Hi gang,

I've been searching high and low for an answer to this problem, but I'm just not finding any recent (within this year) posts that address the issue with a solution.

I've configured a PPTP VPN for my workplace on Fedora 18 using NetworkManager under KDE. The basic VPN works fine, except that ALL traffic is routed through the VPN. This is not really optimal. So, I checked the box that says "Use only for resources on this connection." When I do this, I'm not able to send any traffic over the VPN link at all. I am connecting to a Microsoft VPN.

Can anyone help me figure out why this thing refuses to work properly? Is NetworkManager simply broken?

Thanks,
Dave

That sounds like a missing feature in NetworkManager.

A PPTP VPN is basically PPP inside a GRE tunnel. When the remote endpoint assigns an IP address to your PPP interface, it does not actually tell your system anything about the network at the remote end. To route traffic to the remote network, your system may do one of the following:

1. Decide that the VPN tunnel is now your default gateway, which means that you'll always be able to reach the remote network, but all other traffic goes through the tunnel as well
2. Try and make a semi-intelligent guess about the size of the remote network
3. Allow the user to specify a manual route to be added to the routing table whenever the tunnel interface is activated

A Windows client usually does (1), but will attempt (2) if you uncheck the "use default gateway on remote network" by adding a route based on the class of the assigned IP address (which is hardly ever correct). I guess NetworkManager does something similar.

Since there's really no way of knowing the true size/identity of the remote network (short of running a routing protocol), what is needed is a way to do (3). If NetworkManager doesn't offer that functionality (I know nothing at all about NetworkManager), you may be able to use an ip-up script. This script (not to be confused with the Fedora ifup- files) is run by pppd and its sibling pptpd whenever a connection is established. Some distributions have a /etc/ppp/ip-up.d directory where you can place a script that adds the requisite route, or you can modify the /etc/ppp/ip-up script directly.

Be aware that PPTP is fundamentally broken and offers no security. If you use the PPTP client across a public network, an intruder will be able to obtain your login credentials.

NetworkManager does allow for adding routes, but I've been unsuccessful in making it work. I used to use PPTPConfig, and it worked flawlessly. It doesn't seem to function on Fedora 18, though. Too bad.

Thanks for the feedback.
Dave

Then it has to be a bug in NetworkManager, and you could report it to the Fedora project. Since it used to work, there's a good chance it could get fixed quickly.

In the meantime, an ip-up script could function as a workaround.