Bug 486659 - Multiple routes added through different gateways for same Remote Gateway IP - fortisslvpn
Summary: Multiple routes added through different gateways for same Remote Gateway IP -...
Status: REPORTED
Alias: None
Product: plasmashell
Classification: Plasma
Component: Networking in general (show other bugs)
Version: master
Platform: Fedora RPMs Linux
: NOR normal
Target Milestone: 1.0
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-06 08:24 UTC by Marek
Modified: 2024-12-23 18:23 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Marek 2024-05-06 08:24:35 UTC 
SUMMARY
Connection itslef to Fortigate Remote Gateway works using openfortivpn and plasma-nm-fortisslvpn. However nothing can be reached inside tunnel.


Route list while disconnected:

mbabinca@fedora:~$ ip r
default via 192.168.1.1 dev wls192u4u1 proto dhcp src 192.168.1.123 metric 600 
192.168.1.0/24 dev wls192u4u1 proto kernel scope link src 192.168.1.123 metric 600

Route list while connected from cli - everything works fine:

mbabinca@fedora:~$ sudo openfortivpn -u user -p password 80.156.225.162
mbabinca@fedora:~$ ip r
default via 192.168.1.1 dev wls192u4u1 proto dhcp src 192.168.1.123 metric 600 
10.40.33.33 dev ppp0 scope link 
10.40.33.44 dev ppp0 scope link 
10.40.51.0/24 dev ppp0 scope link 
80.156.225.162 via 192.168.1.1 dev wls192u4u1 
192.168.1.0/24 dev wls192u4u1 proto kernel scope link src 192.168.1.123 metric 600


Route list while connected from plasma-nm-fortisslvpn - traffic into tunnel doesn't work:

mbabinca@fedora:~$ ip r
default via 192.168.1.1 dev wls192u4u1 proto dhcp src 192.168.1.123 metric 600 
10.19.83.1 dev ppp0 proto static scope link metric 50 
10.40.33.33 via 10.19.83.1 dev ppp0 proto static metric 50 
10.40.33.44 via 10.19.83.1 dev ppp0 proto static metric 50 
10.40.51.0/24 via 10.19.83.1 dev ppp0 proto static metric 50 
80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 
80.156.225.162 via 192.168.1.1 dev wls192u4u1 proto static metric 50 
80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 metric 50 
192.168.1.0/24 dev wls192u4u1 proto kernel scope link src 192.168.1.123 metric 600 
192.168.1.1 dev wls192u4u1 proto static scope link metric 50

Notice, that for remote gateway 80.156.225.162 three routes are added instead of one while using cli.

80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 
80.156.225.162 via 192.168.1.1 dev wls192u4u1 proto static metric 50 
80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 metric 50 

If I manually delete at least 80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 traffic to tunnel start working. If I remove second route 80.156.225.162 dev ppp0 proto kernel scope link src 10.19.83.1 metric 50, then dnf list installed command makes output again. While those routes are present, dnf list installed hangs for a while and won't produce any output.

Why is plasma-applet making routes to Remote Gateway through tunnel? That doesn't make sense.

In KDE 5.x, applet works fine and only one route for Remote Gateway is created.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora 40
(available in About System)
KDE Plasma Version: 6.0.4
KDE Frameworks Version: 6.1.0
Qt Version: 6.7.0

ADDITIONAL INFORMATION

Installed packages:
mbabinca@fedora:~$ dnf list installed | grep forti
NetworkManager-fortisslvpn.x86_64                    1.4.1-5.20231021gite201da5.fc40       @fedora               
openfortivpn.x86_64                                  1.21.0-4.fc40                         @fedora               
plasma-nm-fortisslvpn.x86_64                         6.0.4-1.fc40                          @updates
Comment 1 Marek 2024-06-09 11:55:14 UTC 
Bug still present in plasma-nm-fortisslvpn 6.0.5-1.fc40.
Comment 2 Ben Cooksley 2024-12-23 18:23:39 UTC 
Bulk transfer as requested in T17796