Fix the tunelled VPN route setup

0003-vpn-connection-fix-unsetting-the-gateway.patch

@@ -0,0 +1,31 @@
+From 15e4ee69dfeec8dd3670da262c11306de7488156 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Wed, 2 Sep 2015 19:19:18 +0200
+Subject: [PATCH 3/4] vpn-connection: fix unsetting the gateway
+
+Addresses the clash between the two commits which would cause the parent device
+gateway to be overwritten with 0.0.0.0 upon route-based VPN activation:
+
+Fixes: 063677101ab7d43a9aa94c70eb1ca3a201269043
+Fixes: 1465c1d3260712fbe2fd0c78c7a1fcf0fb8ce753
+(cherry picked from commit da2ae8ce4e6cb03931454d7d6fa94866b03f6be2)
+---
+ src/vpn-manager/nm-vpn-connection.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/vpn-manager/nm-vpn-connection.c b/src/vpn-manager/nm-vpn-connection.c
+index c34155e..f0e6149 100644
+--- a/src/vpn-manager/nm-vpn-connection.c
++++ b/src/vpn-manager/nm-vpn-connection.c
+@@ -933,7 +933,7 @@ apply_parent_device_config (NMVpnConnection *connection)
+ 		 * default route. */
+ 		if (vpn4_parent_config) {
+ 			nm_ip4_config_merge (vpn4_parent_config, priv->ip4_config, NM_IP_CONFIG_MERGE_DEFAULT);
+-			nm_ip4_config_set_gateway (vpn4_parent_config, 0);
++			nm_ip4_config_unset_gateway (vpn4_parent_config);
+ 		}
+ 		if (vpn6_parent_config) {
+ 			nm_ip6_config_merge (vpn6_parent_config, priv->ip6_config, NM_IP_CONFIG_MERGE_DEFAULT);
+-- 
+2.4.3
+

0004-device-don-t-reset-NM_UNMANAGED_DEFAULT-when-platfor.patch

@@ -0,0 +1,34 @@
+From e10a8f1f375c9ff669a14674e14f9789b2f321b6 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Wed, 2 Sep 2015 19:39:00 +0200
+Subject: [PATCH 4/4] device: don't reset NM_UNMANAGED_DEFAULT when platform
+ doesn't override this
+
+This would cause the ip_vti0 generic device (that appears upon insertion of
+ip_vti module during libreswan ipsec stack init) to go managed and brought UP.
+Without addresses assigned the device would cause all the VPN traffic to
+disappear in the oblivion.
+
+(cherry picked from commit 1c46ddf196b1e87782049e8f9ee3ada93e0dc85b)
+---
+ src/devices/nm-device.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
+index 5889582..b4e9252 100644
+--- a/src/devices/nm-device.c
++++ b/src/devices/nm-device.c
+@@ -1158,8 +1158,8 @@ nm_device_finish_init (NMDevice *self)
+ 			 * Currently it can happen that NM deletes 127.0.0.1 address. */
+ 			nm_device_set_initial_unmanaged_flag (self, NM_UNMANAGED_DEFAULT, TRUE);
+ 		} else if (priv->platform_link_initialized || (priv->is_nm_owned && nm_device_is_software (self))) {
+-			nm_platform_link_get_unmanaged (NM_PLATFORM_GET, priv->ifindex, &platform_unmanaged);
+-			nm_device_set_initial_unmanaged_flag (self, NM_UNMANAGED_DEFAULT, platform_unmanaged);
++			if (nm_platform_link_get_unmanaged (NM_PLATFORM_GET, priv->ifindex, &platform_unmanaged))
++				nm_device_set_initial_unmanaged_flag (self, NM_UNMANAGED_DEFAULT, platform_unmanaged);
+ 		} else {
+ 			/* Hardware and externally-created software links stay unmanaged
+ 			 * until they are fully initialized by the platform. NM created
+-- 
+2.4.3
+

NetworkManager.spec

@@ -8,7 +8,7 @@
 %define ppp_version %(rpm -q ppp-devel >/dev/null && rpm -q --qf '%%{version}' ppp-devel || echo -n bad)
 
 %define snapshot %{nil}
-%define release_version 2
+%define release_version 3
 %define realversion 1.0.6
 %define epoch_version 1
 
@@ -88,6 +88,8 @@ Patch0: 0000-explain-dns1-dns2.patch
 
 # nm-1-0 backports
 Patch1: 0001-config-bugfix-parse-commandline-options-into-correct.patch
+Patch2: 0003-vpn-connection-fix-unsetting-the-gateway.patch
+Patch3: 0004-device-don-t-reset-NM_UNMANAGED_DEFAULT-when-platfor.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -684,6 +686,9 @@ fi
 %endif
 
 %changelog
+* Tue Sep  8 2015 Lubomir Rintel <lrintel@redhat.com> - 1:1.0.6-3
+- Fix the tunelled VPN route setup
+
 * Fri Aug 28 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:1.0.6-2
 - Fix command line parsing