[Bug 1127794] New: NetworkManager keeps OpenVPN processes running
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 Bug ID: 1127794 Summary: NetworkManager keeps OpenVPN processes running Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: opensuse@pohw.nl QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- NetworkManager keeps all OpenVPN processes running, even if no vpn is actually active. Once you activate one, you can't get rid of it in the process list. Closing the vpn doesn't help. Worse: the processes are kept running even after all OpenVPN profiles have been deleted: # ps axu|grep openvpn nm-open+ 6865 0.0 0.0 47384 7564 ? S 18:01 0:02 /usr/sbin/openvpn --remote <IP> 443 udp --nobind (...) nm-open+ 19826 0.0 0.0 47384 7776 ? S 18:13 0:00 /usr/sbin/openvpn --remote <IP> 443 udp --nobind (...) At one time I had 4 profiles with 4 active processes. This causes unstable OpenVPN connections, with lots of TLS errors and invalidated connections (i.e.: no traffic is possible after a number of seconds). # journalctl -f Mon Mar 4 18:23:56 2019 80.155.9.251:51053 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Mar 4 18:23:56 2019 80.155.9.251:51053 TLS Error: TLS handshake failed Mon Mar 4 18:23:56 2019 80.155.9.251:51053 SIGUSR1[soft,tls-error] received, client-instance restarting After deleting all OpenVPN profiles and killing all OpenVPN processes, I re-imported one OpenVPN profile and everything worked flawlessly after that. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c1 --- Comment #1 from Koos Pol <opensuse@pohw.nl> ---
At one time I had 4 profiles with 4 active processes.
That is: 4 profiles to the same OpenVPN Server. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c2 Moritz Duge <duge@pre-sense.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |duge@pre-sense.de --- Comment #2 from Moritz Duge <duge@pre-sense.de> --- Created attachment 835321 --> http://bugzilla.opensuse.org/attachment.cgi?id=835321&action=edit syslog Same on openSUSE-15.1. But the bug only happens about every second time when disconnecting from VPN. And it looks like Ubuntu might have the same problem. https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/17829... I use NetworkManager via plasma-nm5-openvpn (KDE widget). -- Here's the command-line of the openvpn process, started by NetworkManager. (replaced some sensible strings) /usr/sbin/openvpn --remote vpnhost.exmaple.org 1195 udp --nobind --dev tun --cipher AES-256-CBC --auth SHA256 --auth-nocache --tls-auth /home/user/.local/share/networkmanagement/certificates/pfSense-UDP4-myhost.vpnhost.exmaple.org-config/tls_auth.key 1 --verify-x509-name vpnhost.exmaple.org name --remote-cert-tls server --reneg-sec 0 --verb 1 --syslog nm-openvpn --script-security 2 --up /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 912 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_138 --tun -- --up-restart --persist-key --persist-tun --management /var/run/NetworkManager/nm-openvpn-01234567-89ab-cdef-0123-4567890abcde unix --management-client-user root --management-client-group root --management-query-passwords --auth-retry interact --route-noexec --ifconfig-noexec --client --ca /home/user/.local/share/networkmanagement/certificates/pfSense-UDP4-myhost.vpnhost.exmaple.org-config/ca.crt --cert /home/user/.local/share/networkmanagement/certificates/pfSense-UDP4-myhost.vpnhost.exmaple.org-config/cert.crt --key /home/user/.local/share/networkmanagement/certificates/pfSense-UDP4-myhost.vpnhost.exmaple.org-config/private.key --user nm-openvpn --group nm-openvpn When clicking "disconnect" there's not much happening in the syslog (journalctl). The only interesting differences between a successfull and an unsuccessfull disconnect are: (only when success) Apr 09 12:30:07 myhost.example.org nm-openvpn[10008]: event_wait : Interrupted system call (code=4) (only when no success) Apr 09 12:23:24 myhost.example.org NetworkManager[1909]: <info> [1586427804.9133] device (tun0): state change: activated -> unmanaged (reason 'connection-assumed', sys-iface-state: 'external') (only when success) Apr 09 12:30:07 myhost.example.org NetworkManager[1909]: <info> [1586428207.1003] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed') (only when success) Apr 09 12:30:07 myhost.example.org nm-openvpn[10008]: SIGTERM[hard,] received, process exiting -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c3 --- Comment #3 from Moritz Duge <duge@pre-sense.de> --- The Ubuntu bug says, the problem is solved upstream in NetworkManager-openvpn-1.8.3. openSUSE-15.1: NetworkManager-openvpn-1.8.2 openSUSE-15.2: NetworkManager-openvpn-1.8.10 So at least in openSUSE-15.2 the problem will probably be fixed. Nevertheless, a NetworkManager-openvpn patch for openSUSE-15.1 might be nice. