.20.24.0 * 255.255.252.0 U 0 0 0 tun0 ------------------------------------------------------------------------------------------------------------------------------------------- -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages network-manager-openvpn depends on: ii libc6 2.19-12 ii libdbus-1-3 1.8.8-2 ii libdbus-glib-1-2 0.102-1 ii libglib2.0-0 2.42.0-2 ii libnm-glib-vpn1 0.9.10.0-3 ii libnm-glib4 0.9.10.0-3 ii libnm-util2 0.9.10.0-3 ii openvpn 2.3.2-9 network-manager-openvpn recommends no packages. network-manager-openvpn suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
