[rant] nm + vpn sucks
Well, it actually is pretty neat but fails in insuspected ways.
- It does not honor PUSH “dhcp-option DOMAIN”
- After a while it even reverts the nameservers in /etc/resolv.conf to the non-vpn values
- After losing vpn connection (if I restart the vpn server for example) it won’t attempt to reconnect
- There’s no way to say “only allow traffic if connected to vpn” or even “autoconnect to this vpn”
- It just dropped all routes after disconnecting the vpn
- It doesn’t make using RSA keyfobs easier (ideally it would remember the group password + static part of user password)
On the positive side, I now have a decent VPN connecting to all my desktop machines and all servers I administer. Allowing me to secure these servers just a tiny bit more (no SSH outside the tunnel etc.)
I am using nm+vpnc, and it plain sucks. When it works, it works, but when it doesn’t (99% of the time for me recently) it won’t give me any reason WHY. I get just a generic message that “couldn’t connect” and there’s no sign in any logs or anything.
Install and configure resolvconf to solve #2.
But, yeah, in Ubuntu the VPN support sucks. :-(
For me vpn only works when my connection in Roaming mode… but if I have no DHCP on my work - it says that there is no active device :(