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c4 --- Comment #4 from Moritz Duge <duge@pre-sense.de> --- Workaround: I just tried using NetworkManager-openvpn from 15.2 on 15.1 and it works fine! In 5 tests (connect / disconnect) there where no more dangling openvpn processes. (before about every second time an openvpn stayed active after disconnect) (version numbers in urls may change because 15.2 is still in beta) wget https://download.opensuse.org/distribution/leap/15.2/repo/oss/x86_64/Network... wget https://download.opensuse.org/distribution/leap/15.2/repo/oss/noarch/Network... and if you use gnome wget https://download.opensuse.org/distribution/leap/15.2/repo/oss/x86_64/Network... (install all at once to avoid dependency trouble) sudo rpm -Uhv NetworkManager-openvpn-* -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c5 --- Comment #5 from Moritz Duge <duge@pre-sense.de> --- (In reply to Moritz Duge from comment #4)
Workaround: [...] sudo rpm -Uhv NetworkManager-openvpn-*
P.S. Reboot after installation. (restarting services is also possible, but rebooting is more reliable) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c6 Dominique Leuenberger <dimstar@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dimstar@opensuse.org, | |sreeves@suse.com, | |yfjiang@suse.com Version|Leap 15.0 |Leap 15.1 Assignee|os.gnome.maintainers@gmail. |songchuan.kang@suse.com |com | --- Comment #6 from Dominique Leuenberger <dimstar@opensuse.org> --- @Jonathan:NM-openvpn is a SLE-shared package. So this is in fact a bug also affecting SLE15SP1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c7 --- Comment #7 from Moritz Duge <duge@pre-sense.de> --- This looks pretty much like the relevant commit. https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/0f4ae722034df... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c8 --- Comment #8 from Jonathan Kang <songchuan.kang@suse.com> --- I've backported[0] the fix mentioned in comment#7. Anyone has a environment to help and test to see if it works? Thanks. *[0] https://build.opensuse.org/package/show/home:JonathanKang:branches:GNOME:STA... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c9 --- Comment #9 from Moritz Duge <duge@pre-sense.de> --- (In reply to Jonathan Kang from comment #8)
I've backported[0] the fix mentioned in comment#7. Anyone has a environment to help and test to see if it works?
Thanks.
*[0] https://build.opensuse.org/package/show/home:JonathanKang:branches:GNOME: STABLE:3.26/NetworkManager-openvpn
I could test it, if you provide a package for openSUSE-15.1. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c10 --- Comment #10 from Jonathan Kang <songchuan.kang@suse.com> --- (In reply to Moritz Duge from comment #9)
(In reply to Jonathan Kang from comment #8)
I've backported[0] the fix mentioned in comment#7. Anyone has a environment to help and test to see if it works?
Thanks.
*[0] https://build.opensuse.org/package/show/home:JonathanKang:branches:GNOME: STABLE:3.26/NetworkManager-openvpn
I could test it, if you provide a package for openSUSE-15.1.
You can use that package for Leap 15.1. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1127794 http://bugzilla.opensuse.org/show_bug.cgi?id=1127794#c11 --- Comment #11 from Moritz Duge <duge@pre-sense.de> --- (In reply to Jonathan Kang from comment #8)
I've backported[0] the fix mentioned in comment#7. Anyone has a environment to help and test to see if it works?
Thanks.
*[0] https://build.opensuse.org/package/show/home:JonathanKang:branches:GNOME: STABLE:3.26/NetworkManager-openvpn
Sadly the bug also appeared with that RPM after a few tries. I did: sudo rpm -Uhv --force NetworkManager-openvpn-1.8.2-lp150.3.1.x86_64.rpm NetworkManager-openvpn-lang-1.8.2-lp150.3.1.noarch.rpm sudo systemctl restart NetworkManager.service kquitapp5 plasmashell; sleep 1; plasmashell & disown I'll try again with a full reboot, if I have time more for that. But maybe there's more to it than the single commit I found in comment#7 :-/ So I'm back at NetworkManager-openvpn-1.8.10 from openSUSE-15.2. (which runs fine since 5 days - without reboot...) -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com