Bug 486659

Summary: Multiple routes added through different gateways for same Remote Gateway IP - fortisslvpn
Product: [Plasma] plasmashell Reporter: Marek <enc0re>
Component: Networking in generalAssignee: Plasma Bugs List <plasma-bugs-null>
Status: REPORTED ---    
Severity: normal CC: mavoga, nate
Priority: NOR    
Version First Reported In: 6.0.5   
Target Milestone: 1.0   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Marek 2024-05-06 08:24:35 UTC 
SUMMARY
Connection itslef to Fortigate Remote Gateway works using openfortivpn and plasma-nm-fortisslvpn. However nothing can be reached inside tunnel.


Route list while disconnected:

mbabinca@fedora:~$ ip r
default via 192.168.1.1 dev wls192u4u1 proto dhcp src 192.168.1.123 metric 600 
192.168.1.0/24 dev wls192u4u1 proto kernel scope link src 192.168.1.123 metric 600

Route list while connected from cli - everything works fine:

mbabinca@fedora:~$ sudo openfortivpn -u user -p password 80.156.225.162
mbabinca@fedora:~$ ip r
default via 192.168.1.1 dev wls192u4u1 proto dhcp src 192.168.1.123 metric 600 
10.40.33.33 dev ppp0 scope link 
10.40.33.44 dev ppp0 scope link 
10.40.51.0/24 dev ppp0 scope link 
80.156.225.162 via 192.168.1.1 dev wls192u4u1 
192.168.1.0/24 dev wls192u4u1 proto kernel scope link src 192.168.1.123 metric 600


Route list while connected from plasma-nm-fortisslvpn - traffic into tunnel doesn't work:

mbabinca@fedora:~$ ip r
default via 192.168.1.1 dev wls192u4u1 proto dhcp src 192.168.1.123 metric 600 
10.19.83.1 dev ppp0 proto static scope link metric 50 
10.40.33.33 via 10.19.83.1 dev ppp0 proto static metric 50 
10.40.33.44 via 10.19.83.1 dev ppp0 proto static metric 50 
10.40.51.0/24 via 10.19.83.1 dev ppp0 proto static metric 50 
80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 
80.156.225.162 via 192.168.1.1 dev wls192u4u1 proto static metric 50 
80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 metric 50 
192.168.1.0/24 dev wls192u4u1 proto kernel scope link src 192.168.1.123 metric 600 
192.168.1.1 dev wls192u4u1 proto static scope link metric 50

Notice, that for remote gateway 80.156.225.162 three routes are added instead of one while using cli.

80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 
80.156.225.162 via 192.168.1.1 dev wls192u4u1 proto static metric 50 
80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 metric 50 

If I manually delete at least 80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 traffic to tunnel start working. If I remove second route 80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 metric 50, then dnf list installed command makes output again. While those routes are present, dnf list installed hangs for a while and won't produce any output.

Why is plasma-applet making routes to Remote Gateway through tunnel? That doesn't make sense.

In KDE 5.x, applet works fine and only one route for Remote Gateway is created.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora 40
(available in About System)
KDE Plasma Version: 6.0.4
KDE Frameworks Version: 6.1.0
Qt Version: 6.7.0

ADDITIONAL INFORMATION

Installed packages:
mbabinca@fedora:~$ dnf list installed | grep forti
NetworkManager-fortisslvpn.x86_64                    1.4.1-5.20231021gite201da5.fc40       @fedora               
openfortivpn.x86_64                                  1.21.0-4.fc40                         @fedora               
plasma-nm-fortisslvpn.x86_64                         6.0.4-1.fc40                          @updates
Comment 1 Marek 2024-06-09 11:55:14 UTC 
Bug still present in plasma-nm-fortisslvpn 6.0.5-1.fc40.
Comment 2 Ben Cooksley 2024-12-23 18:23:39 UTC 
Bulk transfer as requested in T17796