Bug 780070 – openvpn tunnel not set up when configured to happen automatically

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 780070 - openvpn tunnel not set up when configured to happen automatically


Summary:	openvpn tunnel not set up when configured to happen automatically


Status:	RESOLVED NOTABUG

Product:	NetworkManager
Classification:	Platform
Component:	VPN: openvpn
Version:	1.6.x
Hardware:	Other Linux

Importance:	Normal major
Target Milestone:	---
Assigned To:	NetworkManager maintainer(s)
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2017-03-14 22:34 UTC by zebul666
Modified:	2017-03-29 13:45 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description zebul666 2017-03-14 22:34:53 UTC

using netwokamanger 1.6.2 and networkmanager-openvpn 1.2.8 on archlinux, I discovered that, althoguh the lock is on the network manager applet, the openvpn tunnel is not setup at all.

I have configured the openvpn tunnel to be automatically setup when using a wifi connexion. If I enable manually via the applet menu the vpn,  it is set up correctly. So it seems to happen when configured to be set up automtically.

There are this error in the log when this fails:
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.7999] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/15)
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8348] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",0]: VPN
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8385] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8400] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8400] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8401] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8401] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas nm-openvpn[5615]: GID set to nm-openvpn
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8401] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas nm-openvpn[5615]: UID set to nm-openvpn
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8401] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas nm-openvpn[5615]: Initialization Sequence Completed
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8402] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8402] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8402] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8403] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8403] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8403] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8404] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8404] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8405] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <error> [1489529766.8412] platform-linux: do-add-ip4-address[17: 10.76.10.6/32,10.76.10.5]: failure 19 (Au
mars 14 23:16:06 mimas NetworkManager[451]: <error> [1489529766.8414] platform-linux: do-add-ip4-route[17: 10.76.10.1/32 50]: failure 101 (Le réseau n
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.8511] dns-mgr: Removing DNS information from /usr/bin/resolvconf
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.9682] vpn-connection[0x2822640,89c835bd-3ba8-431f-9dee-350415fa85b2,"PIA UK-S",17:(tun
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.9706] device (wlo1): state change: secondaries -> activated (reason 'none') [90 100 0]
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.9718] manager: NetworkManager state is now CONNECTED_SITE
mars 14 23:16:06 mimas NetworkManager[451]: <info>  [1489529766.9919] dns-mgr: Writing DNS information to /usr/bin/resolvconf
mars 14 23:16:07 mimas NetworkManager[451]: <info>  [1489529767.1340] device (wlo1): Activation: successful, device activated.
mars 14 23:16:07 mimas dbus[448]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatch
mars 14 23:16:07 mimas systemd[1]: Starting Network Manager Script Dispatcher Service...
mars 14 23:16:07 mimas NetworkManager[451]: <error> [1489529767.1541] platform-linux: do-add-ip4-route[17: 0.0.0.0/0 50]: failure 101 (Le réseau n'est
mars 14 23:16:07 mimas NetworkManager[451]: <warn>  [1489529767.1543] default-route: failed to add default route 0.0.0.0/0 via 10.76.10.5 dev 17 metri
mars 14 23:16:07 mimas NetworkManager[451]: <info>  [1489529767.1547] manager: NetworkManager state is now CONNECTED_LOCAL
mars 14 23:16:07 mimas NetworkManager[451]: <info>  [1489529767.1551] manager: NetworkManager state is now CONNECTED_SITE
mars 14 23:16:07 mimas NetworkManager[451]: <info>  [1489529767.1554] dns-mgr: Writing DNS information to /usr/bin/resolvconf
mars 14 23:16:07 mimas dbus[448]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'

and ip addr shows a tun0 with no ip and ip route shows no default route using the vpn but still using the router.

Comment 1 bugzilla.gnome 2017-03-15 06:38:05 UTC

Others are experiencing this here: https://bbs.archlinux.org/viewtopic.php?pid=1697579

I also have a bit more information. When the VPN is working, `nmcli con` shows the interface (e.g. `enp10s0`), `vpn` and `tun0` up. After a suspend-resume cycle (all or most?), the VPN connection fails, and `nmcli con` shows only the interface and `vpn`.

However, the NetworkManager icon in the system tray is still showing the VPN symbol, despite not being connected. I can connect fine to the network, but traffic is not going through my VPN. IMO this is a security issue, since the tray icons is telling users that they are connected to the VPN, when they are not.

Comment 2 François Guerraz 2017-03-16 19:03:04 UTC

I don't think it is linked to the the tunnel being brought up automatically. I have been experiencing the same issue too recently when connecting "manually" to openvpn from gnome. I have to watch for the errors in the logs (namely failure 19 (No such device)) and try again until it works, usually after 3 or 4 times.

