GNOME Bugzilla – Bug 567122
VPN Fails in Network Manager, works manually
Last modified: 2012-09-17 15:42:07 UTC
I have NetworkManager installed from openSUSE 11.1 repo, with vpnc and NetworkManager-vpnc plugin. I can create a vpn connection in NetworkManager, but when I connect, the indicator flashes quickly, then returns to its previous state. The log messages say: Jan 8 23:35:30 kauai NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.vpnc'... Jan 8 23:35:30 kauai NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 4856 Jan 8 23:35:30 kauai NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' just appeared, activating connections Jan 8 23:35:30 kauai NetworkManager: <info> VPN plugin state changed: 1 Jan 8 23:35:30 kauai NetworkManager: <info> VPN plugin state changed: 3 Jan 8 23:35:30 kauai NetworkManager: <info> VPN connection 'the_vpn_that_never_works' (Connect) reply received. Jan 8 23:35:30 kauai NetworkManager: <info> VPN plugin failed: 1 Jan 8 23:35:30 kauai NetworkManager: <info> VPN plugin state changed: 6 Jan 8 23:35:30 kauai NetworkManager: <info> VPN plugin state change reason: 0 Jan 8 23:35:30 kauai NetworkManager: <WARN> connection_state_changed(): Could not process the request because no VPN connection was active. Jan 8 23:35:30 kauai NetworkManager: <debug> [1231475730.625712] run_netconfig(): Spawning '/sbin/netconfig modify --service NetworkManager' Jan 8 23:35:30 kauai NetworkManager: <debug> [1231475730.635403] write_to_netconfig(): Writing to netconfig: INTERFACE='wlan0' Jan 8 23:35:30 kauai NetworkManager: <debug> [1231475730.635827] write_to_netconfig(): Writing to netconfig: DNSSEARCH='myhome.westell.com myhome.westell.com' Jan 8 23:35:30 kauai NetworkManager: <debug> [1231475730.636060] write_to_netconfig(): Writing to netconfig: DNSSERVERS='192.168.1.1 192.168.1.1' Jan 8 23:35:30 kauai NetworkManager: <info> Clearing nscd hosts cache. Jan 8 23:35:30 kauai NetworkManager: <info> Policy set 'Auto 06B408495811' (wlan0) as default for routing and DNS. Jan 8 23:35:42 kauai NetworkManager: <debug> [1231475742.634129] ensure_killed(): waiting for vpn service pid 4856 to exit Jan 8 23:35:42 kauai NetworkManager: <debug> [1231475742.634595] ensure_killed(): vpn service pid 4856 cleaned up It seems to be dying at the line "VPN plugin failed: 1". If I run vpnc as root, I can enter in the exact same information (gateway, group name, and group pass) manually for the vpn connection, and it will successfully connect to my vpn network. Help!
Can you paste in your vpnc config file (obscuring sensitive information of course)?
(In reply to comment #1) > Can you paste in your vpnc config file (obscuring sensitive information of > course)? > Greetings, this is the configuration from /etc/NetworkManager/system-connections/myvpn: [connection] id=myvpn uuid=9a3a01d3-1513-425b-875b-9cb812b79dfd type=vpn autoconnect=false timestamp=0 [vpn] service-type=org.freedesktop.NetworkManager.vpnc IPSec ID=vpngroupname DPD idle timeout (our side)=90 IPSec gateway=0.0.0.0 NAT Traversal Mode=natt [vpn-secrets] IPSec secret=secret [ipv4] method=auto ignore-auto-routes=false ignore-auto-dns=false
The "IPSec gateway" bit looks suspicious. That should be the IP address of your VPN concentrator. Was this connection created with the connection editor?
I obscured 'sensitive information' in the above configuration. Those items were: id IPSec ID IPSec gateway IPSec secret
Can you do the following? 1) as root, 'killall -TERM nm-vpnc-service' 2) as root, 'killall -TERM vpnc' 3) as root, '/usr/libexec/nm-vpnc-service' 4) Try your connection from the menu again Grab the output from step #3 and paste it in here. It'll provide more info on what's wrong, since it includes the error messages directly from vpnc.
This is the output from those commands. I ran nm-vpnc-service 3 times. The first was with the config created by NetworkManager and "Configure VPN...". I added "Xauth username=", then ran it the second time. I added "Xauth password=", then ran it the 3rd time. The 3rd time, no output to the terminal, and no connection to the VPN. --------------------------------- terminal output: kauai:/home/davidz # killall -TERM nm-vpnc-service nm-vpnc-service: no process killed kauai:/home/davidz # killall -TERM vpnc vpnc: no process killed kauai:/home/davidz # /usr/lib/nm-vpnc-service ** Message: <info> vpnc started with pid 11632 /usr/sbin/vpnc: missing Xauth username ** (process:11626): WARNING **: <WARN> vpnc_watch_cb(): vpnc exited with error code 1 kauai:/home/davidz # /usr/lib/nm-vpnc-service ** Message: <info> vpnc started with pid 11805 /usr/sbin/vpnc: missing Xauth password ** (process:11802): WARNING **: <WARN> vpnc_watch_cb(): vpnc exited with error code 1 kauai:/home/davidz # /usr/lib/nm-vpnc-service kauai:/home/davidz #
Hmm, as a workaround, can you try to enter a username into the connection editor for that connection? Usually your login name is used if you don't provide a username, but the: /usr/sbin/vpnc: missing Xauth username indicates that may not be working... Also, which specific version of NetworkMananager and NetworkManager-vpnc are you using?
