Open libfitz opened 5 years ago
The same thing. The steps in the generated docs are wrong for linux client
Might be related to #1519 that I just opened, also failing to connect on Ubuntu Server on a freshly-provisioned box.
Install on local server Ubuntu 16.04. The same thing. Work with android, but don't work any Ubuntu desktop. (18.10, 17.10). connected, ping to servers -100% packet loss, dns loss.
I ran into this same issue. 18.04 using the OpenVPN network manager plugin from the official apt repos. (I haven't compiled it myself. I think it lives here though: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn).
Using openvpn
directly from the command line worked if I commented out the route in the .opvn
file (using a ;
for a comment)!
Without removing that route, it threw a cryptic error:
RTNETLINK answers: File exists
Sat Jun 15 12:55:36 2019 ERROR: Linux route add command failed: external program exited with error status: 2
And no traffic would pass correctly until I ctrl-c
'd the openvpn command.
I dug a fair amount into trying to sort out the correct metric values but as far as I can tell, this is mostly an issue with how that Network Manager plugin configures routes. I was not able to get the VPN working using that plugin.
To help others dig, here are some useful commands that the nmcli
provides to understand more about a connection. I don't know how all of these are managed using the GUI, but maybe there's something here...
nmcli connection show # Lists all the connections NM knows about
nmcli connection show <name of connection> # Lists a bunch of parameters about that connection
nmcli connection modify streisand ipv4.route-metric 0 # My attempt to fix the route metrics
nmcli connection modify streisand-aws ipv4.route-metric -1 # Resetting my failed attempt
I'm just going to use the modified *.opvn
file for now. I'm sick of fighting that stupid Network Manager.
Note: I didn't test DNS leakage! That setting in the server isn't accepted by the openvpn
client (windows only I guess?) So double check that!
Once this is sorted out, a PR to update the Ubuntu Network Manager directions (even if that means nmcli
commands) still may provide people the gooey GUI goodness Network Manager can provide.
While I'm at it, I'll add this reference that could be help unwind this issue: https://docs.ubuntu.com/core/en/stacks/network/network-manager/docs/routing-tables
These are the NM connections values that look promising to dig into:
ipv4.gateway:
ipv4.routes:
ipv4.route-metric:
Edit: I also found one reference to setting ipv4.dns-priority -42
if there are DNS issues over the VPN, but that doesn't seem to be a priority at this point since no traffic can even hit the server.
Have this issue also. Works using OpenVPN in command line. Not working using Network Manager. Fresh install on Google Cloud. Arch Linux. How to fix?
~/ ip route
default via 10.8.0.9 dev tun0 proto static metric 50
default via 192.168.31.1 dev wlo1 proto dhcp metric 600
10.8.0.0/24 via 10.8.0.9 dev tun0 proto static metric 50
10.8.0.9 dev tun0 proto kernel scope link src 10.8.0.10 metric 50
3.xx.xx.xx via 192.168.31.1 dev wlo1 proto static metric 600
192.168.31.0/24 dev wlo1 proto kernel scope link src 192.168.31.13 metric 600
192.168.31.1 dev wlo1 proto static scope link metric 600
~/ nmcli --version
nmcli tool, version 1.20.4-1
~/ nmcli
Streisand VPN connection
master wlo1, VPN, ip4 default
inet4 10.8.0.10/32
route4 10.8.0.0/24
route4 0.0.0.0/0
route4 10.8.0.9/32
tun0: connected to tun0
"tun0"
tun, sw, mtu 1500
inet4 10.8.0.10/32
route4 10.8.0.9/32
route4 10.8.0.0/24
route4 0.0.0.0/0
inet6 ..
route6 ff00::/8
route6 fe80::/64
wlo1: connected to rain_5G
"Intel Wireless-AC 9560"
wifi (iwlwifi), ..., hw, mtu 1500
inet4 192.168.31.13/24
route4 0.0.0.0/0
route4 3.xx.xx.xx/32
route4 192.168.31.1/32
route4 192.168.31.0/24
inet6 .../64
route6 fe80::/64
route6 ff00::/8
p2p-dev-wlo1: disconnected
"p2p-dev-wlo1"
wifi-p2p, hw
eno2: unavailable
"Intel Ethernet"
ethernet (e1000e), ...., hw, mtu 1500
lo: unmanaged
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
DNS configuration:
servers: 10.8.0.1
interface: tun0
type: vpn
servers: 192.168.31.1
interface: wlo1
Hi,
I had similar issues with my streisand setup on scaleway. Ping was working but I had a lot of packets dropped (75%) and dns lookups weren't really working 100% of the time. From https://www.scaleway.com/en/docs/installing-wireguard-vpn-linux/, I figured I needed the following lines in the /etc/wireguard/wg0.conf file:
PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens2 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens2 -j MASQUERADE
For any other protocol, I feel it might be the same thing that is missing...
Expected behavior:
The connection to the VPN via Network Manager is established and is working.
Actual Behavior:
The connection to the VPN via Network Manager is established, but is not working.
Steps to Reproduce:
The client OS is Fedora 29, Cinnamon edition, kernel 4.20.6, Network Manager v.1.12.6, OpenVPN plugin v.1.8.8. Streisand is provisioned to Scaleway.
I've noticed the difference in the routes created (
xxx
is my home network, hidden just in case). If the connection is made manually viasudo openvpn --config <file>.ovpn
:If the connection is made via Network Manager (either with GUI or via
nmcli connection up
):I didn't try editing them manually since I have no idea how.
The DNS server, as reported by
systemd-resolve --status
ornmcli dev show
, is always my router.P.S. None of the OpenVPN config files work with the official Android app (same symptoms: connected, but not working). I have an older Streisand instance, 0272b14f38c40df4b8af33691e09711176b3a4b1, where everything is fine, however, it doesn't work with this one. But this is probably good for another issue.
Diagnostics
Ansible Information
Streisand Information
Enabled Roles