Bug 606998 – Networkmanager won't connect to openvpn

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 606998 - Networkmanager won't connect to openvpn


Summary:	Networkmanager won't connect to openvpn


Status:	RESOLVED FIXED

Product:	NetworkManager
Classification:	Platform
Component:	VPN: openvpn
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Dan Williams
QA Contact:	Dan Williams

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-01-14 19:22 UTC by David Rosenstrauch
Modified:	2010-02-09 01:12 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
nm-openvpn-service-openvpn-helper patch (1.18 KB, patch) 2010-02-02 15:03 UTC, Frederic Danis	none	Details \| Review

Description David Rosenstrauch 2010-01-14 19:22:40 UTC

I'm trying to use NetworkManager to connect to my VPN, but it's not working.  Worse, the logs provide little or no information as to why.

I'm able to connect fine from a command line script, so I know the VPN works.  I just can't configure NetworkManager to connect to it.

The GUI I'm using is KDE4 NetworkManager plasmoid (r1047027).  Other related version info:

Distro:	Arch Linux
Kernel:	2.6.32.3
NetworkManager:	0.7.2
OpenVPN:	2.1_rc20

I've configured the GUI as follows:

Gateway:	the public IP of the remote VPN
Connection type:	pre-shared key
Shared Key:	/tmp/static.key
Local IP:	10.1.0.2
Remote IP:	10.1.0.1

Log output is as follows:

Jan 14 12:02:56 daroselin NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Jan 14 12:02:56 daroselin NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 7261
Jan 14 12:02:56 daroselin NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Jan 14 12:02:56 daroselin NetworkManager: <info>  VPN plugin state changed: 1
Jan 14 12:02:56 daroselin NetworkManager: <info>  VPN plugin state changed: 3
Jan 14 12:02:56 daroselin NetworkManager: <info>  VPN connection 'DARSYS' (Connect) reply received.
Jan 14 12:02:56 daroselin nm-openvpn[7263]: OpenVPN 2.1_rc20 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] built on Oct 18 2009
Jan 14 12:02:56 daroselin nm-openvpn[7263]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 14 12:02:56 daroselin nm-openvpn[7263]: LZO compression initialized
Jan 14 12:02:57 daroselin kernel: tun0: Disabled Privacy Extensions
Jan 14 12:02:57 daroselin nm-openvpn[7263]: TUN/TAP device tun0 opened
Jan 14 12:02:57 daroselin nm-openvpn[7263]: /sbin/ifconfig tun0 10.1.0.2 pointopoint 10.1.0.1 mtu 1500
Jan 14 12:02:57 daroselin nm-openvpn[7263]: /usr/lib/networkmanager/nm-openvpn-service-openvpn-helper tun0 1500 1545 10.1.0.2 10.1.0.1 init
Jan 14 12:02:57 daroselin NetworkManager: <info>  VPN plugin failed: 2
Jan 14 12:02:57 daroselin nm-openvpn[7263]: script failed: external program exited with error status: 1
Jan 14 12:02:57 daroselin nm-openvpn[7263]: Exiting
Jan 14 12:02:57 daroselin NetworkManager: <info>  VPN plugin failed: 1
Jan 14 12:02:57 daroselin NetworkManager: <info>  VPN plugin state changed: 6
Jan 14 12:02:57 daroselin NetworkManager: <info>  VPN plugin state change reason: 0
Jan 14 12:02:57 daroselin NetworkManager: <WARN>  connection_state_changed(): Could not process the request because no VPN connection was active.
Jan 14 12:02:57 daroselin NetworkManager: <info>  Policy set 'Auto eth0' (eth0) as default for routing and DNS.
Jan 14 12:03:09 daroselin NetworkManager: <debug> [1263488589.000940] ensure_killed(): waiting for vpn service pid 7261 to exit
Jan 14 12:03:09 daroselin NetworkManager: <debug> [1263488589.001027] ensure_killed(): vpn service pid 7261 cleaned up


I haven't got the foggiest idea what's causing that "VPN plugin failed: 2".  Anyone have an idea how to fix this - or even debug it?

