Home / ubuntu / Questions / 665394
In Process
Damn Terminal
Asked: 2015-08-25 14:28:22 +0800 CST

How to route all traffic through OpenVPN using Network Manager?

  • 772

I can successfully connect to my OpenVPN server from command line using openvpn --config client.conf. The client.conf file contains redirec-gateway directive to route all traffic through the VPN server. All this works fine.

Now, how can I achieve the same result with Network Manager and nm-applet?

I tried simply configuring the connection. It initializes correctly but doesn't route the traffic through the server. It's as if I ticked "Use this connection only for resources on its network" when I didn't.

It seems that when I connect from the command line, the VPN route is added at the top

# ip route show
default via 192.168.10.5 dev tun0 
default via 192.168.1.1 dev eth0  proto static  metric 1024

but it's added as second when connecting from the applet

# ip route show
default via 192.168.1.1 dev eth0 
default via 192.168.10.5 dev tun0  proto static  metric 1024

This is on Ubuntu 15.04 Vivid and OpenVPN 2.3.2.

15.04

2 Answers

  1. I don't known how to set this option in NM but you can add script in /etc/ppp/if-up.d/ to make default route to ppp0 interface every time when go up. Make script called script with execute permissions 755

    sudo nano /etc/ppp/if-up.d/script

    # Check for specific interface if desired
[ "$IFACE" != "ppp0" ] || exit 0
# Do something
sudo route add default dev ppp0


chmod 755 /etc/ppp/if-up.d/script

    Try

    Edit 1

    If you have tun0 interface then place script in /etc/network/if-up.d/ and change interface name

    sudo nano /etc/network/if-up.d/script

    # Check for specific interface if desired
[ "$IFACE" != "tun0" ] || exit 0
# Do something
sudo route add default dev tun0


chmod 755 /etc/network/if-up.d/script
    • 2

  2. I've had the same problem on Ubuntu 15.04 and this solution works for me:

    • Either remove all network interface (except lo) from /etc/network/interfaces so that it will be managed by the network manager or edit the /etc/NetworkManager/NetworkManager.conf, change the line managed=false to managed=true and restart the network manager (sudo service network-manager restart)

    • Get the name of the iface used as the default gateway. > route Destination Gateway Genmask Flags Metric Ref Use Iface default fritz.box 0.0.0.0 UG 0 0 0 enp60s0

    • Find out the uid for this interface and the uid for your vpn connection > nmcli c NAME UID TYPE DEVICE ..... Wired conne....3d7cfc99-dd28-45c1-87d8-5ec88b0b687c 802-3-ethernet enp60s0 VPN France 2c5131c6-3d8e-4768-a67e-cbcc4f35db1f vpn -- .....

    • Set the metric for current default interface to e.g. 2 and for the vpn device to 0 sudo nmcli connection modify uuid 3d7cfc99-dd28-45c1-87d8-5ec88b0b687c ipv4.route-metric 2 sudo nmcli connection modify uuid 2c5131c6-3d8e-4768-a67e-cbcc4f35db1f ipv4.route-metric 0

    • Start the vpn connection via the network manager

    • Route will now show something like this (VPN-Gateway is a placeholder for the VPN-Gateway's IP-address). That means that all traffic will be routed through the VPN server. > route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default VPN-Gateway 0.0.0.0 UG 0 0 0 tun0 default 192.168.220.1 0.0.0.0 UG 2 0 0 enp60s0

    • 1