GNOME Bugzilla – Bug 731372
Cannot connect to VPN via Network Manager (OpenVPN)
Last modified: 2014-06-29 11:19:46 UTC
I use NetworkManager-0.9.8.10 on a Gentoo Linux system. I'm trying to connect to a VPN via the OpenVPN plugin, but I can't. The connection goes to "Off" state after a 10-15 seconds only, and I am never given a new IP address. Network Manager also never asks me for a password, even if I set the "Always Ask" option. Relevant messages from journalctl: Jun 08 17:50:13 desktop NetworkManager[137]: <error> [1402242613.78229] [nm-vpn-connection.c:1374] get_secrets_cb(): Failed to request VPN secrets #2: (6) No agents were available for this request. [...] Jun 08 17:50:18 desktop NetworkManager[137]: <info> VPN service 'openvpn' disappeared I've seen other users reporting similar bugs recently, such as bug #728681 and bug #728564. But I think this is not a duplicate, because I'm not using vpnc and setting "Always Ask" doesn't fix the problem. I read from https://bugzilla.redhat.com/show_bug.cgi?id=848217 that I can try debugging with the following command: systemctl stop NetworkManager NetworkManager --no-daemon --log-level=debug --log-domains=core,device,hw,vpn,agents This results in a lot of output, which I'm going to attach to this bug later. But there's a particular message that I find interesting: NetworkManager[6380]: <debug> [1402243322.285016] [nm-agent-manager.c:752] get_done_cb(): (:1.47/org.gnome.Shell.NetworkAgent/1000) agent failed secrets request 0x167c160/vpn: (32) Internal error while retrieving secrets from the keyring (Error calling StartServiceByName for org.freedesktop.secrets: Timeout was reached) It seems to be the same error message that is preventing me from downloading e-mails with Evolution (see bug #728469). Finally, I can successfully connect to this VPN provider with the other computer I have (running Ubuntu instead of Gentoo). Please tell me if you need other informations or if I should do some other tests. -------- $ emerge -pv networkmanager networkmanager-openvpn These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] net-misc/networkmanager-0.9.8.10 USE="dhcpcd introspection modemmanager nss ppp systemd wext -avahi -bluetooth -connection-sharing (-consolekit) -dhclient -gnutls -resolvconf {-test} -vala -wifi" 0 kB [ebuild R ] net-misc/networkmanager-openvpn-0.9.8.4 USE="gtk {-test}" 0 kB Total: 2 packages (2 reinstalls), Size of downloads: 0 kB
Created attachment 278101 [details] NetworkManager output in debug mode This is the output from the following command (as root): NetworkManager --no-daemon --log-level=debug --log-domains=core,device,hw,vpn,agents
(In reply to comment #0) > > This results in a lot of output, which I'm going to attach to this bug later. > But there's a particular message that I find interesting: > > NetworkManager[6380]: <debug> [1402243322.285016] [nm-agent-manager.c:752] > get_done_cb(): (:1.47/org.gnome.Shell.NetworkAgent/1000) agent failed secrets > request 0x167c160/vpn: (32) Internal error while retrieving secrets from the > keyring (Error calling StartServiceByName for org.freedesktop.secrets: Timeout > was reached) > > It seems to be the same error message that is preventing me from downloading > e-mails with Evolution (see bug #728469). > Yes, it seems to be the problem of getting secrets. Please check that you have gnome-keyring installed and properly configured. What desktop environment do you run? There might be a problem with D-Bus. If you run some lightweight DE, it may be necessary to run it as "exec dbus-launch openbox-session".
I'm running GNOME 3.12. Package gnome-keyring is installed: ----- $ emerge -pv gnome-keyring These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] gnome-base/gnome-keyring-3.12.2 USE="pam ssh-agent -caps -debug -filecaps (-selinux) {-test}" 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB ----- I have not configured gnome-keyring by myself. Is there something in particular I should be aware of?
The problem was due to the fact that gnome-keyring-daemon processes were running as root because /usr/bin/gnome-keyring-daemon had the setuid bit enabled. See Gentoo bug 513870 (https://bugs.gentoo.org/show_bug.cgi?id=513870) for more details. I think this bug can now be closed.