Ubuntu
network-manager-openvpn package

No route to VPN server added when connected via Mobile Broadband

Bug #1012533 reported by Ulrich Zehl
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
network-manager-openvpn (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Ubuntu 12.04 LTS
network-manager-openvpn 0.9.4.0-ubuntu1

I'm trying to use OpenVPN via Network Manager in a configuration that passes all traffic over the VPN tunnel (i.e. the default route is set to tun0).

This works fine when using wifi as the underlying network connection, but does not work when I use UMTS ("Mobile Broadband") as the underlying connection. (Both connections work fine for accessing the Internet without VPN.)

The tunnel is established but no traffic is passed over it, because the routing table is wrong.

Using OpenVPN over wifi, the routing table looks something like this after the VPN connection is established:

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.1.53 0.0.0.0 UG 0 0 0 tun0
[...]
10.1.1.53 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
[...]
172.16.250.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0
192.0.2.115 172.16.250.254 255.255.255.255 UGH 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0
[...]

As you can see, there is a host route to the VPN server (192.0.2.115), and a default route to the tunnel interface. Thus, everything works as expected.
(I have redacted our internal routes that are pushed via OpenVPN and are also in the routing table, because they are not relevant for this problem.)

Using Mobile Broadband, the routing table looks something like this (without VPN)

# ifconfig hso0
hso0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:93.111.28.239 P-t-P:93.111.28.239 Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1486 Metric:1
          RX packets:437 errors:0 dropped:0 overruns:0 frame:0
          TX packets:442 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
          RX bytes:46787 (46.7 KB) TX bytes:95946 (95.9 KB)

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 hso0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 hso0

After the VPN connection is established, it looks something like this:

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.222.193.53 0.0.0.0 UG 0 0 0 tun0
[...]
10.222.193.53 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 hso0
[...]

There is a default route to the tunnel interface, but no host route to the VPN server. Therefor, the VPN-encapsulated datagrams are sent to the VPN interface once again, which clearly is not right.

Why does Network Manager not add the host route like it does when connected over wifi? Is it because hso0 is a P-t-P link?

To work around this, I currently run

# ip route add 192.0.2.115/32 dev hso0

which solves the problem, but it's annoying to have to do this by hand every time.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
Revision history for this message
allan999 (allan-laal) wrote :

I "fixed" this by configuring network manager (ubuntu 14.04 LTS) to always connect to my VPN when that specific mobile broadband is connected. I also added the missing route under IPv4 settings under Routes

thanks to the OP for the workaround

Revision history for this message
Christian Schrötter (killerbees19) wrote :

Looks like that's still a bug in Xenial… :-(

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.