Comment 1 Dan Williams 2010-01-16 01:17:34 UTC

If you have a reasonably current version of NetworkManager-openvpn (0.7.2 or later), you can follow these directions:

http://live.gnome.org/NetworkManager/Debugging

under the "Debugging NetworkManager-openvpn" section near the bottom.  Then we can look at the log output of openvpn to figure out what's going on.

Comment 2 David Rosenstrauch 2010-01-16 01:43:43 UTC

Will do.  Thanks.

Comment 3 David Rosenstrauch 2010-01-19 19:32:41 UTC

Here's the debugging output:


[darose@daroselin ~]$ sudo OPENVPN_DEBUG=1 /usr/lib/networkmanager/nm-openvpn-service
WARNING: All config files need .conf: /etc/modprobe.d/framebuffer_blacklist.pacsave, it will be ignored in a future release.
** Message: <info>  openvpn started with pid 7313

Tue Jan 19 14:25:15 2010 us=622738 Current Parameter Settings:
Tue Jan 19 14:25:15 2010 us=622807   config = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=622819   mode = 0
Tue Jan 19 14:25:15 2010 us=622830   persist_config = DISABLED
Tue Jan 19 14:25:15 2010 us=622840   persist_mode = 1
Tue Jan 19 14:25:15 2010 us=622850   show_ciphers = DISABLED
Tue Jan 19 14:25:15 2010 us=622861   show_digests = DISABLED
Tue Jan 19 14:25:15 2010 us=622871   show_engines = DISABLED
Tue Jan 19 14:25:15 2010 us=622881   genkey = DISABLED
Tue Jan 19 14:25:15 2010 us=622896   key_pass_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=622909   show_tls_ciphers = DISABLED
Tue Jan 19 14:25:15 2010 us=622921 Connection profiles [default]:
Tue Jan 19 14:25:15 2010 us=622932   proto = udp
Tue Jan 19 14:25:15 2010 us=622941   local = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=622952   local_port = 0
Tue Jan 19 14:25:15 2010 us=622962   remote = '<ip address of my vpn>'
Tue Jan 19 14:25:15 2010 us=622972   remote_port = 1194
Tue Jan 19 14:25:15 2010 us=622982   remote_float = DISABLED
Tue Jan 19 14:25:15 2010 us=622992   bind_defined = DISABLED
Tue Jan 19 14:25:15 2010 us=623003   bind_local = DISABLED
Tue Jan 19 14:25:15 2010 us=623013   connect_retry_seconds = 5
Tue Jan 19 14:25:15 2010 us=623046   connect_timeout = 10
Tue Jan 19 14:25:15 2010 us=623061   connect_retry_max = 0
Tue Jan 19 14:25:15 2010 us=623085   socks_proxy_server = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623109   socks_proxy_port = 0
Tue Jan 19 14:25:15 2010 us=623158   socks_proxy_retry = DISABLED
Tue Jan 19 14:25:15 2010 us=623170 Connection profiles END
Tue Jan 19 14:25:15 2010 us=623180   remote_random = DISABLED
Tue Jan 19 14:25:15 2010 us=623190   ipchange = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623200   dev = 'tun'
Tue Jan 19 14:25:15 2010 us=623210   dev_type = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623220   dev_node = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623230   lladdr = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623240   topology = 1
Tue Jan 19 14:25:15 2010 us=623250   tun_ipv6 = DISABLED
Tue Jan 19 14:25:15 2010 us=623260   ifconfig_local = '10.1.0.2'
Tue Jan 19 14:25:15 2010 us=623270   ifconfig_remote_netmask = '10.1.0.1'
Tue Jan 19 14:25:15 2010 us=623280   ifconfig_noexec = DISABLED
Tue Jan 19 14:25:15 2010 us=623290   ifconfig_nowarn = DISABLED
Tue Jan 19 14:25:15 2010 us=623300   shaper = 0
Tue Jan 19 14:25:15 2010 us=623310   tun_mtu = 1500
Tue Jan 19 14:25:15 2010 us=623320   tun_mtu_defined = ENABLED
