[Bug 538839] New: Network Manager OpenVPN Gnome client connect failure
http://bugzilla.novell.com/show_bug.cgi?id=538839 Summary: Network Manager OpenVPN Gnome client connect failure Classification: openSUSE Product: openSUSE 11.2 Version: Milestone 7 Platform: x86 OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: terje@nordland-teknikk.no QAContact: qa@suse.de Found By: --- Created an attachment (id=318013) --> (http://bugzilla.novell.com/attachment.cgi?id=318013) /var/log/NetworkManager User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.1pre) Gecko/20090720 SUSE/2.0b1-3.5 SeaMonkey/2.0b1 Both on 11.2 M6-M7 i686 and x86_64 After configuring an OpenVPN conncetion by importing an existing 'client-config' file and related certifates/key with Network Manager on Gnome, trying to connect with this setup fails. The same setup has worked in SLED11 and openSUSE 11.1, and does still work using the command line as root in 11.2 M7 # openvpn --config <client-config.ovpn> Attached here my /var/log/NetworkManager Reproducible: Always Steps to Reproduce: 1. NM on Gnome > VPN connection > Configure 2. Imported an existing 'client-config' file 3. NM on Gnome > VPN connection: select the client connection 4. Messages: The VPN connection 'client-config' failed Actual Results: No OpenVPN connection established Expected Results: The OpenVPN connection should have been establised /var/log/NetworkManger on i686 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 User terje@nordland-teknikk.no added comment http://bugzilla.novell.com/show_bug.cgi?id=538839#c1 --- Comment #1 from Terje J. Hanssen <terje@nordland-teknikk.no> 2009-09-13 08:26:25 MDT --- Created an attachment (id=318014) --> (http://bugzilla.novell.com/attachment.cgi?id=318014) Screen shot of the VPN failure message -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 User delder@novacoast.com added comment http://bugzilla.novell.com/show_bug.cgi?id=538839#c2 Dan Elder <delder@novacoast.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |delder@novacoast.com --- Comment #2 from Dan Elder <delder@novacoast.com> 2009-09-17 12:16:36 MDT --- I get the same error (with valid OpenVPN configuration): Sep 17 11:14:02 delder NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'... Sep 17 11:14:02 delder NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 17238 Sep 17 11:14:02 delder NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections Sep 17 11:14:02 delder NetworkManager: <info> VPN plugin state changed: 1 Sep 17 11:14:02 delder NetworkManager: <info> VPN plugin state changed: 3 Sep 17 11:14:02 delder NetworkManager: <info> VPN connection 'Guthy-Renker' (Connect) reply received. Sep 17 11:14:02 delder nm-openvpn[17241]: OpenVPN 2.1_rc18 x86_64-suse-linux [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 7 2009 Sep 17 11:14:02 delder nm-openvpn[17241]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sep 17 11:14:02 delder nm-openvpn[17241]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Sep 17 11:14:02 delder nm-openvpn[17241]: LZO compression initialized Sep 17 11:14:02 delder nm-openvpn[17241]: UDPv4 link local: [undef] Sep 17 11:14:02 delder nm-openvpn[17241]: UDPv4 link remote: 207.243.200.69:1194 Sep 17 11:14:02 delder nm-openvpn[17241]: [SPAM] Peer Connection Initiated with 207.243.200.69:1194 Sep 17 11:14:04 delder nm-openvpn[17241]: TUN/TAP device tun2 opened Sep 17 11:14:04 delder nm-openvpn[17241]: /bin/ip link set dev tun2 up mtu 1500 Sep 17 11:14:04 delder nm-openvpn[17241]: /bin/ip addr add dev tun2 local 172.16.50.10 peer 172.16.50.9 Sep 17 11:14:04 delder nm-openvpn[17241]: /usr/lib/nm-openvpn-service-openvpn-helper tun2 1500 1542 172.16.50.10 172.16.50.9 init Sep 17 11:14:04 delder nm-openvpn[17241]: openvpn_execve: external program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info. Sep 17 11:14:04 delder nm-openvpn[17241]: script failed: external program fork failed Sep 17 11:14:04 delder nm-openvpn[17241]: Exiting Sep 17 11:14:04 delder NetworkManager: <info> VPN plugin failed: 1 Sep 17 11:14:04 delder NetworkManager: <info> VPN plugin state changed: 6 Sep 17 11:14:04 delder NetworkManager: <info> VPN plugin state change reason: 0 Sep 17 11:14:04 delder NetworkManager: <WARN> connection_state_changed(): Could not process