On Tue, 2015-08-04 at 08:45 +0300, Matti Koskimies wrote: > I'm using only command line for both openconnect and network-manager. > So don't even have network-manager-openconnect installed. I'm using > self written systemd files to connect and disconnect the VPN. The > command I use for starting is: > > /usr/sbin/openconnect --quiet --background --pid > -file=/var/run/openconnect.pid --usergroup=$USERGROUP --user=$VPNUSER > - > -passwd-on-stdin $SERVER <<< $PASSWORD > > That's all the configuration I have.
So presumably what's happening is that OpenConnect sets a default route to the VPN, and then NetworkManager renews its DHCP lease and 'fixes' the default route to go the way that NetworkManager expects it to. This (doing stuff behind NetworkManager's back) isn't really a supported configuration. But as you've observed, adding an *additional* default route does make it work because NetworkManager's own route isn't being removed; it's still there with a lower metric? > Connecting from the GUI never worked for me, because the GUI is > missing some settings that are required by my VPN provider (username, > usergroup). It should ask you for the username if it needs one, and the 'usergroup' is merely the first path element of the login URL. So you can set a "gateway" of https://vpn.example.com/usergroup or something along those lines. Please let me know if that doesn't work. -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
