Route configuration

> Hi list,
>
> First thanks for network-manager, I've been using it for a long time
> and just began to use it's openvpn plugin, it's really nice!
>
> I have a small feature request regarding the custom routing option.
> Currently you can easily direct direct a subnetwork to a connection
> (the "use this connection only for ressources on its network"
> checkbox).
> But if you want something more complex (e.g. the vpn has a private IP
> (192.68.0.X), but you want to direct all traffic to the site through
> the vpn, not just 192.168.0.0/24, but a global ipv4 prefix) it won't
> work and you have to add custom routes.
> But custom routes are not automagic at all, for example the gateway
> must be static, it means that if the routeur ip changes, you have to
> update the route, etc.
>
> I guess most people uses that setting to route a subnetwork to the
> gateway provided by the connection, so wouldn't it be better to have
> an UI to facilitate it?
>
> eg:
> Use this connection for ressources on the following network (and a way
> to input a network, only address+netmask or address/prefix, no metric
> needed)

> On Fri, 2009-10-30 at 17:58 +0100, Benoit Boissinot wrote:
> > Hi list,
> >
> > I have a small feature request regarding the custom routing option.
> > Currently you can easily direct direct a subnetwork to a connection
> > (the "use this connection only for ressources on its network"
> > checkbox).
> > But if you want something more complex (e.g. the vpn has a private IP
> > (192.68.0.X), but you want to direct all traffic to the site through
> > the vpn, not just 192.168.0.0/24, but a global ipv4 prefix) it won't
> > work and you have to add custom routes.
> > But custom routes are not automagic at all, for example the gateway
> > must be static, it means that if the routeur ip changes, you have to
> > update the route, etc.
> >
> > I guess most people uses that setting to route a subnetwork to the
> > gateway provided by the connection, so wouldn't it be better to have
> > an UI to facilitate it?
> >
> > eg:
> > Use this connection for ressources on the following network (and a way
> > to input a network, only address+netmask or address/prefix, no metric
> > needed)
>
> I may not exactly understand, but maybe we could repurpose a blank
> gateway to mean the connection's current gateway if any.

> On Mon, Nov 02, 2009 at 01:02:38PM -0800, Dan Williams wrote:
> > On Fri, 2009-10-30 at 17:58 +0100, Benoit Boissinot wrote:
> > > Hi list,
> > >
> > > I have a small feature request regarding the custom routing option.
> > > Currently you can easily direct direct a subnetwork to a connection
> > > (the "use this connection only for ressources on its network"
> > > checkbox).
> > > But if you want something more complex (e.g. the vpn has a private IP
> > > (192.68.0.X), but you want to direct all traffic to the site through
> > > the vpn, not just 192.168.0.0/24, but a global ipv4 prefix) it won't
> > > work and you have to add custom routes.
> > > But custom routes are not automagic at all, for example the gateway
> > > must be static, it means that if the routeur ip changes, you have to
> > > update the route, etc.
> > >
> > > I guess most people uses that setting to route a subnetwork to the
> > > gateway provided by the connection, so wouldn't it be better to have
> > > an UI to facilitate it?
> > >
> > > eg:
> > > Use this connection for ressources on the following network (and a way
> > > to input a network, only address+netmask or address/prefix, no metric
> > > needed)
> >
> > I may not exactly understand, but maybe we could repurpose a blank
> > gateway to mean the connection's current gateway if any.
>
> Yes, and that's what I've actually been doing (using a blank gateway).
> But it probably only works because of the way openvpn works: I ended up
> with the following route:
>
> 192.168.0.0/16 dev tun0  proto static  scope link
>
> And I would acutally prefer:
>
> 192.168.0.0/16 via <vpn gw> dev tun0  proto static
>
> Is the first behavious actually useful for anyone (add a new network
> reachable directly from the link)?
>
> > Then you leave "Use this connection only for resources on its network"
> > *un* checked, and you enter in your 192.168.0.0/24 route and you'd end
> > up with something like this in your routing table:
> >
> > 192.168.0.0   <vpn gw>   255.255.0.0   U     0      0        0 tun0
> >
> > Maybe?
>
> Yes, so I guess I should get the gateway by iterating the NMIP4Address's
> from the config, and pick the first one with a gateway?

> On Mon, 2009-11-02 at 22:18 +0100, Benoit Boissinot wrote:
> >
> > Yes, so I guess I should get the gateway by iterating the NMIP4Address's
> > from the config, and pick the first one with a gateway?
>
> If you have the NMVPNConnection object internally, you'd use
> nm_vpn_connection_get_ip4_internal_gateway() to get it.  You don't want
> to use the external public IP of the VPN gateway, you want to use the
> internal gateway that tun0 will actually forward packets to I think.  We
> should do the same thing for other device types though, so what you'd
> really want to do is perform the substitution in nm-vpn-connection.c
> around here:
>
> /* Merge in user overrides from the NMConnection's IPv4 setting */
> s_ip4 = NM_SETTING_IP4_CONFIG (nm_connection_get_setting (priv->connection, NM_TYPE_SETTING_IP4_CONFIG));
> nm_utils_merge_ip4_config (config, s_ip4);