Tue Jan 19 14:25:15 2010 us=623330   link_mtu = 1500
Tue Jan 19 14:25:15 2010 us=623340   link_mtu_defined = DISABLED
Tue Jan 19 14:25:15 2010 us=623350   tun_mtu_extra = 0
Tue Jan 19 14:25:15 2010 us=623360   tun_mtu_extra_defined = DISABLED
Tue Jan 19 14:25:15 2010 us=623375   fragment = 0
Tue Jan 19 14:25:15 2010 us=623385   mtu_discover_type = -1
Tue Jan 19 14:25:15 2010 us=623395   mtu_test = 0
Tue Jan 19 14:25:15 2010 us=623407   mlock = DISABLED
Tue Jan 19 14:25:15 2010 us=623420   keepalive_ping = 0
Tue Jan 19 14:25:15 2010 us=623429   keepalive_timeout = 0
Tue Jan 19 14:25:15 2010 us=623439   inactivity_timeout = 0
Tue Jan 19 14:25:15 2010 us=623449   ping_send_timeout = 0
Tue Jan 19 14:25:15 2010 us=623459   ping_rec_timeout = 0
Tue Jan 19 14:25:15 2010 us=623469   ping_rec_timeout_action = 0
Tue Jan 19 14:25:15 2010 us=623478   ping_timer_remote = DISABLED
Tue Jan 19 14:25:15 2010 us=623488   remap_sigusr1 = 0
Tue Jan 19 14:25:15 2010 us=623498   explicit_exit_notification = 0
Tue Jan 19 14:25:15 2010 us=623509   persist_tun = ENABLED
Tue Jan 19 14:25:15 2010 us=623519   persist_local_ip = DISABLED
Tue Jan 19 14:25:15 2010 us=623529   persist_remote_ip = DISABLED
Tue Jan 19 14:25:15 2010 us=623539   persist_key = ENABLED
Tue Jan 19 14:25:15 2010 us=623549   mssfix = 1450
Tue Jan 19 14:25:15 2010 us=623559   passtos = DISABLED
Tue Jan 19 14:25:15 2010 us=623569   resolve_retry_seconds = 1000000000
Tue Jan 19 14:25:15 2010 us=623579   username = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623589   groupname = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623599   chroot_dir = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623609   cd_dir = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623619   writepid = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623629   up_script = '/usr/lib/networkmanager/nm-openvpn-service-openvpn-helper'
Tue Jan 19 14:25:15 2010 us=623640   down_script = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623650   down_pre = DISABLED
Tue Jan 19 14:25:15 2010 us=623660   up_restart = ENABLED
Tue Jan 19 14:25:15 2010 us=623669   up_delay = DISABLED
Tue Jan 19 14:25:15 2010 us=623679   daemon = DISABLED
Tue Jan 19 14:25:15 2010 us=623689   inetd = 0
Tue Jan 19 14:25:15 2010 us=623699   log = DISABLED
Tue Jan 19 14:25:15 2010 us=623709   suppress_timestamps = DISABLED
Tue Jan 19 14:25:15 2010 us=623719   nice = 0
Tue Jan 19 14:25:15 2010 us=623729   verbosity = 10
Tue Jan 19 14:25:15 2010 us=623738   mute = 0
Tue Jan 19 14:25:15 2010 us=623748   gremlin = 0
Tue Jan 19 14:25:15 2010 us=623758   status_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623768   status_file_version = 1
Tue Jan 19 14:25:15 2010 us=623777   status_file_update_freq = 60
Tue Jan 19 14:25:15 2010 us=623787   occ = ENABLED
Tue Jan 19 14:25:15 2010 us=623797   rcvbuf = 65536
Tue Jan 19 14:25:15 2010 us=623807   sndbuf = 65536
Tue Jan 19 14:25:15 2010 us=623818   sockflags = 0
Tue Jan 19 14:25:15 2010 us=623827   fast_io = DISABLED
Tue Jan 19 14:25:15 2010 us=623838   lzo = 0
Tue Jan 19 14:25:15 2010 us=623848   route_script = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623858   route_default_gateway = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623868   route_default_metric = 0
Tue Jan 19 14:25:15 2010 us=623878   route_noexec = ENABLED
