Ubuntu
network-manager package

NetworkManager adds incorrect routes to VPN gateway

Bug #413868 reported by Daniel Silva
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Expired
Low
Unassigned

Bug Description

Binary package hint: network-manager

# apt-cache policy network-manager network-manager-pptp pptp-linux ppp
network-manager:
  Installed: 0.7.1~rc4.1.cf199a964-0ubuntu2
  Candidate: 0.7.1-0ubuntu1ocdc3+jaunty
  Version table:
     0.7.1-0ubuntu1ocdc3+jaunty 0
        500 http://ocdc.hursley.ibm.com beta/jaunty Packages
 *** 0.7.1~rc4.1.cf199a964-0ubuntu2 0
        500 http://mirrors.us.kernel.org jaunty/main Packages
        100 /var/lib/dpkg/status
network-manager-pptp:
  Installed: 0.7.1~rc4.20090316+bzr23-0ubuntu3
  Candidate: 0.7.1~rc4.20090316+bzr23-0ubuntu3
  Version table:
 *** 0.7.1~rc4.20090316+bzr23-0ubuntu3 0
        500 http://mirrors.us.kernel.org jaunty/universe Packages
        100 /var/lib/dpkg/status
pptp-linux:
  Installed: 1.7.2-1
  Candidate: 1.7.2-1
  Version table:
 *** 1.7.2-1 0
        500 http://mirrors.us.kernel.org jaunty/main Packages
        100 /var/lib/dpkg/status
ppp:
  Installed: 2.4.5~git20081126t100229-0ubuntu2
  Candidate: 2.4.5~git20081126t100229-0ubuntu2
  Version table:
 *** 2.4.5~git20081126t100229-0ubuntu2 0
        500 http://mirrors.us.kernel.org jaunty/main Packages
        100 /var/lib/dpkg/status
# uname -a
Linux ds 2.6.28-15-generic #48-Ubuntu SMP Wed Jul 29 08:53:35 UTC 2009 x86_64 GNU/Linux

I'm connecting from one LAN (192.168.1.x) to another (9.x.x.x) through a proprietary vpn, then using NetworkManager's PPTP vpn plugin to connect to a third one (10.x.x.x) through a pptp gateway in the second one (9.x.x.x).

local wifi card (wlan0) address: 192.168.1.64
lan gateway: 192.168.1.254
lan subnet: 192.168.1.0 (netmask 255.255.255.0)

first vpn (tun0) address: 9.76.10.27
first vpn subnet: 9.0.0.0 (netmask 255.0.0.0)
first vpn client: at&t global network client (agnclient)

second vpn gateway: 9.30.138.171, windows server 2003 pptp remote access server
second vpn subnet: 10.160.0.0 (netmask 255.255.0.0)
second vpn local (ppp0) address: 9.30.138.111
second vpn remote point-to-point address: 9.30.138.110
second vpn client: NetworkManager with PPTP plugin, configured to only add the route: 10.160.0.0 nm 255.255.0.0 dev ppp0

While connected to the first vpn , before connecting to the second, here's the route to the second gateway:

$ ip route show | grep 9.30.138.171
$ ip route get 9.30.138.171
9.30.138.171 dev tun0 src 9.76.40.155
    cache mtu 1362 advmss 1322 hoplimit 64

And the 10.160.0.0 subnet going through the default lan router as expected:

$ ip route show | grep 10.160
$ ip route get 10.160.2.2
10.160.2.2 via 192.168.1.254 dev wlan0 src 192.168.1.64
    cache mtu 1500 advmss 1460 hoplimit 64

So far so good. Now after connecting to the pptp vpn at 9.30.138.171 with NetworkManager, as NM starts trying to connect (and before it can reach the server), it already adds an explicit route:

$ ip route show | grep 9.30.138.171
9.30.138.171 dev tun0 scope link src 9.76.40.155

after it connects to the vpn gateway, ppp0 comes up with the local address of 9.30.138.111 and the 10.160.0.0 subnet route gets established:

