Open adityaguru149 opened 3 years ago
A few details needs to be clarified here.
OpenVPN 3 Linux does currently not have a direct integration with NetworkManager. We have just barely started discussing how that would be accomplished. The only interfaces we currently provide for OpenVPN 3 Linux are through the openvpn3
, openvpn3-autoload
and openvpn2
commands.
OpenVPN 3 Linux DOES integrate with systemd-resolved
, but it currently needs to be activated manually. As of the next v14_beta release, it will be activated by default on recent enough Linux distributions which is known to ship with systemd-resolved enabled out-of-the-box. OpenVPN 3 Linux also provides a complete VPN config and session management which also accounts for proper privilege separation, so unprivileged users can start their own VPN sessions.
The openvpn
command is from the classic OpenVPN 2.x version, which does have NetworkManager integration through the networkmanager-openvpn
plug-in and NetworkManager must be used if unprivileged users should start and manage their VPN sessions. With OpenVPN 2.x unprivileged end-users must use NetworkManager for config and session management. Individual configuration files can be handled outside of NetworkManager if the user can start the openvpn
with root privileges and via the openvpn-client@.service
and openvpn-server@.service
systemd unit files, and in these cases the configuration file must be updated to allow updating the DNS resolver settings.
The openvpn
package can operate independently of the openvpn3
package and vice versa.
Thanks @dsommers
I guessed my issue was around the tunnel trying to syphoon all network traffic instead of just local IPs. Is that not the case here?
Any ticket tracking openvpn3
and network-manager
integration? That would be awesome
It's really not that clear to me. You need to compare the routing tables and the DNS resolver settings after the VPN connection is established.
Depending on the VPN configuration and what the OpenVPN server pushes of routing rules, are the two first places where "route all traffic via the VPN tunnel" is determined. Then the network-manager
integration also has its own flag ("Use this connection only for resources on its network") which also changes the routing slightly. And whether this gives a functional Internet experience depends on if the DNS resolver settings points at a reachable DNS server.
So, first identify where your Internet traffic is routed and if that is as expected, then check if the DNS resolver settings are as expected (typically checking /etc/resolv.conf
and the output of resolvectl
).
Is there an update on this issue?
In case anyone finds this useful, this issue tracks adding support for openvpn3 to the network manager openvpn plugin: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/69
When I connect the VPN using
openvpn3 session-start --config client.ovpn
I am able to connect to the internet alongwith the VPN local IPs but when I connect usingnetwork-manager
, I am able to connect to the VPN local IPs but not able to connect to the internet. I have theupdate-systemd-resolve
setup and I am able to resolve DNS while connected to VPN to get that out of the way.network-manager
openvpn3
uses my wifi for all internet and tun0 only for certain IPs?The only difference that I could note was the
link
.System:
I have 2 openvpn versions (as mentioned in the output above)- any probable conflicts?
From what I can understand nmcli is not able to correctly setup routes that are pushed by VPN server? Is there someway to correctly setup
network-manager
?