Tue Jan 19 14:25:15 2010 us=623888   route_delay = 0
Tue Jan 19 14:25:15 2010 us=623900   route_delay_window = 30
Tue Jan 19 14:25:15 2010 us=623910   route_delay_defined = DISABLED
Tue Jan 19 14:25:15 2010 us=623921   route_nopull = DISABLED
Tue Jan 19 14:25:15 2010 us=623932   route_gateway_via_dhcp = DISABLED
Tue Jan 19 14:25:15 2010 us=623943   max_routes = 100
Tue Jan 19 14:25:15 2010 us=623953   allow_pull_fqdn = DISABLED
Tue Jan 19 14:25:15 2010 us=623963   management_addr = '127.0.0.1'
Tue Jan 19 14:25:15 2010 us=623974   management_port = 1194
Tue Jan 19 14:25:15 2010 us=623984   management_user_pass = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=623995   management_log_history_cache = 250
Tue Jan 19 14:25:15 2010 us=624005   management_echo_buffer_size = 100
Tue Jan 19 14:25:15 2010 us=624016   management_write_peer_info_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=624026   management_client_user = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=624036   management_client_group = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=624047   management_flags = 2
Tue Jan 19 14:25:15 2010 us=624057   shared_secret_file = '/etc/openvpn/static.key'
Tue Jan 19 14:25:15 2010 us=624067   key_direction = 0
Tue Jan 19 14:25:15 2010 us=624077   ciphername_defined = ENABLED
Tue Jan 19 14:25:15 2010 us=624088   ciphername = 'BF-CBC'
Tue Jan 19 14:25:15 2010 us=625533   authname_defined = ENABLED
Tue Jan 19 14:25:15 2010 us=625548   authname = 'SHA1'
Tue Jan 19 14:25:15 2010 us=625559   prng_hash = 'SHA1'
Tue Jan 19 14:25:15 2010 us=625569   prng_nonce_secret_len = 16
Tue Jan 19 14:25:15 2010 us=625579   keysize = 0
Tue Jan 19 14:25:15 2010 us=625589   engine = DISABLED
Tue Jan 19 14:25:15 2010 us=625599   replay = ENABLED
Tue Jan 19 14:25:15 2010 us=625610   mute_replay_warnings = DISABLED
Tue Jan 19 14:25:15 2010 us=625620   replay_window = 64
Tue Jan 19 14:25:15 2010 us=625630   replay_time = 15
Tue Jan 19 14:25:15 2010 us=625640   packet_id_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625650   use_iv = ENABLED
Tue Jan 19 14:25:15 2010 us=625660   test_crypto = DISABLED
Tue Jan 19 14:25:15 2010 us=625670   tls_server = DISABLED
Tue Jan 19 14:25:15 2010 us=625680   tls_client = DISABLED
Tue Jan 19 14:25:15 2010 us=625690   key_method = 2
Tue Jan 19 14:25:15 2010 us=625699   ca_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625709   ca_path = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625719   dh_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625729   cert_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625739   priv_key_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625749   pkcs12_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625759   cipher_list = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625769   tls_verify = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625780   tls_remote = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625790   crl_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625800   ns_cert_type = 0