$ ip route show | grep ppp
9.30.138.110 dev ppp0 proto kernel scope link src 9.30.138.111
10.160.0.0/16 dev ppp0 proto static scope link

but NM messes up the route to the gateway itself:

$ ip route show | grep 9.30.138.171
9.30.138.171 via 192.168.1.254 dev wlan0 proto static
9.30.138.171 dev tun0 scope link src 9.77.157.83
$ ip route get 9.30.138.171
9.30.138.171 via 192.168.1.254 dev wlan0 src 192.168.1.64
    cache mtu 1500 advmss 1460 hoplimit 64

There should be no explicit route to 9.30.138.171, least of all to wlan0, which is the wrong interface in this case. As a result, no traffic goes through the vpn tunnel and I can't even reach 9.30.138.171 until I remove the wlan0 route with
# route del 9.30.138.171 gw 192.168.1.254 dev wlan0

Removing the other, extraneous route is innocuous, since there was already another route to it when the at&t client established the tun0 connection:
# route del 9.30.138.171 dev tun0
# ip route show| grep tun0
9.0.0.0/8 via 9.65.15.7 dev tun0 scope link

Tags: vpn
Nicola Ferralis (feranick)
tags: added: vpn
Revision history for this message
Pedro Villavicencio (pedro) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Could you please open a terminal and execute: apport-collect 413868 ? It will attach the necessary information to this report. Also you can submit more information for it by looking to https://wiki.ubuntu.com/DebuggingNetworkManager , Thanks in advance.

Changed in network-manager (Ubuntu):
status: New → Incomplete
importance: Undecided → Low
Revision history for this message
Daniel Silva (daniel-silva) wrote : apport-collect data

Architecture: amd64
CRDA:
 country 98:
  (2402 - 2472 @ 40), (3, 27)
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: nvidia
Package: network-manager 0.8~a~git.20090820t182117.cb60390-0ubuntu2
PackageArchitecture: amd64
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=en_US.UTF-8
ProcVersionSignature: Ubuntu 2.6.31-9.29-generic
Uname: Linux 2.6.31-9-generic x86_64
UserGroups: adm admin audio cdrom dialout dip disk floppy fuse kvm libvirtd lpadmin netdev plugdev sambashare tape uml-net vboxusers video
WifiSyslog:

WpaSupplicantLog:

Revision history for this message
Daniel Silva (daniel-silva) wrote :

Note that since filing the initial bug report I've upgraded to karmic. The behavior is the same though.

Also, when trying to submit the apport data as requested, apport sort of died..

$ apport-collect 413868
Logging into Launchpad...
Downloading bug...
Bug title: NetworkManager adds incorrect routes to VPN gateway
Collecting apport information for source package network-manager...
Uploading additional information to Launchpad bug...
   short text data...
   attachment: Dependencies.txt...
Traceback (most recent call last):
  File "/usr/bin/apport-collect", line 145, in <module>
    upload(report, bug)
  File "/usr/bin/apport-collect", line 60, in upload
    filename=part.get_filename(), is_patch=False)
  File "/usr/lib/python2.6/dist-packages/lazr/restfulclient/resource.py", line 457, in __call__
    **args)
  File "/usr/lib/python2.6/dist-packages/wadllib/application.py", line 591, in build_representation
    media_type, param_values, **kw_param_values)
  File "/usr/lib/python2.6/dist-packages/wadllib/application.py", line 690, in representation
    return definition.bind(param_values, **kw_param_values)
  File "/usr/lib/python2.6/dist-packages/wadllib/application.py", line 809, in bind
    value = validated_values[param.name]
KeyError: 'description'

Revision history for this message
Seva Gluschenko (gvs-ya) wrote :

Another kind of issue with similar effect is noticed with network-manager-openvpn which adds route of my LAN to tap device, so that I lose network connectivity instantaneously. I must either manually issue

# route delete 192.168.1.0

command to restore routing to my local gateway or setup all VPN routes manually.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for network-manager (Ubuntu) because there has been no activity for 60 days.]

Changed in network-manager (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.