On Tue, 2015-08-04 at 11:57 +0100, David Woodhouse wrote: > On Tue, 2015-08-04 at 08:45 +0300, Matti Koskimies wrote: > > I'm using only command line for both openconnect and network > > -manager. So don't even have network-manager-openconnect installed. > > I'm using self written systemd files to connect and disconnect the > > VPN. The command I use for starting is: > > > > /usr/sbin/openconnect --quiet --background --pid-file=/var/run/open > > connect.pid --usergroup=$USERGROUP --user=$VPNUSER --passwd-on-stdi > > n $SERVER <<< $PASSWORD > > > > That's all the configuration I have. > > So presumably what's happening is that OpenConnect sets a default > route to the VPN, and then NetworkManager renews its DHCP lease and > 'fixes' the default route to go the way that NetworkManager expects > it to. > > This (doing stuff behind NetworkManager's back) isn't really a > supported configuration. But as you've observed, adding an > *additional* default route does make it work because NetworkManager's > own route isn't being removed; it's still there with a lower metric?
OK, now I see. This seems to be the case. Thanks for this clarification. > > Connecting from the GUI never worked for me, because the GUI is > > missing some settings that are required by my VPN provider > > (username,usergroup). > > It should ask you for the username if it needs one, and the > 'usergroup' is merely the first path element of the login URL. So you > can set a "gateway" of https://vpn.example.com/usergroup or something > along those lines. Please let me know if that doesn't work. Connecting using the GUI still doesn't work, although I get a lot further now. Connecting and authentication works, and everything looks OK in NM. The routing table looks similar to the one I get using my workaround. But there's no networking unless I set the setting "Use this connection only for resources on its network" under "Routes" in "IPv4 Settings", but then I can connect only to the same networks as without the VPN. -- Matti K -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
