VPN started with Network Manager doesn't configure routing table correctly

BrianD

3/18/24, 3:19 AM

I have a Debian 11 system that has been configured to connect to a remote network via VPN. This has been functioning fine for a long time (since Debian 9).

Recently, the remote network made some changes that broke my access to some sites when I was connected via the VPN. While discussing the issue with the people responsible for the remote network, they suggested I make sure my vpnc-script was updated, since that script is responsible for setting up the routing table.

After some additional debugging, I discovered when I start openconnect from the command line, the routing table gets set correctly, but when I start the VPN from the Network Manager GUI in Gnome, the routing table is missing many entries.

It appears that the vpnc-script is not getting run when I start the VPN from Network Manager. The Network Manager VPN configuration dialog has no option for setting this script. I have been trying to locate the Network Manager location that controls this, but I have not found it yet.

Where can I go in my Debian 11 Network Manager configuration to make sure the vpnc-script gets run to set up the routing table?

203

1 + 2

vpn

debian

networkmanager

openconnect

A.B

3/18/24, 9:28 AM

As a workaround, you could add in NetworkManager the missing routes if they are always the same and you know them from the direct openconnect method. Also note that openconnect handles several types of VPN, but you didn't explicitly state which one you're using (and was it set properly in NetworkManager?)

BrianD

3/18/24, 9:48 PM

Thanks for the suggestion. In Network Manager, the VPN Protocol is set to "Cisco AnyConnect or openconnect". When I connect via the CLI, I use `openconnect`. Without the VPN, there are 8 entries in the routing table. When I connect using the CLI, there are 74. I haven't yet compared all the new routes to see if they stay the same.

Score:0

Server

Hawshemi

3/18/24, 1:37 PM

The Network Manager configuration file that controls the VPN behaviour is located at /etc/NetworkManager/system-connections/.

Edit the file and look for the [vpn] section.

By default script-security is 2. Change to 3 to allow the vpnc-script to run.

Then, add the script option in the [vpn] section, pointing to the location of the vpnc-script, like this:

[vpn]
...
script-security=3
script=/path/to/vpnc-script
...

Restart the NwrworkManager.

+ 1

BrianD

3/18/24, 10:01 PM

Thanks for the suggestion, but if I add these lines, they just disappear. After some more searching, I believe what I'm seeing is this bug: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/380

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: VPN started with Network Manager doesn't configure routing table correctly

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.