After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 731372 - Cannot connect to VPN via Network Manager (OpenVPN)
Cannot connect to VPN via Network Manager (OpenVPN)
Status: RESOLVED NOTGNOME
Product: NetworkManager
Classification: Platform
Component: VPN: openvpn
0.9.8
Other Linux
: Normal normal
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2014-06-08 16:09 UTC by John Doe
Modified: 2014-06-29 11:19 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
NetworkManager output in debug mode (23.22 KB, text/plain)
2014-06-08 16:12 UTC, John Doe 		Details

Description John Doe 2014-06-08 16:09:55 UTC 
I use NetworkManager-0.9.8.10 on a Gentoo Linux system. I'm trying to connect to a VPN via the OpenVPN plugin, but I can't. The connection goes to "Off" state after a 10-15 seconds only, and I am never given a new IP address. Network Manager also never asks me for a password, even if I set the "Always Ask" option.

Relevant messages from journalctl:

Jun 08 17:50:13 desktop NetworkManager[137]: <error> [1402242613.78229] [nm-vpn-connection.c:1374] get_secrets_cb(): Failed to request VPN secrets #2: (6) No agents were available for this request.
[...]
Jun 08 17:50:18 desktop NetworkManager[137]: <info> VPN service 'openvpn' disappeared

I've seen other users reporting similar bugs recently, such as bug #728681 and bug #728564. But I think this is not a duplicate, because I'm not using vpnc and setting "Always Ask" doesn't fix the problem.

I read from https://bugzilla.redhat.com/show_bug.cgi?id=848217 that I can try debugging with the following command:

systemctl stop NetworkManager
NetworkManager --no-daemon --log-level=debug --log-domains=core,device,hw,vpn,agents

This results in a lot of output, which I'm going to attach to this bug later. But there's a particular message that I find interesting:

NetworkManager[6380]: <debug> [1402243322.285016] [nm-agent-manager.c:752] get_done_cb(): (:1.47/org.gnome.Shell.NetworkAgent/1000) agent failed secrets request 0x167c160/vpn: (32) Internal error while retrieving secrets from the keyring (Error calling StartServiceByName for org.freedesktop.secrets: Timeout was reached)

It seems to be the same error message that is preventing me from downloading e-mails with Evolution (see bug #728469).

Finally, I can successfully connect to this VPN provider with the other computer I have (running Ubuntu instead of Gentoo).

Please tell me if you need other informations or if I should do some other tests.

--------

$ emerge -pv networkmanager networkmanager-openvpn

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R    ] net-misc/networkmanager-0.9.8.10  USE="dhcpcd introspection modemmanager nss ppp systemd wext -avahi -bluetooth -connection-sharing (-consolekit) -dhclient -gnutls -resolvconf {-test} -vala -wifi" 0 kB
[ebuild   R    ] net-misc/networkmanager-openvpn-0.9.8.4  USE="gtk {-test}" 0 kB

Total: 2 packages (2 reinstalls), Size of downloads: 0 kB
Comment 1 John Doe 2014-06-08 16:12:08 UTC 
Created attachment 278101 [details]
NetworkManager output in debug mode

This is the output from the following command (as root): NetworkManager --no-daemon --log-level=debug --log-domains=core,device,hw,vpn,agents
Comment 2 Jiri Klimes 2014-06-09 11:07:58 UTC 
(In reply to comment #0)
> 
> This results in a lot of output, which I'm going to attach to this bug later.
> But there's a particular message that I find interesting:
> 
> NetworkManager[6380]: <debug> [1402243322.285016] [nm-agent-manager.c:752]
> get_done_cb(): (:1.47/org.gnome.Shell.NetworkAgent/1000) agent failed secrets
> request 0x167c160/vpn: (32) Internal error while retrieving secrets from the
> keyring (Error calling StartServiceByName for org.freedesktop.secrets: Timeout
> was reached)
> 
> It seems to be the same error message that is preventing me from downloading
> e-mails with Evolution (see bug #728469).
> 

Yes, it seems to be the problem of getting secrets.
Please check that you have gnome-keyring installed and properly configured.

What desktop environment do you run? There might be a problem with D-Bus. If you run some lightweight DE, it may be necessary to run it as "exec dbus-launch openbox-session".
Comment 3 John Doe 2014-06-09 15:42:24 UTC 
I'm running GNOME 3.12. Package gnome-keyring is installed:

-----

$ emerge -pv gnome-keyring

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R    ] gnome-base/gnome-keyring-3.12.2  USE="pam ssh-agent -caps -debug -filecaps (-selinux) {-test}" 0 kB

Total: 1 package (1 reinstall), Size of downloads: 0 kB

-----

I have not configured gnome-keyring by myself. Is there something in particular I should be aware of?
Comment 4 John Doe 2014-06-29 11:19:46 UTC 
The problem was due to the fact that gnome-keyring-daemon processes were running as root because /usr/bin/gnome-keyring-daemon had the setuid bit enabled. See Gentoo bug 513870 (https://bugs.gentoo.org/show_bug.cgi?id=513870) for more details. I think this bug can now be closed.