the request because no VPN connection was active. Sep 17 11:14:04 delder NetworkManager: <debug> [1253211244.076130] run_netconfig(): Spawning '/sbin/netconfig modify --service NetworkManager' Sep 17 11:14:04 delder NetworkManager: <debug> [1253211244.077282] write_to_netconfig(): Writing to netconfig: DNSSEARCH='theelderfamily.org theelderfamily.org'#012 Sep 17 11:14:04 delder NetworkManager: <debug> [1253211244.077329] write_to_netconfig(): Writing to netconfig: DNSSERVERS='172.16.99.1'#012 Sep 17 11:14:04 delder NetworkManager: <info> Clearing nscd hosts cache. Sep 17 11:14:04 delder NetworkManager: <info> Policy set 'System eth0' (eth0) as default for routing and DNS. I only get this far after I configure the OpenVPN connection and re-select the already selected certificates to use in the vpn configuration. My connection failure alternates between this and bug 502595. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 zhu rensheng <rszhu@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rszhu@novell.com AssignedTo|bnc-team-screening@forge.pr |bnc-team-gnome@forge.provo. |ovo.novell.com |novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 User terje@nordland-teknikk.no added comment http://bugzilla.novell.com/show_bug.cgi?id=538839#c3 --- Comment #3 from Terje J. Hanssen <terje@nordland-teknikk.no> 2009-10-01 17:09:03 MDT --- I just upgraded and tested 11.2 M8 x86_64 and i586: The NM OpenVPN import still fails in both cases. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 User msawicz@novell.pl added comment http://bugzilla.novell.com/show_bug.cgi?id=538839#c4 Michał Sawicz <msawicz@novell.pl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |msawicz@novell.pl --- Comment #4 from Michał Sawicz <msawicz@novell.pl> 2009-10-09 02:42:49 MDT --- I can confirm this is still valid in 11.2M8. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 User terje@nordland-teknikk.no added comment http://bugzilla.novell.com/show_bug.cgi?id=538839#c5 Terje J. Hanssen <terje@nordland-teknikk.no> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High --- Comment #5 from Terje J. Hanssen <terje@nordland-teknikk.no> 2009-10-14 01:43:10 MDT --- As 11.2 RC1 is here and it looks like no-one has startet to look at this bug, I extend it's importance to HIGH. Tested just SLED 11 again, and the same import and use of OpenVPN certificates with NM worked as well as on 11.1. It's too bad if 11.2 goes one step back and cannot manage this usual task ;) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 User bili@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=538839#c6 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |bili@novell.com AssignedTo|bnc-team-gnome@forge.provo. |bili@novell.com |novell.com | --- Comment #6 from Li Bin <bili@novell.com> 2009-10-14 02:47:49 MDT --- I'll take care of this issue. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 http://bugzilla.novell.com/show_bug.cgi?id=538839#c7 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |terje@nordland-teknikk.no --- Comment #7 from Li Bin <bili@novell.com> 2009-12-02 09:22:31 UTC --- I thouth it was caused by below line. "openvpn_execve: external program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info. Now the script-security patch already removed. so this bug should be fixed(bnc #547573). Teje, Would mind try it again with the latest NetworkManager-openvpn? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 http://bugzilla.novell.com/show_bug.cgi?id=538839#c8 --- Comment #8 from Michał Sawicz <msawicz@novell.pl> 2009-12-02 10:30:27 UTC --- Works for me. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 http://bugzilla.novell.com/show_bug.cgi?id=538839#c9 Terje J. Hanssen <terje@nordland-teknikk.no> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|terje@nordland-teknikk.no | --- Comment #9 from Terje J. Hanssen <terje@nordland-teknikk.no> 2009-12-02 19:09:40 UTC --- I've tested openVPN on 11.2-i686 and it works for me. Thank you. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=538839 http://bugzilla.novell.com/show_bug.cgi?id=538839#c10 Li Bin <bili@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #10 from Li Bin <bili@novell.com> 2009-12-03 03:42:00 UTC --- ->Fixed. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com