Tue Jan 19 14:25:15 2010 us=625810   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625820   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625830   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625839   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625857   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625867   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625877   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625887   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625896   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625906   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625916   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625925   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625935   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625944   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625955   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625964   remote_cert_ku[i] = 0
Tue Jan 19 14:25:15 2010 us=625974   remote_cert_eku = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=625984   tls_timeout = 2
Tue Jan 19 14:25:15 2010 us=625994   renegotiate_bytes = 0
Tue Jan 19 14:25:15 2010 us=626004   renegotiate_packets = 0
Tue Jan 19 14:25:15 2010 us=626014   renegotiate_seconds = 3600
Tue Jan 19 14:25:15 2010 us=626024   handshake_window = 60
Tue Jan 19 14:25:15 2010 us=626034   transition_window = 3600
Tue Jan 19 14:25:15 2010 us=626044   single_session = DISABLED
Tue Jan 19 14:25:15 2010 us=626054   tls_exit = DISABLED
Tue Jan 19 14:25:15 2010 us=626064   tls_auth_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=626082   server_network = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=626094   server_netmask = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=626105   server_bridge_ip = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=626116   server_bridge_netmask = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=626127   server_bridge_pool_start = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=626138   server_bridge_pool_end = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=626148   ifconfig_pool_defined = DISABLED
Tue Jan 19 14:25:15 2010 us=626159   ifconfig_pool_start = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=626170   ifconfig_pool_end = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=626180   ifconfig_pool_netmask = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=626191   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=626201   ifconfig_pool_persist_refresh_freq = 600
Tue Jan 19 14:25:15 2010 us=626236   n_bcast_buf = 256
Tue Jan 19 14:25:15 2010 us=626912   tcp_queue_limit = 64
Tue Jan 19 14:25:15 2010 us=626925   real_hash_size = 256
Tue Jan 19 14:25:15 2010 us=626936   virtual_hash_size = 256
Tue Jan 19 14:25:15 2010 us=626945   client_connect_script = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=626956   learn_address_script = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=626975   client_disconnect_script = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=626985   client_config_dir = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=626997   ccd_exclusive = DISABLED
Tue Jan 19 14:25:15 2010 us=627007   tmp_dir = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=627021   push_ifconfig_defined = DISABLED
Tue Jan 19 14:25:15 2010 us=627033   push_ifconfig_local = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=627044   push_ifconfig_remote_netmask = 0.0.0.0
Tue Jan 19 14:25:15 2010 us=627060   enable_c2c = DISABLED
Tue Jan 19 14:25:15 2010 us=627069   duplicate_cn = DISABLED