Comment 3 oemer+gnome 2017-03-16 22:15:14 UTC

I can also confirm the erratic behaviour. Sometimes it works, and sometimes it doesnt and i get the following log:

NetworkManager[412]: <info>  [1489701794.7858] audit: op="connection-activate" uuid="9a91a1d2-dfd3-4cde-aaa3-a58829334498" name="XXX" pid=31309 uid=1000 result="success"
NetworkManager[412]: <info>  [1489701794.7895] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",0]: Started the VPN service, PID 31320
NetworkManager[412]: <info>  [1489701794.7936] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",0]: Saw the service appear; activating connection
NetworkManager[412]: <info>  [1489701794.8028] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",0]: VPN plugin: state changed: starting (3)
NetworkManager[412]: <info>  [1489701794.8029] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",0]: VPN connection: (ConnectInteractive) reply received
nm-openvpn[31323]: OpenVPN 2.4.0 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 28 2016
nm-openvpn[31323]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.10
nm-openvpn[31323]: TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:1192
nm-openvpn[31323]: UDP link local: (not bound)
nm-openvpn[31323]: UDP link remote: [AF_INET]xx.xx.xx.xx:1192
nm-openvpn[31323]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
nm-openvpn[31323]: [server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1192
nm-openvpn[31323]: TUN/TAP device tun0 opened
nm-openvpn[31323]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 31320 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_23 --tun -- tun0 1500 1542 10.10.0.1
NetworkManager[412]: <info>  [1489701796.4793] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/17)
NetworkManager[412]: <info>  [1489701796.4856] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",0]: VPN connection: (IP Config Get) reply received.
NetworkManager[412]: <info>  [1489701796.4867] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: VPN connection: (IP4 Config Get) reply received
NetworkManager[412]: <info>  [1489701796.4874] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data: VPN Gateway: xx.xx.xx.xx
NetworkManager[412]: <info>  [1489701796.4874] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data: Tunnel Device: "tun0"
nm-openvpn[31323]: GID set to nm-openvpn
NetworkManager[412]: <info>  [1489701796.4874] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data: IPv4 configuration:
nm-openvpn[31323]: UID set to nm-openvpn
NetworkManager[412]: <info>  [1489701796.4874] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data:   Internal Gateway: 10.10.0.13
nm-openvpn[31323]: Initialization Sequence Completed
NetworkManager[412]: <info>  [1489701796.4874] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data:   Internal Address: 10.10.0.14
NetworkManager[412]: <info>  [1489701796.4874] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data:   Internal Prefix: 32
NetworkManager[412]: <info>  [1489701796.4875] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data:   Internal Point-to-Point Address: 10.10.0.13
NetworkManager[412]: <info>  [1489701796.4875] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data:   Maximum Segment Size (MSS): 0
NetworkManager[412]: <info>  [1489701796.4875] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data:   Static Route: 10.30.10.0/24   Next Hop: 10.10.0.13
NetworkManager[412]: <info>  [1489701796.4875] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data:   Static Route: 10.10.0.1/32   Next Hop: 10.10.0.13
NetworkManager[412]: <info>  [1489701796.4875] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data:   Forbid Default Route: yes
NetworkManager[412]: <info>  [1489701796.4875] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data:   DNS Domain: '(none)'
NetworkManager[412]: <info>  [1489701796.4875] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: Data: No IPv6 configuration
NetworkManager[412]: <info>  [1489701796.4876] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: VPN plugin: state changed: started (4)
NetworkManager[412]: <error> [1489701796.4878] platform-linux: do-add-ip4-address[15: 10.10.0.14/32,10.10.0.13]: failure 19 (No such device)
NetworkManager[412]: <error> [1489701796.4878] platform-linux: do-add-ip4-route[15: 10.30.10.0/24 50]: failure 101 (Network is unreachable)
NetworkManager[412]: <error> [1489701796.4879] platform-linux: do-add-ip4-route[15: 10.10.0.1/32 50]: failure 101 (Network is unreachable)
NetworkManager[412]: <info>  [1489701796.4882] vpn-connection[0x11228a0,9a91a1d2-dfd3-4cde-aaa3-a58829334498,"XXX",15:(tun0)]: VPN connection: (IP Config Get) complete
dbus[397]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
systemd[1]: Starting Network Manager Script Dispatcher Service...
dbus[397]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
systemd[1]: Started Network Manager Script Dispatcher Service.
nm-dispatcher[31335]: req:1 'vpn-up' [tun0]: new request (1 scripts)
nm-dispatcher[31335]: req:1 'vpn-up' [tun0]: start running ordered scripts...

Comment 4 François Guerraz 2017-03-23 09:44:01 UTC

commit a79fa23c82a1b7ee3726ea348336fbe874130a7c of kernel 4.10.5 might fix this, I'll report back.

Comment 5 François Guerraz 2017-03-27 11:42:10 UTC

I can confirm the problem is fixed with kernel 4.10.5 for me.

Comment 6 bugzilla.gnome 2017-03-27 22:42:23 UTC

Yes, it's fixed with the same version for me as well.

Comment 7 Beniamino Galvani 2017-03-29 13:45:36 UTC

According to comments, this seems a kernel issue. Please reopen if needed. Thanks.