I have an OpenVPN config file which works great from the terminal:
sudo openvpn --config openvpn.conf
After connecting via the terminal, my routing table is as follows:
[van@d2:Desktop]$ ip route
0.0.0.0/1 via 255.255.255.0 dev tun0
default via 192.168.0.1 dev wlp3s0 proto static metric 600
10.9.0.1 via 255.255.255.0 dev tun0
<vpn_server_ip_addr> via 192.168.0.1 dev wlp3s0
128.0.0.0/1 via 255.255.255.0 dev tun0
169.254.0.0/16 dev wlp3s0 scope link metric 1000
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.5 metric 600
255.255.255.0 dev tun0 proto kernel scope link src 10.9.0.4
I wanted to try and get things working from the Network Manager, so I installed network-manager-openvpn
and then imported the VPN connection from the working config file. However, when I connect using the Network Manager, traffic is not routed via the OpenVPN server. The routing table (after connecting using the Network Manager entry) is as follows:
[van@d2:Desktop]$ ip route
default via 192.168.0.1 dev wlp3s0 proto static metric 600
10.9.0.0/24 dev tun0 proto kernel scope link src 10.9.0.4 metric 50
<vpn_server_ip_addr> via 192.168.0.1 dev wlp3s0 proto static metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.5 metric 600
192.168.0.1 dev wlp3s0 proto static scope link metric 600
I have tried to add the 0.0.0.0 entry (from the working routing table), but it is rejected:
[van@d2:Desktop]$ sudo ip route add 0.0.0.0/1 via 255.255.255.0 dev tun0
RTNETLINK answers: Network is unreachable
I have also tried removing:
10.9.0.0/24 dev tun0 proto kernel scope link src 10.9.0.4 metric 50
and replacing it with:
10.9.0.1 via 255.255.255.0 dev tun0
but this also fails with a similar error message (the removal worked).
My question is: how can I connect to an OpenVPN server via the Network Manager and force all traffic to be routed via the VPN tunnel?
Best Answer
I have found a "solution" (and I use this term very loosely here) based on this post: Network Manager does not set IP4.GATEWAY for OpenVPN connection - although I'm convinced this is a bug with the
network-manager-openvpn
module.The problem occurs because no gateway is set for the OpenVPN tunnel:
The default gateway can be obtained using:
Now use
nmcli con show
to obtain the UUID of the OpenVPN tunnel (tun0 in my case):Once you have the UUID, set the gateway using:
Now check to make sure you're using the VPN Server's IP address:
One of the side effects of using this method is you'll end up with a "zombie" connection every time you add a tun0 gateway (and these will persist across reboots):
You can remove these using:
Considering how complicated it is working around these issues just to be able to connect to OpenVPN using the Network Manager, you're probably going to be far better off just connecting via the terminal (assuming you have a valid OpenVPN config file).
I'm not sure how to report bugs of this nature, so if anyone knows, please chime in.