[Bug 501829] New: NetworkManager OpenVPN failure
http://bugzilla.novell.com/show_bug.cgi?id=501829 Summary: NetworkManager OpenVPN failure Classification: openSUSE Product: openSUSE 11.2 Version: Milestone 1 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jfunk@funktronics.ca QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (compatible; Konqueror/4.2; Linux) KHTML/4.2.2 (like Gecko) SUSE I am using NetworkManager-openvpn-kde to create an OpenVPN connection on M1. I configured the connection with X.509 certificates, and I used a non-default port. The connection fails, however, and there is no clear indication that it failed, much less why. In /var/log/NetworkManager, I see this message: May 7 12:37:37 brock NetworkManager: nm-vpn-connection.c.900: NeedSecrets failed: dbus-glib-error-quark Invalid connection type `0'. Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 Leon Wang <llwang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |llwang@novell.com AssignedTo|bnc-team-screening@forge.pr |nld10-bugs-qa@forge.provo.n |ovo.novell.com |ovell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User greg.riedesel@wwu.edu added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c1 Greg Riedesel <greg.riedesel@wwu.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |greg.riedesel@wwu.edu --- Comment #1 from Greg Riedesel <greg.riedesel@wwu.edu> 2009-05-10 22:40:03 MDT --- This may be the same issue I reported in bug 502595, at least the error message seems similar. Only I get it with vpnc not openVPN (which I don't have). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User cbj@touristonline.dk added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c2 Christian Bjørnbak <cbj@touristonline.dk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cbj@touristonline.dk --- Comment #2 from Christian Bjørnbak <cbj@touristonline.dk> 2009-06-17 01:07:59 MDT --- This bug is applicable for 11.1 with KDE 4.2.4 upgrade as well. BTW: I use the default port. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User brunofr@ioda.net added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c3 Bruno Friedmann <brunofr@ioda.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |brunofr@ioda.net --- Comment #3 from Bruno Friedmann <brunofr@ioda.net> 2009-09-13 12:21:00 MDT --- Also seen in opensuse 11.1 with the kde4 4.3.1 Factory Desktop package And opensuse 11.2 M7 There's other user having the type of trouble here https://bugs.kde.org/show_bug.cgi?id=205894 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 Stephan Kulow <coolo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|nld10-bugs-qa@forge.provo.n |mt@novell.com |ovell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User delder@novacoast.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c5 Dan Elder <delder@novacoast.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |delder@novacoast.com --- Comment #5 from Dan Elder <delder@novacoast.com> 2009-09-17 12:12:42 MDT --- I originally suffered from bug 502595 for my vpnc based connections but that seems to have resolved itself. My OpenVPN connections (which were configured in SLED 11 and follwed my homedir to a fresh OpenSUSE 11.2 M7 install) get this same error though. I don't see Invalid connection type '0' but I get: nm_vpn_connection_connect_cb(): VPN connection 'Guthy-Renker' failed to connect: 'No VPN secrets!' This is for an OpenVPN connection that is certificate (not password) based so there are no vpn secrets. Once I open up the vpn configuration and re-select the certificates already selected in the dialog it at least gets further but then I run into but 538839. I'm not sure why it needed me to select the already selected certificates but that might be worth trying for other folks having this issue (assuming their OpenVPN configuration was from a previous installation and that the gconf settings somehow need to be updated). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User bili@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c6 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |bili@novell.com AssignedTo|bnc-team-gnome@forge.provo. |bili@novell.com |novell.com | --- Comment #6 from Li Bin <bili@novell.com> 2009-10-14 03:49:23 MDT --- I'll take care of this issue. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User bili@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c7 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bili@novell.com |wstephenson@novell.com --- Comment #7 from Li Bin <bili@novell.com> 2009-10-23 00:30:42 MDT --- Will, Does this kde's applet provide a auth dialog for the secrets? Looks like user don't set the secrets. