Ubuntu
network-manager-openvpn package

The ""Only use VPN for these addresses..." option from 0.6.x version has either disappeared or become non-intuitive.

Bug #305584 reported by Eric Weidner
30
This bug affects 4 people
Affects Status Importance Assigned to Milestone
network-manager-openvpn (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: network-manager-openvpn

I am having this problem with network-manager-openvpn in Ubuntu Intrepid. In version .6.x (Hardy) of nm-openvpn, there was an option (not the default) that said "Only use VPN for these addresses...". In .7, I have been unable to replicate that setting and therefore lose my fast local internet when on VPN. The OpenVPN command line utility works as I expect since we are not pushing the redirect-gateway option to force the default route through the VPN.

Can someone verify the removal of this option, clarify instructions on the usage of the new panel, or consider reworking the panel to be more intuitive? I can't find instructions anywhere.

Thanks,

Eric

ii network-manager-openvpn 0.7~~svn20081015t024626-0ubuntu1 network management framework (OpenVPN plugin

network-manager-openvpn:
  Installed: 0.7~~svn20081015t024626-0ubuntu1
  Candidate: 0.7~~svn20081015t024626-0ubuntu1
  Version table:
 *** 0.7~~svn20081015t024626-0ubuntu1 0
        500 http://us.archive.ubuntu.com intrepid/universe Packages
        100 /var/lib/dpkg/status

Revision history for this message
phonixor (phonixor) wrote :

i am having the same problem...
has anyone figured this out yet?

Revision history for this message
Marc Luethi (netztier) wrote :

If you create/edit a new VPN connection in nm-applet's "Edit Connections", there is the "IPv4 Settings" tab, at the bottom of which you see a "Routes..." button.

Here, you just enter your subnets, the prefix length and 0.0.0.0 as Gateway to that subnet.

The option has not been removed, it's called differently and it's configured in a different place.

Lacking an OpenVPN peer i could check against, I cannot actually confirm that this works for the OpenVPN plugin, but for the VPNC plugin, it works exactly like that.

Revision history for this message
phonixor (phonixor) wrote :

ok it once connected i can still google and stuff again... thanks...
only cant remote login to the network anymore... but thats prop cause i forgot to add all the right ip adrresses to the list...

i must agree with the poster that it has become non-intuitive...

Revision history for this message
Eric Weidner (eric-pumavision) wrote :

netztier, Thanks for the clarification. I would have thought the first panel under "IPv4 Settings" was the correct area to configure this "Addresses"

I now have it working. To be specific for anyone else reading this, add the following to the IPv4 Settings>Routes area, add a new entry with similar settings to these...

Address (IP subnet on the other side of the VPN): 192.168.1.0
Prefix: 32 (32 gives you access to the entire range of IP's)
Gateway: 0.0.0.0
Metric: 0 (not sure what this does)

Then make sure to check the "Ignore automatically obtained routes" box or else it won't work.

I think this panel now needs some better information or a shortcut helper for understanding what to do here. At the same time, the panel before this with the IPv4 method and addresses could use some explanation as well.

Revision history for this message
Marc Luethi (netztier) wrote : Re: [Bug 305584] Re: The ""Only use VPN for these addresses..." option from 0.6.x version has either disappeared or become non-intuitive.

On Tue, 2008-12-09 at 15:48 +0000, Eric Weidner wrote:
> Address (IP subnet on the other side of the VPN): 192.168.1.0
> Prefix: 32 (32 gives you access to the entire range of IP's)
> Gateway: 0.0.0.0
> Metric: 0 (not sure what this does)

Well, that'd surprise me if "32" was correct.

Using "32" as prefix - or writing a route to 192.168.1.0/32 is
equivalent to a route to 192.168.1.0 with mask 255.255.255.255, which
generally stands for "this IP address only" or a "host route", which is
a rather short ;-) range of IP addresses.

Assuming you intended to route 192.168.1.0 / 255.255.255.0, "24" would
be the right value for "prefix".

Did you check the routing table after your modification?

regards

Marc

Revision history for this message
Eric Weidner (eric-pumavision) wrote :

Marc,

You are correct. I typed 32 in my comment by mistake. The following should be correct...

Address (IP subnet on the other side of the VPN): 192.168.1.0
Prefix: 24 (24 gives you access to the entire range of IP's)
Gateway: 0.0.0.0
Metric: 0 (not sure what this does)

Sorry for the confusion. THanks for catching it.

Eric

Revision history for this message
JeppeM (jeppe-mariager) wrote :

Am i the only one who cannot find the "prefix" field in the lastest version? It seems to have been replaced by the Netmask field now...

But i'd have to agree with the OP, this feature is very poorly documented - Neither the in-system (System-> Help and Support), nor the website seems to have any overview of the feature or how to use it...

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.