Tue Jan 19 14:25:15 2010 us=627088   cf_max = 0
Tue Jan 19 14:25:15 2010 us=627098   cf_per = 0
Tue Jan 19 14:25:15 2010 us=627108   max_clients = 1024
Tue Jan 19 14:25:15 2010 us=627118   max_routes_per_client = 256
Tue Jan 19 14:25:15 2010 us=627128   auth_user_pass_verify_script = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=627141   auth_user_pass_verify_script_via_file = DISABLED
Tue Jan 19 14:25:15 2010 us=627151   ssl_flags = 0
Tue Jan 19 14:25:15 2010 us=627160   port_share_host = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=627170   port_share_port = 0
Tue Jan 19 14:25:15 2010 us=627180   client = DISABLED
Tue Jan 19 14:25:15 2010 us=627190   pull = DISABLED
Tue Jan 19 14:25:15 2010 us=627200   auth_user_pass_file = '[UNDEF]'
Tue Jan 19 14:25:15 2010 us=627214 OpenVPN 2.1_rc20 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] built on Oct 18 2009
Tue Jan 19 14:25:15 2010 us=627254 PO_INIT maxevents=1 flags=0x00000002
Tue Jan 19 14:25:15 2010 us=627305 MANAGEMENT: TCP Socket listening on 127.0.0.1:1194
Tue Jan 19 14:25:15 2010 us=627352 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Jan 19 14:25:15 2010 us=627369 PO_INIT maxevents=4 flags=0x00000002
Tue Jan 19 14:25:15 2010 us=627382 PID packet_id_init seq_backtrack=64 time_backtrack=15
Tue Jan 19 14:25:15 2010 us=627469 CRYPTO INFO: n_DES_cblocks=0
Tue Jan 19 14:25:15 2010 us=627481 CRYPTO INFO: n_DES_cblocks=0
Tue Jan 19 14:25:15 2010 us=627491 CRYPTO INFO: n_DES_cblocks=0
Tue Jan 19 14:25:15 2010 us=627502 CRYPTO INFO: n_DES_cblocks=0
Tue Jan 19 14:25:15 2010 us=627581 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 19 14:25:15 2010 us=627597 Static Encrypt: CIPHER KEY: 99fd3e34 aea38da5 02809946 a6160fd7
Tue Jan 19 14:25:15 2010 us=627610 Static Encrypt: CIPHER block_size=8 iv_size=8
Tue Jan 19 14:25:15 2010 us=627634 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 19 14:25:15 2010 us=627651 Static Encrypt: HMAC KEY: fe162b56 86ab0a38 8d423d14 b76dbf58 9a3f1274
Tue Jan 19 14:25:15 2010 us=635137 Static Encrypt: HMAC size=20 block_size=64
Tue Jan 19 14:25:15 2010 us=635215 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 19 14:25:15 2010 us=635231 Static Decrypt: CIPHER KEY: 99fd3e34 aea38da5 02809946 a6160fd7
Tue Jan 19 14:25:15 2010 us=635242 Static Decrypt: CIPHER block_size=8 iv_size=8
Tue Jan 19 14:25:15 2010 us=635256 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 19 14:25:15 2010 us=635272 Static Decrypt: HMAC KEY: fe162b56 86ab0a38 8d423d14 b76dbf58 9a3f1274
Tue Jan 19 14:25:15 2010 us=635283 Static Decrypt: HMAC size=20 block_size=64
Tue Jan 19 14:25:15 2010 us=635313 MTU DYNAMIC mtu=1450, flags=2, 1544 -> 1450
Tue Jan 19 14:25:15 2010 us=635337 RESOLVE_REMOTE flags=0x0101 phase=1 rrs=0 sig=-1 status=1
Tue Jan 19 14:25:15 2010 us=635418 GDG: route[1] 192.168.1.0/255.255.255.0/0.0.0.0 m=1
Tue Jan 19 14:25:15 2010 us=635438 GDG: route[2] 0.0.0.0/0.0.0.0/192.168.1.1 m=0
Tue Jan 19 14:25:15 2010 us=635465 GDG: best=192.168.1.1[2] lm=0
Tue Jan 19 14:25:15 2010 us=636286 TUN/TAP device tun0 opened
Tue Jan 19 14:25:15 2010 us=636310 TUN/TAP TX queue length set to 100
Tue Jan 19 14:25:15 2010 us=636344 /sbin/ifconfig tun0 10.1.0.2 pointopoint 10.1.0.1 mtu 1500
Tue Jan 19 14:25:15 2010 us=638796 /usr/lib/networkmanager/nm-openvpn-service-openvpn-helper tun0 1500 1544 10.1.0.2 10.1.0.1 init