Created attachment 142319 [details] VPN Settings Dialog These are the settings I am using. Suppressed fields: Gateway, Group Name, Group Password
Hi, I tried setting the username (see the attached image for a screenshot of the settings dialog), but the behavior is still the same. Versions: NetworkManager: Version: 0.7.0.r4359 Release: 15.2.2 NetworkManager-vpnc: Version: 0.7.0.r4274 Release: 1.23 Please advise, David (In reply to comment #7) > Hmm, as a workaround, can you try to enter a username into the connection > editor for that connection? Usually your login name is used if you don't > provide a username, but the: > > /usr/sbin/vpnc: missing Xauth username > > indicates that may not be working... > > Also, which specific version of NetworkMananager and NetworkManager-vpnc are > you using?
Reopening as the requested information has been provided.
I can confirm this in openSUSE 11.4 with GNOME 3. The error message provided by the GUI is German localised but it essentially says failed to load vpn service. Opening a root terminal and starting vpnc entering everything manually however works. Versions used: NetworkManager 0.8.9997-2.1 NetworkManager-vpnc-gnome 0.8.999-1.1 vpnc 0.5.3r449-9.1
I'm not sure whether this is actually still the original problem. But vpnc isn't working for me in NetworkManager, as well. I reported a bug for Fedora 15: https://bugzilla.redhat.com/show_bug.cgi?id=710545 Since the "/var/run/vpnc/pid"-error disappeared some days ago, I have no idea what could be the reason for this behaviour.
Hi! This is the same for me. I reported a bug for Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658269.
Hi! If this can help, the option that is problematic is --local-port 0. I've tried to run VPNC manually with all the options network-manager-vpnc uses and it works with all the parameters except --local-port 0. This is the Redhat bug report that led me to this conclusion but I can't forward this information to their Bugzilla as I've no account on it. Tuxor can you forward it for me please? Cheers
Thanks Yann, I forwarded your post and I'm going to check that finding in my scenario as soon as possible. (Unfortunately, I have to wait till October before I'm able to run tests.)
Thanks Tuxor. After investigation it seems like some Cisco VPN needs the client to use the port 500 as their local port (--local-port 0 means use random local port). For these VPN one must not use the --local-port option. So the bug we are talking about here seems to be an UI bug: it lacks an option in the configuration dialog of the VPN. I didn't noticed this bug before because it was previously possible to import a .pcf file which contained all the configuration for the VPN (mine contains the UseLegacyIKEPort=1 option). Now we can't import configuration files any more (this seems to be the case for other kind of VPN too) and we have to manually set the VPN which is impossible due to the lack of option for the local port. Cheers
--local-port 0 has been used as default for some time, because vpnc's default 500 causes problems when some other IKE software was installed (like openswan), which bound ISAKMP port 500. Anyway, I've added an configuration option for local port to "Advanced dialog" so that arbitrary local port can be set: e0fe5b3b12e94fbcbca305b358f962bf6a5cbfa1 (master) In the meantime, you can add this line Local Port=500 into [vpn] section of /etc/NetworkManager/system-connections/<your_vpn_file> (In reply to comment #16) > So the bug we are talking about here seems to be an UI bug: it lacks an option > in the configuration dialog of the VPN. I didn't noticed this bug before > because it was previously possible to import a .pcf file which contained all > the configuration for the VPN (mine contains the UseLegacyIKEPort=1 option). > Now we can't import configuration files any more (this seems to be the case for > other kind of VPN too) and we have to manually set the VPN which is impossible > due to the lack of option for the local port. It's still possible to import a VPN configuration. However a GUI has changed. Instead of "Import"/"Export" buttons on VPN tab, now you would click "Add" botton and then select the last entry in the combobox - "Import a saved VPN configuration ..."
(In reply to comment #17) > --local-port 0 has been used as default for some time, because vpnc's default > 500 causes problems when some other IKE software was installed (like openswan), > which bound ISAKMP port 500. > > Anyway, I've added an configuration option for local port to "Advanced dialog" > so that arbitrary local port can be set: > e0fe5b3b12e94fbcbca305b358f962bf6a5cbfa1 (master) Great, thanks! > > In the meantime, you can add this line > Local Port=500 > into [vpn] section of /etc/NetworkManager/system-connections/<your_vpn_file> That's actually what I did. > > > (In reply to comment #16) > > So the bug we are talking about here seems to be an UI bug: it lacks an option > > in the configuration dialog of the VPN. I didn't noticed this bug before > > because it was previously possible to import a .pcf file which contained all > > the configuration for the VPN (mine contains the UseLegacyIKEPort=1 option). > > Now we can't import configuration files any more (this seems to be the case for > > other kind of VPN too) and we have to manually set the VPN which is impossible > > due to the lack of option for the local port. > > It's still possible to import a VPN configuration. However a GUI has changed. > Instead of "Import"/"Export" buttons on VPN tab, now you would click "Add" > botton and then select the last entry in the combobox - "Import a saved VPN > configuration ..." I'm still using GNOME 3.4 so maybe the GUI has changed since but I found no way to import a configuration file from the network section of the control center. I know how to do it using nm-connection-editor but this interface is not directly advertised in my GNOME desktop.