GNOME Bugzilla – Bug 755427
Default route for IPv6 not being set correctly using openconnect
Last modified: 2020-11-12 14:28:46 UTC
This was reported on the Ubuntu bug tracker by someone else, but I can confirm the behaviour. The description below is the description from Launchpad (https://bugs.launchpad.net/ubuntu/+source/network-manager-openconnect/+bug/1489578). Other Bugzilla bugs have suggested the "Ignore automatically obtained routes" and/or "Use this connection only for resources on its network" options; neither changes the behaviour, which is that resources only accessible while on the VPN are not accessible after connecting with the routes given. ===== After connecting to an openconnect VPN IPv4 and IPv6 default routes should be updated to go through the VPN instead of directly out any physical nic. I have found this works fine for IPv4. IPv4 Before connecting ```` ip route listmtr default via 10.10.4.1 dev eth1 default via 10.10.4.1 dev eth1 proto static metric 1024 10.10.4.0/24 dev eth1 proto kernel scope link src 10.10.4.195 169.254.0.0/16 dev eth1 scope link metric 1000 172.26.12.0/22 dev wlan0 proto kernel scope link src 172.26.12.122 192.168.12.165 via 172.26.12.1 dev wlan0 proto dhcp metric 10 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 ``` IPv4 After ``` default dev vpn0 proto static scope link metric 1024 10.10.4.0/24 dev eth1 proto kernel scope link src 10.10.4.195 169.254.0.0/16 dev eth1 scope link metric 1000 172.26.12.0/22 dev wlan0 proto kernel scope link src 172.26.12.122 172.26.112.0/20 dev vpn0 proto kernel scope link src 172.26.125.30 192.168.12.165 via 172.26.12.1 dev wlan0 proto dhcp metric 10 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 199.201.64.20 via 10.10.4.1 dev eth1 proto static metric 1 ``` With IPv6 the VPN route is added but with the same metric so no traffic is ever taking the tunnel for IPv6. If i use the command line openconnect tool (bypassing network-manager) it installs a default route with a metric of 1 (still does not remove the other route) which allows tunneling. IPv6 Before: ``` 2620:10d:c081:1103::/64 dev wlan0 proto kernel metric 256 expires 603730sec fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev wlan0 proto kernel metric 256 default via fe80::5:73ff:fea0:c2a dev wlan0 proto static metric 1024 ``` IPv6 After: ``` 2620:10d:c081:1103::/64 dev wlan0 proto ra metric 10 2620:10d:c081:1110::/64 dev vpn0 proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev wlan0 proto kernel metric 256 default via fe80::5:73ff:fea0:c2a dev wlan0 proto static metric 1024 default dev vpn0 proto static metric 1024 ``` ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: network-manager-openconnect 0.9.10.0-1ubuntu2 ProcVersionSignature: Ubuntu 3.19.0-26.28-generic 3.19.8-ckt4 Uname: Linux 3.19.0-26-generic x86_64 ApportVersion: 2.17.2-0ubuntu1.3 Architecture: amd64 CurrentDesktop: Unity Date: Thu Aug 27 13:18:57 2015 InstallationDate: Installed on 2015-08-03 (24 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) SourcePackage: network-manager-openconnect UpgradeStatus: No upgrade log present (probably fresh install)
bugzilla.gnome.org is being shut down in favor of a GitLab instance. We are closing all old bug reports and feature requests in GNOME Bugzilla which have not seen updates for a long time. If you still use NetworkManager and if you still see this bug / want this feature in a recent and supported version of NetworkManager, then please feel free to report it at https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/ Thank you for creating this report and we are sorry it could not be implemented (workforce and time is unfortunately limited).