Network Manager OpenVPN nested connections fail to setup routes correctly
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenVPN |
Fix Released
|
Unknown
|
|||
network-manager (Ubuntu) |
Triaged
|
Undecided
|
Unassigned | ||
openvpn (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Setup:
Host lan: 192.168.0.238/24
Host Default gw: 192.168.0.1
ip route:
default via 192.168.0.1 dev eno1 proto dhcp metric 100
169.254.0.0/16 dev eno1 scope link metric 1000
192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.238 metric 100
Primary OpenVPN (check "Use this connection only for resources on its network"):
server ip: public a.b.c.d
OpenVPN Tunnel: 192.168.1.0/24
routes pushed: 192.168.100.0/24
First VPN works OK:
default via 192.168.0.1 dev eno1 proto dhcp metric 100
169.254.0.0/16 dev eno1 scope link metric 1000
192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.238 metric 100
192.168.0.1 dev eno1 proto static scope link metric 100
192.168.100.0/24 via 192.168.10.1 dev tun0 proto static metric 50
a.b.c.d via 192.168.0.1 dev eno1 proto static metric 100
Secondary OpenVPN (check "Use this connection only for resources on its network"):
server ip: private 192.168.100.10
OpenVPN Tunnel: 192.168.20.0/24
routes pushed: 192.168.200.0/24
Second VPN Connect OK, routing table is wrong:
default via 192.168.0.1 dev eno1 proto dhcp metric 100
192.168.200.0/24 via 192.168.20.1 dev tun1
192.168.20.0/24 dev tun1 proto kernel scope link src 192.168.20.59
169.254.0.0/16 dev eno1 scope link metric 1000
192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.238 metric 100
192.168.0.1 dev eno1 proto static scope link metric 100
192.168.100.0/24 via 192.168.10.1 dev tun0 proto static metric 50
a.b.c.d via 192.168.0.1 dev eno1 proto static metric 100
192.168.100.10 via 192.168.0.1 dev eno1 proto static metric 100 <- this is wrong, the openVPN#2 Gateway is not on the local lan
Correct routing table using "sudo /usr/sbin/openvpn /path/to/
default via 192.168.0.1 dev eno1 proto dhcp metric 100
192.168.200.0/24 via 192.168.20.1 dev tun1
192.168.20.0/24 dev tun1 proto kernel scope link src 192.168.20.59
169.254.0.0/16 dev eno1 scope link metric 1000
192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.238 metric 100
192.168.0.1 dev eno1 proto static scope link metric 100
192.168.100.0/24 via 192.168.10.1 dev tun0 proto static metric 50
a.b.c.d via 192.168.0.1 dev eno1 proto static metric 100
It seems that Network Manager add a wrong additional route not added by the openvpn bin:
192.168.100.10 via 192.168.0.1 dev eno1 proto static metric 100
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: openvpn 2.4.7-1ubuntu2
ProcVersionSign
Uname: Linux 5.8.0-44-generic x86_64
ApportVersion: 2.20.11-
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Fri Mar 5 12:44:39 2021
InstallationDate: Installed on 2021-02-19 (13 days ago)
InstallationMedia: Ubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1)
ProcEnviron:
PATH=(custom, no user)
XDG_RUNTIME_
LANG=it_IT.UTF-8
SHELL=/bin/bash
SourcePackage: openvpn
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in openvpn: | |
status: | Unknown → New |
Changed in openvpn: | |
status: | New → Fix Released |
Changed in openvpn: | |
status: | Fix Released → New |
Changed in openvpn: | |
status: | New → Fix Released |
Thank you for taking the time to file a bug report.
From what you described it seems that Network Manager is the one responsible for adding the unexpected routing rule, so this might not affect OpenVPN itself. I quickly tried to reproduce your setup but did not notice the bug there. Could you please share your config files to see if I missed something?
Since there is not enough information in your report to begin triage or to
differentiate between a local configuration problem and a bug in Ubuntu, I
am marking this bug as "Incomplete". We would be grateful if you would:
provide a more complete description of the problem, explain why you
believe this is a bug in Ubuntu rather than a problem specific to your
system, and then change the bug status back to "New".
For local configuration issues, you can find assistance here: www.ubuntu. com/support/ community
http://