Ubuntu – Network Manager does not set IP4.GATEWAY for OpenVPN connection

gatewaynetwork-managernetworkingopenvpnvpn

I have a configured OpenVPN connection which works fine when connecting from command line

openvpn --config myconfig.conf

Now, I'd like to establish this OpenVPN connection automatically when connecting through a certain WiFi network. Network Manager provides this option but of course requires that the OpenVPN connection is configured through Network Manager.

It works fine. Local connections to the network bridged with the VPN are available, even IPv6 works. However, Network Manager does not set the appropriate gateway which means I cannot reach the Internet over IPv4 through this OpenVPN server.

In paritcular, when I connect using the command line,

nmcli device show tap0

returns

IP4.ADDRESS[1]:                         192.168.1.100/24
IP4.GATEWAY:                            192.168.1.1

but when I connect using the Network Manager GUI, it returns

IP4.ADDRESS[1]:                         192.168.1.100/24
IP4.GATEWAY:                            0.0.0.0

Why does that happen? How can I fix it? My config does not contain the gateway address explicitly.

client
dev tap
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
keepalive 1 7

remote 1.1.1.1 1194 udp

redirect-gateway

ca ca.crt
cert cert.crt
key key.key
remote-cert-tls server
tls-auth ta.key 1

Best Answer

You can modify the gateway for network manager connections from the command line. So while I cannot find this option in the GUI, you can list the connections

nmcli con show

find yours

NAME                     UUID                                  TYPE             DEVICE 
thenameyougaveit         some-id-ksadbf019-aksb821           vpn              wlan1

change the address (it will be discarded afaict but you cannot change the gateway address without setting it)

nmcli con mod some-id-ksadbf019-aksb821 ipv4.addresses 192.168.1.113/24

and then set the desired ip4 gateway

nmcli con mod some-id-ksadbf019-aksb821 ipv4.gateway 192.168.1.1

And now it works from the GUI. Of course, if anything changes on the other end, it will stop working.

OR

To disable IPv6 via sysctl, place the following into your /etc/sysctl.conf file:

net.ipv6.conf.all.disable_ipv6 = 1

Don't forget to comment out any IPv6 hosts in your /etc/hosts file:

#::1        localhost.localdomain   localhost

NOTE

a reboot may be required for the sysctl method, and a reboot is definitely required for the kernel line approach.

OR

To temporarily disable ipv6:

sysctl -w net.ipv6.conf.all.disable_ipv6=1

To temporarily enable it:

sysctl -w net.ipv6.conf.all.disable_ipv6=0

So if you need to disable ipv6 on a given condition, then write a bash script somewhere along these lines:

#!/bin/bash
ipv6_disabled="$(sysctl net.ipv6.conf.all.disable_ipv6 | awk '{print $NF}')"
if (connected_to_vpn &> /dev/null); then
  (($ipv6_disabled)) || sysctl -w net.ipv6.conf.all.disable_ipv6=1
else
  (($ipv6_disabled)) && sysctl -w net.ipv6.conf.all.disable_ipv6=0
fi

NOTE

You might need to disable any ipv6 hosts in your /etc/hosts file for this method too, just as I recommended in the previous method.

Ubuntu – OpenVPN client cannot access any network except for the server itself after connection

Check your default route:
```
ip route | grep default
```

Output

default via 84.88.154.1 dev enp7s0 proto static metric 100 
default via 192.168.1.1 dev enp3s0 proto static metric 20101

When enp3s0 is your default output interface for internal network, then

Command:
```
sudo nano /etc/ufw/before.rules
```
Edit the before.rules file:

/etc/ufw/before.rules:

#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
#   ufw-before-input
#   ufw-before-output
#   ufw-before-forward
#

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0] 
# Allow traffic from OpenVPN client to enp3s0 (change to the interface you discovered!)
-A POSTROUTING -s 10.8.0.0/8 -o enp3s0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

# Don't delete these required lines, otherwise there will be errors
*filter
. . .

Command:
```
sudo nano /etc/default/ufw
```
Change: /etc/default/ufw:
```
DEFAULT_FORWARD_POLICY="ACCEPT"
```
Commands:
```
sudo ufw disable

sudo ufw enable
```

Best Answer

Related Solutions

Ubuntu – How to disable IPv6 when connecting to an OpenVPN server using Network Manager on a dual-stack system

OR

OR

Ubuntu – OpenVPN client cannot access any network except for the server itself after connection

Related Question