** (process:7315): WARNING **: <WARN>  helper_failed(): nm-openvpn-service-openvpn-helper did not receive a valid VPN Gateway from openvpn

Tue Jan 19 14:25:15 2010 us=647570 script failed: external program exited with error status: 1
Tue Jan 19 14:25:15 2010 us=647597 Exiting

** (process:7311): WARNING **: <WARN>  openvpn_watch_cb(): openvpn exited with error code 1


Any ideas?

Thanks,

DR

Comment 4 Dan Williams 2010-01-19 23:39:05 UTC

Ok, this looks to be that the "trusted_ip" environment variable (whcih should be the public IP of the openvpn peer) is not getting set.  That's most likely a bug in NetworkManager-openvpn.  Are you familiar with the method of getting a program's environment by doing the following?

1) rename nm-openvpn-service-openvpn-helper to nm-openvpn-service-openvpn-helper.ORIG
2) write a small script called nm-openvpn-service-openvpn-helper that is simply:

#!/bin/sh

env > /tmp/openvpn.env
nm-openvpn-service-openvpn-helper.ORIG $@

3) then recreate the error, and lets see what /tmp/openvpn.env contains.


That will help me debug the issue.  If you need more help with this procedure just let me know.

Comment 5 Dan Williams 2010-01-19 23:42:38 UTC

I forgot: step 2.5 should be "chmod 755 nm-openvpn-service-openvpn-helper" to ensure that the environment dumping script is executable.

Comment 6 Dan Williams 2010-01-19 23:43:37 UTC

And make sure that nm-openvpn-service-openvpn-helper env dump script is in the same location as the original nm-openvpn-service-openvpn-helper.

To get back to a clean state, just:

mv nm-openvpn-service-openvpn-helper.ORIG nm-openvpn-service-openvpn-helper

Comment 7 David Rosenstrauch 2010-01-20 14:40:38 UTC

[darose@daroselin networkmanager]$ cat /tmp/openvpn.env
ifconfig_remote=10.1.0.1
ifconfig_local=10.1.0.2
proto_1=udp
tun_mtu=1500
script_type=up
verb=1
local_port_1=0
dev=tun0
remote_port_1=1194
PWD=/
daemon=0
SHLVL=1
script_context=init
daemon_start_time=1263998311
daemon_pid=5208
daemon_log_redirect=0
link_mtu=1544
remote_1=<ip address of my VPN>
_=/usr/bin/env

Comment 8 Dan Williams 2010-01-20 22:17:59 UTC

thanks, I guess in this case we'll need to fake the trusted IP or resolve the hostname of the VPN server/gateway.

Comment 9 Frederic Danis 2010-02-02 15:03:34 UTC

Created attachment 152837 [details] [review]
nm-openvpn-service-openvpn-helper patch

Comment 10 Frederic Danis 2010-02-02 15:05:19 UTC

Hello,

If found the same problem on Ubuntu 9.04 and 9.10 with openvpn (2.1~rc19-1ubuntu1) and network-manager-openvpn (0.7.1~rc4.1.20090323+bzr27-0ubuntu2).
When using the pre-shared key, the vpn connection fails.

I create a little patch (see previous comment) allowing me to connect correctly.
When the "trusted_ip" environment variable is not set by openvpn, it it is replaced by the "remote_1" environment variable.
This patch also allows to use the FQDN name for the gateway instead of the IP address (as this works at openvpn level but fails in the network manager openvpn plug-in).

Hope this helps

Comment 11 Dan Williams 2010-02-02 18:07:54 UTC

(In reply to comment #9)
> Created an attachment (id=152837) [details] [review]
> nm-openvpn-service-openvpn-helper patch

Much better solution than I was going to do; thanks!

Comment 12 Dan Williams 2010-02-02 22:59:24 UTC

Committed a slightly different version using getaddrinfo() (which is what we're supposed to use these days instead of gethostbyname) based on what I'd done for the PPtP plugin.  The idea of using remote_1 was a good one, thanks.

1f19af065e71cd3f17e1720f09c637e8f2e8fbe3

thanks!

Comment 13 Dan Williams 2010-02-02 23:00:20 UTC

0.7.x: 1f19af065e71cd3f17e1720f09c637e8f2e8fbe3

Comment 14 David Rosenstrauch 2010-02-07 15:42:28 UTC

Thanks much for the fix!

Is this included in the 0.7.999 release?

Comment 15 Dan Williams 2010-02-09 01:12:02 UTC

(In reply to comment #14)
> Thanks much for the fix!
> 
> Is this included in the 0.7.999 release?

No, but it'll hit the final 0.8 release.