If I conect to my vpn server with
/usr/sbin/openvpn --config config.file
all trafic is routed over my VPN
Connecting with NetworkManager-openvpn module it’s not the same way.
I have not found an option in NetworkManager pluggin to do that…
How can this achived?
I also have not found that in config file if started ith openvpn from hand, that this is enabled, this seems to be the default
You’ll have to be a bit more detailed what does and does not go through your VPN when using Network Manager.
AFAIK NM should be no different, “split tunneling” is not configured by default.
But,
In both cases, DNS is typically not tunneled by default (a someone serious case of “leakage”),
You have to configure a DNS through your VPN to avoid DNS leakage.
default via 192.168.0.1 dev wlan0 proto dhcp metric 600
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.121 metric 600
routes with NetworkManager openvpn module
default via 192.168.0.1 dev wlan0
default via 10.9.0.9 dev tun0 proto static metric 50
10.9.0.1 via 10.9.0.9 dev tun0 proto static metric 50
10.9.0.9 dev tun0 proto kernel scope link src 10.9.0.10 metric 50
138.117.76.146 via 192.168.0.1 dev wlan0 proto static metric 600
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.121 metric 600
192.168.0.1 dev wlan0 proto static scope link metric 600
What I need (openvpn started with /usr/sbin/openvpn --config /etc/openvpn/ext.ovpn
default via 10.9.0.9 dev tun0
10.9.0.1 via 10.9.0.9 dev tun0
10.9.0.9 dev tun0 proto kernel scope link src 10.9.0.10
138.117.76.146 via 192.168.0.1 dev wlan0
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.121 metric 600
I’d still be curious why your VPN routing table is faulty,
Where did you get your VPN configuration, and in what form (a VPN configuration file or just settings you have to plug into NM)?
It might be that wherever you got your VPN configuration from,
Someone intentionally configured a split VPN (it shouldn’t be enabled by default).
If you can identify the source of your VPN configuration problem,
That might be a better solution than manually editing your routing table…
If you use a dispatcher script, then your changes should survive service restarts, command line edits won’t.
All: The way I finally had to do this was to open konsole and do it from the command line once I got my “.ovpn” file from the ISP. I tested my IP address with Firefox and it shows the VPN address, so I know it is working (I’m also using NetworkManager, but not for the VPN part - NM doesn’t seem to know there’s a VPN running, but the system does…). The problem is I don’t know how to automate the process. I guess I could have backgrounded it - but maybe there’s a initialization daemon or something I can invoke to make the startup automatic rather than manual in a konsole window which I have to leave open. Anyone know?
patti@linux:~/Desktop/ISOs/00_VPN> sudo openvpn provider_file.ovpn
[sudo] password for root:
Fri Nov 30 21:08:11 2018 OpenVPN 2.4.3 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 20 2017
Fri Nov 30 21:08:11 2018 library versions: OpenSSL 1.1.0i-fips 14 Aug 2018, LZO 2.10
Enter Auth Username: **********
Enter Auth Password: **********
Fri Nov 30 21:08:37 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]***.***.***.***:****
Fri Nov 30 21:08:37 2018 Attempting to establish TCP connection with [AF_INET]***.***.***.***:**** [nonblock]
Fri Nov 30 21:08:38 2018 TCP connection established with [AF_INET]174.128.226.18:501
Fri Nov 30 21:08:38 2018 TCP_CLIENT link local: (not bound)
Fri Nov 30 21:08:38 2018 TCP_CLIENT link remote: [AF_INET]174.128.226.18:501
Fri Nov 30 21:08:38 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Nov 30 21:08:39 2018 [9336ebb85cd160ac7db71525a55797d7] Peer Connection Initiated with [AF_INET]***.***.***.***:****
Fri Nov 30 21:08:40 2018 TUN/TAP device tun0 opened
Fri Nov 30 21:08:40 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Nov 30 21:08:40 2018 /bin/ip link set dev tun0 up mtu 1500
Fri Nov 30 21:08:40 2018 /bin/ip addr add dev tun0 local 10.35.1.10 peer 10.35.1.9
Fri Nov 30 21:08:40 2018 Initialization Sequence Completed
I see there’s a NetworkManager-openvpn module in YaST, but I can’t find a NM interface to handle the “.ovpn” file. There’s also not an option in the YaST VPN applet to import data from an “.ovpn” file.