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|NetworkManager OpenVPN |In KDE NetworkManager |failure |OpenVPN failure -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User brunofr@ioda.net added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c8 --- Comment #8 from Bruno Friedmann <brunofr@ioda.net> 2009-10-23 01:24:57 MDT --- Hi Li, in fact the settings are not set by the applet. See what we want to do, and what we get in this video. http://linux.ioda.net/suse112/r2d2_making_openvpn_connexion.ogv -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User bili@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c9 --- Comment #9 from Li Bin <bili@novell.com> 2009-10-23 02:55:19 MDT --- Created an attachment (id=323886) --> (http://bugzilla.novell.com/attachment.cgi?id=323886) the patch for unfunctional in openvpn ui Bruno, Very cool, I understand your issue, the openvpn's ui couldn't save the HMAC authentication and TLS key path, I've write a patch for your issue. But I think it's not the reason for this issue. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User bili@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c10 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |wstephenson@novell.com --- Comment #10 from Li Bin <bili@novell.com> 2009-10-23 03:07:57 MDT --- Will, Would mind check the patch again, I can't built in the buildservice today.:) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User brunofr@ioda.net added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c11 --- Comment #11 from Bruno Friedmann <brunofr@ioda.net> 2009-10-23 03:13:03 MDT --- In fact at starting, there was a problem with the x509 access without secret's. After this part was corrected, I've been hit by the hmac & tls ta key disfunction. Really cool to see it coming back ( last time was under kde 3.5.10 under 11.0 ) ;-) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User wstephenson@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c12 Will Stephenson <wstephenson@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Component|Network |KDE4 Applications Info Provider|wstephenson@novell.com | AssignedTo|wstephenson@novell.com |kde-maintainers@suse.de --- Comment #12 from Will Stephenson <wstephenson@novell.com> 2009-10-23 07:10:31 MDT --- I'm on it. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User wstephenson@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c13 --- Comment #13 from Will Stephenson <wstephenson@novell.com> 2009-10-23 09:40:25 MDT --- The patch makes the VPN connection work, but the routing is messed up; I can only connect to the hosts on the VPN connection, nothing local or on the 'default internet'. If I bring up the connection with /etc/init.d/openvpn it is correct. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User wstephenson@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c14 --- Comment #14 from Will Stephenson <wstephenson@novell.com> 2009-10-23 09:47:55 MDT --- Same behaviour with nm-applet. NB I am using the fixed packages from GNOME:Factory mentioned in https://bugzilla.novell.com/show_bug.cgi?id=547573. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User bili@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c16 --- Comment #16 from Li Bin <bili@novell.com> 2009-10-25 21:31:36 MDT --- (In reply to comment #13)
The patch makes the VPN connection work, but the routing is messed up; I can only connect to the hosts on the VPN connection, nothing local or on the 'default internet'. If I bring up the connection with /etc/init.d/openvpn it is correct.
I thought the reason is that the default route was changed. default via 10.203.0.1 dev tun0 proto static default via 192.168.2.1 dev eth0 proto static And in the nm-applet there are "Ignore automatically obtained routes", so that we can ignore this change. And I'm not sure if the knetworkmanager has it too. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 User wstephenson@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=501829#c17 --- Comment #17 from Will Stephenson <wstephenson@novell.com> 2009-10-26 02:20:43 MDT --- Yes, sorry, I realised this on Friday too. The important setting is "never-default" ("Use only for resources on this connection" in the nm-applet Routes UI) I have been working on an implementation of the "never-default" UI in KNM, but forgot to post this here. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829#c Stephan Binner <binner@kde.org> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kde-maintainers@suse.de |wstephenson@novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829#c18 Will Stephenson <wstephenson@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #18 from Will Stephenson <wstephenson@novell.com> 2009-11-18 11:07:30 UTC --- This is in final and should work. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829#c19 Bruno Friedmann <brunofr@ioda.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #19 from Bruno Friedmann <brunofr@ioda.net> 2009-11-18 11:46:29 UTC --- Hi Will, There always a trouble with the box about the choice of encryption (default,aes256,cbc etc ... ) What you choose is never set nor recorded. So to connect on openvpn with a restricted type of encryption, you couldn't. In 11.1 : nothing work even with the lastest kde4.3.3 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829#c20 --- Comment #20 from Bruno Friedmann <brunofr@ioda.net> 2009-11-18 11:55:22 UTC --- As I've a big doubt, I remade the connexion with a 11.2 fresh install kde stable 4.3.1 (release 6) on 11.2 The HMAC Auth is stored on 11.2 ( but not in 11.1 with 4.3.3 ) On 11.2 a x509 certificate connexion will fail until you use the x509 certificate with user and set a dummy user with dummy password. in this case, the connexion work at least. But as regression from 10.3/11.0 with kde3.5 we have no option to say ok use this connexion only for network 192.168.168.0/24 (for exemple) and this add correct route to the desired vpn connexion, without shouting the default use before the vpn connexion. