NetworkManager-openvpn how to route all trafic over vpn ?

If I conect to my vpn server with
/usr/sbin/openvpn --config config.file
all trafic is routed over my VPN

Connecting with NetworkManager-openvpn module it’s not the same way.
I have not found an option in NetworkManager pluggin to do that…
How can this achived?
I also have not found that in config file if started ith openvpn from hand, that this is enabled, this seems to be the default

Any idea?

You’ll have to be a bit more detailed what does and does not go through your VPN when using Network Manager.
AFAIK NM should be no different, “split tunneling” is not configured by default.

But,
In both cases, DNS is typically not tunneled by default (a someone serious case of “leakage”),
You have to configure a DNS through your VPN to avoid DNS leakage.

TSU

Using network manager the default route does not go over vpn gw, this is what I need

Show us the routing table before and after activating the VPN…

ip route

Without VPN


default via 192.168.0.1 dev wlan0 proto dhcp metric 600 
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.121 metric 600 

routes with NetworkManager openvpn module


default via 192.168.0.1 dev wlan0 
default via 10.9.0.9 dev tun0 proto static metric 50 
10.9.0.1 via 10.9.0.9 dev tun0 proto static metric 50 
10.9.0.9 dev tun0 proto kernel scope link src 10.9.0.10 metric 50 
138.117.76.146 via 192.168.0.1 dev wlan0 proto static metric 600 
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.121 metric 600 
192.168.0.1 dev wlan0 proto static scope link metric 600 

What I need (openvpn started with /usr/sbin/openvpn --config /etc/openvpn/ext.ovpn


default via 10.9.0.9 dev tun0 
10.9.0.1 via 10.9.0.9 dev tun0 
10.9.0.9 dev tun0 proto kernel scope link src 10.9.0.10 
138.117.76.146 via 192.168.0.1 dev wlan0 
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.121 metric 600 

The unwanted routes can be removed manually with

ip route del default dev wlan0
ip route del 192.168.0.1 dev wlan0

One approach might be way of a NetworkManager dispatcher script to modify the routing table as required. Just to give you an idea…

https://wiki.archlinux.org/index.php/NetworkManager#Network_services_with_NetworkManager_dispatcher

Is it really copy-paste of output? I wonder where “proto dhcp metric 600” suddenly disappeared.

Yes it’s cut and past. It has not disappeared, only default gw as it should be is over vpn and vpn has metric 50

I’d still be curious why your VPN routing table is faulty,
Where did you get your VPN configuration, and in what form (a VPN configuration file or just settings you have to plug into NM)?

It might be that wherever you got your VPN configuration from,
Someone intentionally configured a split VPN (it shouldn’t be enabled by default).

If you can identify the source of your VPN configuration problem,
That might be a better solution than manually editing your routing table…
If you use a dispatcher script, then your changes should survive service restarts, command line edits won’t.

TSU

All: The way I finally had to do this was to open konsole and do it from the command line once I got my “.ovpn” file from the ISP. I tested my IP address with Firefox and it shows the VPN address, so I know it is working (I’m also using NetworkManager, but not for the VPN part - NM doesn’t seem to know there’s a VPN running, but the system does…). The problem is I don’t know how to automate the process. I guess I could have backgrounded it - but maybe there’s a initialization daemon or something I can invoke to make the startup automatic rather than manual in a konsole window which I have to leave open. Anyone know?

          patti@linux:~/Desktop/ISOs/00_VPN> sudo openvpn provider_file.ovpn
[sudo] password for root: 
Fri Nov 30 21:08:11 2018 OpenVPN 2.4.3 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 20 2017
Fri Nov 30 21:08:11 2018 library versions: OpenSSL 1.1.0i-fips  14 Aug 2018, LZO 2.10
Enter Auth Username: **********
Enter Auth Password: **********
Fri Nov 30 21:08:37 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]***.***.***.***:****
Fri Nov 30 21:08:37 2018 Attempting to establish TCP connection with [AF_INET]***.***.***.***:**** [nonblock]
Fri Nov 30 21:08:38 2018 TCP connection established with [AF_INET]174.128.226.18:501
Fri Nov 30 21:08:38 2018 TCP_CLIENT link local: (not bound)
Fri Nov 30 21:08:38 2018 TCP_CLIENT link remote: [AF_INET]174.128.226.18:501
Fri Nov 30 21:08:38 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Nov 30 21:08:39 2018 [9336ebb85cd160ac7db71525a55797d7] Peer Connection Initiated with [AF_INET]***.***.***.***:****
Fri Nov 30 21:08:40 2018 TUN/TAP device tun0 opened
Fri Nov 30 21:08:40 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Nov 30 21:08:40 2018 /bin/ip link set dev tun0 up mtu 1500
Fri Nov 30 21:08:40 2018 /bin/ip addr add dev tun0 local 10.35.1.10 peer 10.35.1.9
Fri Nov 30 21:08:40 2018 Initialization Sequence Completed 

I see there’s a NetworkManager-openvpn module in YaST, but I can’t find a NM interface to handle the “.ovpn” file. There’s also not an option in the YaST VPN applet to import data from an “.ovpn” file.