diff --git a/vpn-daemons/openvpn/ChangeLog b/vpn-daemons/openvpn/ChangeLog
index 84b2bbcdbf..796000daf2 100644
--- a/vpn-daemons/openvpn/ChangeLog
+++ b/vpn-daemons/openvpn/ChangeLog
@@ -1,3 +1,19 @@
+2007-12-07  Dan Williams  <dcbw@redhat.com>
+
+	Patches from Casey Harkins <caseyharkins@gmail.com>
+
+	* src/nm-openvpn-service-openvpn-helper.c
+		- (parse_addr_list): fix off-by-one error
+
+	* src/nm-openvpn-service.c
+		- (nm_openvpn_start_openvpn_binary): don't let openvpn stomp all over
+			the routing table since NM manages that
+
+	* auth-dialog/main.c
+	  src/nm-openvpn-service.h
+	  src/nm-openvpn-service.c
+		- Don't require a certificate password
+
 2007-12-05  Dan Williams  <dcbw@redhat.com>
 
 	Patch from Casey Harkins <caseyharkins@gmail.com>
diff --git a/vpn-daemons/openvpn/auth-dialog/main.c b/vpn-daemons/openvpn/auth-dialog/main.c
index 38b7ee0882..32f4c9c8f6 100644
--- a/vpn-daemons/openvpn/auth-dialog/main.c
+++ b/vpn-daemons/openvpn/auth-dialog/main.c
@@ -386,8 +386,10 @@ main (int argc, char *argv[])
 
 	exit_status = 0;
 
-	if (!info.need_password && !info.need_certpass)
+	if (!info.need_password && !info.need_certpass) {
+		printf ("%s\n%s\n\n\n", NM_OPENVPN_KEY_NOSECRET, "true");
 		goto out;
+	}
 
 	if (get_passwords (&info, retry)) {
 		if (info.need_password)
diff --git a/vpn-daemons/openvpn/src/nm-openvpn-service-openvpn-helper.c b/vpn-daemons/openvpn/src/nm-openvpn-service-openvpn-helper.c
index fc973a85d2..4123fd50f0 100644
--- a/vpn-daemons/openvpn/src/nm-openvpn-service-openvpn-helper.c
+++ b/vpn-daemons/openvpn/src/nm-openvpn-service-openvpn-helper.c
@@ -166,7 +166,7 @@ parse_addr_list (GValue *value_array, const char *str)
 
 	g_strfreev (split);
 
-	if (!value_array && array->len > 1) {
+	if (!value_array && array->len > 0) {
 		value_array = g_slice_new0 (GValue);
 		g_value_init (value_array, DBUS_TYPE_G_UINT_ARRAY);
 		g_value_set_boxed (value_array, array);
diff --git a/vpn-daemons/openvpn/src/nm-openvpn-service.c b/vpn-daemons/openvpn/src/nm-openvpn-service.c
index 66140c80a0..6b553fce13 100644
--- a/vpn-daemons/openvpn/src/nm-openvpn-service.c
+++ b/vpn-daemons/openvpn/src/nm-openvpn-service.c
@@ -101,6 +101,7 @@ static ValidProperty valid_properties[] = {
 	{ NM_OPENVPN_KEY_USERNAME,        G_TYPE_STRING },
 	{ NM_OPENVPN_KEY_PASSWORD,        G_TYPE_STRING },
 	{ NM_OPENVPN_KEY_CERTPASS,        G_TYPE_STRING },
+	{ NM_OPENVPN_KEY_NOSECRET,        G_TYPE_STRING },
 	{ NULL,                           G_TYPE_NONE }
 };
 
@@ -462,6 +463,9 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, GHashTable *properties
 	/* Query on the management socket for user/pass */
 	g_ptr_array_add (openvpn_argv, (gpointer) "--management-query-passwords");
 
+	/* do not let openvpn setup routes, NM will handle it */
+	g_ptr_array_add (openvpn_argv, (gpointer) "--route-noexec");
+
 	/* Now append configuration options which are dependent on the configuration type */
 	switch (connection_type) {
 	case NM_OPENVPN_CONTYPE_X509:
diff --git a/vpn-daemons/openvpn/src/nm-openvpn-service.h b/vpn-daemons/openvpn/src/nm-openvpn-service.h
index 6bb79abb8c..9ace7fb854 100644
--- a/vpn-daemons/openvpn/src/nm-openvpn-service.h
+++ b/vpn-daemons/openvpn/src/nm-openvpn-service.h
@@ -66,6 +66,7 @@
 
 #define NM_OPENVPN_KEY_PASSWORD "password"
 #define NM_OPENVPN_KEY_CERTPASS "cert-pass"
+#define NM_OPENVPN_KEY_NOSECRET "no-secret"
 
 typedef struct {
 	NMVPNPlugin parent;