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829#c Bruno Friedmann <brunofr@ioda.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|Milestone 1 |Final -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 http://bugzilla.novell.com/show_bug.cgi?id=501829#c21 --- Comment #21 from Bruno Friedmann <brunofr@ioda.net> 2009-11-25 21:28:50 UTC --- Yes a long time ago I was able to use networkmanager & openvpn, And you know what It's now possible ! Many thanks Stephen ... here the list of related installed package I've have under 11.1 with kde4.3.3 factory. NetworkManager-gnome-0.7.0.r1053-11.1.1 NetworkManager-doc-0.7.0.r4359-15.2.2 NetworkManager-kde4-lang-0.9.svn1043876-126.1 NetworkManager-pptp-gnome-0.7.0.r4274-2.9 NetworkManager-kde4-0.9.svn1043876-126.1 kdenetwork4-4.3.3-109.11 knetworkconf-4.3.3-61.10 plasmoid-networkmanagement-0.9.svn1043876-126.1 yast2-network-2.17.78-0.1.1 NetworkManager-vpnc-0.7.0.r4274-1.23 NetworkManager-0.7.0.r4359-15.2.2 cnetworkmanager-0.8.0.1-0.1.1 NetworkManager-openvpn-0.7.0.r4274-1.21 NetworkManager-kde4-libs-0.9.svn1043876-126.1 NetworkManager-openvpn-kde4-0.9.svn1043876-126.1 NetworkManager-pptp-kde4-0.9.svn1043876-126.1 NetworkManager-glib-0.7.0.r4359-15.2.2 NetworkManager-pptp-0.7.0.r4274-2.9 NetworkManager-vpnc-kde4-0.9.svn1043876-126.1 Before closing (definitively I hope ) this bug, I would check tomorrow under normal 11.2 pc / Try also a default 11.2 install with kde stable 4.3.1 Anyway we move one step in right direction, and I'm just happy about that. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 http://bugzilla.novell.com/show_bug.cgi?id=501829#c22 --- Comment #22 from Bruno Friedmann <brunofr@ioda.net> 2009-11-25 21:29:52 UTC --- I'm so happy that I change your name Will . Sorry ! :-) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 http://bugzilla.novell.com/show_bug.cgi?id=501829#c23 Will Stephenson <wstephenson@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO Info Provider| |brunofr@ioda.net --- Comment #23 from Will Stephenson <wstephenson@novell.com> 2009-12-03 12:21:57 UTC --- Bruno: Some responses to your comments, referring to 11.2 KDE 4.3.1 and including today's online update (0.9.svn1043876-1.3.1) Comment 19: auth and cipher settings seem to be saved and restored correctly now, can you confirm? Comment 20 issue 1: OpenVPN with X509 and no passwords should work now, can you confirm? Comment 20 issue 2: In IP settings, go to the Routing page and check 'Use only for resources on this connection' (2nd checkbox). can you confirm? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 http://bugzilla.novell.com/show_bug.cgi?id=501829#c24 Bruno Friedmann <brunofr@ioda.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED Info Provider|brunofr@ioda.net | --- Comment #24 from Bruno Friedmann <brunofr@ioda.net> 2009-12-03 13:45:05 UTC --- (In reply to comment #23)
Bruno: Some responses to your comments, referring to 11.2 KDE 4.3.1 and including today's online update (0.9.svn1043876-1.3.1)
Tested & approved fully functionnal
Comment 19: auth and cipher settings seem to be saved and restored correctly now, can you confirm?
Tested & approved for 11.2 (kde 4.3.1 & kde 4.3.3 ) & 11.1
Comment 20 issue 1:
OpenVPN with X509 and no passwords should work now, can you confirm?
Tested & approved for 11.2 (kde 4.3.1 & kde 4.3.3 ) & 11.1
Comment 20 issue 2:
In IP settings, go to the Routing page and check 'Use only for resources on this connection' (2nd checkbox). can you confirm?
Hé I've not seen this one before today. Tested & approved for 11.2 (kde 4.3.1 & kde 4.3.3 ) & 11.1 I've tested also (that's crazy & shouldn't be use normally ) 2 vpn (two different addresses & subnets ) each of them with their routes : And it works. I surf with my default interfaces/router and can reach each hosts on different lans. New founded trouble ? During long vpn session, your primary dhcp interface (eth0 for example) could renew it's dhcp bail. And at this time it kills all information in /etc/resolv.conf not super cool .... GUI : We vpn have it's own icon attached, the order in the list are always changing place. In my opinion this is annoying more that usefull. I prefer to have my connection in the alphabetical order. But this is more nm (it the same for wifi) Et voilà, Bravo .... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=501829 http://bugzilla.novell.com/show_bug.cgi?id=501829#c25 Will Stephenson <wstephenson@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #25 from Will Stephenson <wstephenson@novell.com> 2009-12-03 16:14:02 UTC --- DHCP leases - another issue. Please report vs NetworkManager Item ordering - another issue. Take this one to bugs.kde.org Thanks for testing! -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com