I would like to revive this bug report.
I will describe the problem in detail.
I run an ovpn script from the command line and everything goes well.
The ovpn file:
client
dev tun
remote nl.vpn.******.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
mute-replay-warnings
route 10.0.1.0 255.255.255.0 10.0.2.136
route 10.0.0.0 255.255.255.0 10.0.2.136
route-delay 5
verb 3
explicit-exit-notify 5
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
proto udp
key-direction 1
I left out certivicates because they are here irrelevant.
The route table before the execution of openvpn is:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.136 0.0.0.0 UG 100 0 0 enp3s0
10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp3s0
10.0.2.136 is my home router.
After the execution of sudo openvpn <ovpn file> the route table is:
Destination Gateway Genmask Flags Metric Ref
Use Iface
0.0.0.0 10.17.76.1 128.0.0.0 UG 0 0
0 tun0
0.0.0.0 10.0.2.136 0.0.0.0 UG 100 0
0 enp3s0
10.0.0.0 10.0.2.136 255.255.255.0 UG 0 0
0 enp3s0
10.0.1.0 10.0.2.136 255.255.255.0 UG 0 0
0 enp3s0
10.0.2.0 0.0.0.0 255.255.255.0 U 100 0
0 enp3s0
10.17.76.0 0.0.0.0 255.255.255.0 U 0 0
0 tun0
128.0.0.0 10.17.76.1 128.0.0.0 UG 0 0
0 tun0
213.152.162.73 10.0.2.136 255.255.255.255 UGH 0 0
0 enp3s0
This looks a bit complicated to me but it is working. Note the two lines for
the networks 10.0.1.0/24 and 10.0.0.0/24.
They are needed to divert traffic for those networks to my home router
10.0.2.136.
Traffic for my home network 10.0.2.0/24 stays in the home network.
All other traffic goes to the tun0 device (the vpn provider).
In the Network Manager I imported the ovpn file and the resulting
network manager file /etc/NetworkManager/system-connections/vpnnl file
is:
id=provider_UDP-443
uuid=88baf716****
type=vpn
autoconnect=false
permissions=
[vpn]
cert-pass-flags=0
cipher=AES-256-CBC
comp-lzo=no-by-default
connection-type=tls
dev=tun
key=***.pem
remote=nl.vpn.provider.org:443
remote-cert-tls=server
ta-dir=1
service-type=org.freedesktop.NetworkManager.openvpn
[ipv4]
dns-search=
method=auto
route1=10.0.1.0/24,10.0.2.136
route2=10.0.0.0/24,10.0.2.136
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto
I left out some statements concerning security and privacy. Note the two route
statements.
When I make the vpn connection with this connections file I get the error
message:
connection failed because VPN service returned invalid configuration.
When I remove the two route statements in the network-manager/ edit
connections section the connection is properly made but ofcourse without
the two route statements in the route table:
Destination Gateway Genmask Flags Metric
Ref Use Iface
0.0.0.0 10.0.2.136 0.0.0.0 UG 100
0 0 enp3s0
10.0.2.0 0.0.0.0 255.255.255.0 U 100
0 0 enp3s0
10.0.2.136 0.0.0.0 255.255.255.255 UH 100
0 0 enp3s0
10.27.44.0 0.0.0.0 255.255.255.0 U 50
0 0 tun0
213.152.162.148 10.0.2.136 255.255.255.255 UGH 100
0 0 enp3s0
there are more differences that I don't fully understand. I can,
ofcourse, add these route statements by hand but that is not the point.
(I can also live for a short moment with an unreachable network).
When I change the 2 extra route statement (10.0.2.136 changed in
0.0.0.0) (in the vpnnl file) the error message disappears but the two
route statements (in the route table) divert the traffic then to tun0
(should be enp3s0).
If you want to know more please ask.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1608646
Title:
ip4 static routes added in NetworkManager UI fail and prevent
connection
Status in network-manager package in Ubuntu:
Expired
Bug description:
lsb_release -rd:
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Network Settings package version in Software Center:
15.04.0+16.04.20160705-0ubuntu1
Prior to upgrading to 16.04 LTS I was running 14.04 LTS. Using the
"Edit Connections..." menu option I had created a custom Ethernet
connection that had some custom routes added. These routes are
required for me to connect to certain resources on a local network
while using Wifi for basic internet. (Physical network locked down, no
Internet access available)
I've attached a screenshot showing the routes. These routes were
working great in 14.04 (And prior releases of Ubuntu).
However, upon upgrading to 16.04, I noticed this connection would no
longer "connect". It would just silently fail. I noticed that if I
deleted my custom routes, it would work, but I need those in order to
connect to my required network services.
When I try to connect with the routes in place, the connection
silently fails in the NetworkManager UI (I get no error message in the
UI) but I took a look at syslog and found these:
Aug 1 08:15:19 jeremy-ThinkPad-X1-Carbon-4th NetworkManager[2868]: <error>
[1470057319.7268] platform-linux: do-add-ip4-route[2: 10.104.0.0/16 0]: failure
101 (Network is unreachable)
Aug 1 08:15:19 jeremy-ThinkPad-X1-Carbon-4th NetworkManager[2868]: <error>
[1470057319.7271] platform-linux: do-add-ip4-route[2: 10.105.0.0/16 0]: failure
101 (Network is unreachable)
Aug 1 08:15:19 jeremy-ThinkPad-X1-Carbon-4th NetworkManager[2868]: <error>
[1470057319.7272] platform-linux: do-add-ip4-route[2: 10.51.35.0/24 0]: failure
101 (Network is unreachable)
Aug 1 08:15:19 jeremy-ThinkPad-X1-Carbon-4th NetworkManager[2868]: <error>
[1470057319.7273] platform-linux: do-add-ip4-route[2: 10.140.76.0/24 0]:
failure 101 (Network is unreachable)
Aug 1 08:15:19 jeremy-ThinkPad-X1-Carbon-4th NetworkManager[2868]: <info>
[1470057319.7281] device (enp0s31f6): state change: ip-config -> failed (reason
'config-failed') [70 120 4]
Aug 1 08:15:19 jeremy-ThinkPad-X1-Carbon-4th NetworkManager[2868]: <warn>
[1470057319.7289] device (enp0s31f6): Activation: failed for connection
'Windstream'
Aug 1 08:15:19 jeremy-ThinkPad-X1-Carbon-4th NetworkManager[2868]: <info>
[1470057319.7309] device (enp0s31f6): state change: failed -> disconnected
(reason 'none') [120 30 0]
Now, if I remove the custom routes from the UI, then I can connect. I
them manually add the routes using the "ip" command:
sudo /sbin/ip route add 10.104.0.0/16 dev enp0s31f6
sudo /sbin/ip route add 10.105.0.0/16 dev enp0s31f6
sudo /sbin/ip route add 10.51.35.0/24 dev enp0s31f6
sudo /sbin/ip route add 10.140.76.0/24 dev enp0s31f6
This is able to add the routes successfully. So there has to be some
problem in the new implementation of NetworkManager in 16.04, because
these routes worked in 14.04 and they still work in 16.04 if I just
manually add them from the command line.
For now I can work around this issue by manually adding these routes
from the command line every time I connect.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1608646/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
