[opensuse] How to debug vpnc ?
Hi, I'm trying to get a vpnc tunnel on OS 13.1 but I can't get connected. I know the parameters are good, because on OS 12.2 these work fine. This is what Networkmanager logs : NetworkManager[686]: <info> Starting VPN service 'vpnc'... NetworkManager[686]: <info> VPN service 'vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 8962 NetworkManager[686]: <info> VPN service 'vpnc' appeared; activating connections NetworkManager[686]: <info> VPN plugin state changed: starting (3) NetworkManager[686]: <info> VPN connection 'Thuis' (Connect) reply received. NetworkManager[686]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring... NetworkManager[686]: <info> VPN connection 'Thuis' (IP4 Config Get) reply received from old-style plugin. NetworkManager[686]: <info> VPN Gateway: 192.168.18.1 NetworkManager[686]: <info> Tunnel Device: tun0 NetworkManager[686]: <info> IPv4 configuration: NetworkManager[686]: <info> Internal Address: 192.168.18.201 NetworkManager[686]: <info> Internal Prefix: 24 NetworkManager[686]: <info> Internal Point-to-Point Address: 192.168.18.201 NetworkManager[686]: <info> Maximum Segment Size (MSS): 0 NetworkManager[686]: <info> Forbid Default Route: no NetworkManager[686]: <info> Internal DNS: 192.168.18.1 NetworkManager[686]: <info> DNS Domain: '(none)' NetworkManager[686]: <info> No IPv6 configuration NetworkManager[686]: <info> VPN connection 'Thuis' (IP Config Get) complete. NetworkManager[686]: <warn> (15) failed to find interface name for index NetworkManager[686]: <info> Policy set 'Thuis' (tun0) as default for IPv4 routing and DNS. NetworkManager[686]: <info> Policy set 'Wired connection 1' (enp0s25) as default for IPv6 routing and DNS. NetworkManager[686]: <info> VPN plugin state changed: started (4) NetworkManager[686]: <warn> VPN plugin failed: 1 NetworkManager[686]: <info> VPN plugin state changed: stopped (6) NetworkManager[686]: <info> VPN plugin state change reason: 0 NetworkManager[686]: <info> Policy set 'Wired connection 1' (enp0s25) as default for IPv4 routing and DNS. NetworkManager[686]: <info> Policy set 'Wired connection 1' (enp0s25) as default for IPv6 routing and DNS. NetworkManager[686]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active. NetworkManager[686]: <warn> (15) failed to find interface name for index NetworkManager[686]: nm_system_iface_flush_routes: assertion 'iface != NULL' failed NetworkManager[686]: <warn> (15) failed to find interface name for index NetworkManager[686]: <info> VPN service 'vpnc' disappeared Anyone has suggestions what's going wrong ? I know Per Jessen has also a problem with vpn, but that's with openvpn. Koenraad. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Sonntag, 16. Februar 2014, 18:24:23 schrieb Koenraad Lelong:
[...] Anyone has suggestions what's going wrong ?
I cannot see anything obvious going wrong (and vpnc works here using 13.1). Increasing the log level might reveal something: https://wiki.gnome.org/Projects/NetworkManager/Debugging However, please be careful not to post any sensitive data. Vriendelijke groet, Jan -- A closed mouth gathers no feet. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
op 19-02-14 21:35, Jan Ritzerfeld schreef:
However, please be careful not to post any sensitive data.
Vriendelijke groet, Jan
Sorry it's been a while. I logged with a temporary account, so no worry about sensitive data. The last lines are this : PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID) next_type: 00 (ISAKMP_PAYLOAD_NONE) length: 0010 id.type: 04 (ISAKMP_IPSEC_ID_IPV4_ADDR_SUBNET) id.protocol: 00 id.port: 0000 id.data: 00000000 00000000 DONE PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID) PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE) PARSE_OK NAT-T mode, adding non-esp marker /usr/sbin/vpnc: can't send packet: Operation not permitted ** (nm-vpnc-service:7305): WARNING **: vpnc exited with error code 1 If needed I can post the whole log. Thanks, Koenraad -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Mittwoch, 26. Februar 2014, 12:56:37 schrieb Koenraad Lelong:
[...] /usr/sbin/vpnc: can't send packet: Operation not permitted [...]
Could you stop your SuSEfirewall2 and try to connect again? # systemctl stop SuSEfirewall2 Gruß Jan -- It works better if you plug it in. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Feb 27, 2014 at 04:57:09PM +0100, Jan Ritzerfeld wrote:
Am Mittwoch, 26. Februar 2014, 12:56:37 schrieb Koenraad Lelong:
[...] /usr/sbin/vpnc: can't send packet: Operation not permitted [...]
Could you stop your SuSEfirewall2 and try to connect again? # systemctl stop SuSEfirewall2
This error can not be caused by the SuSEfirewall. - does vpnc run as root? - is an apparmor profile involved? - can you run strace -ologfile vpnc ... and look for EPERM in the logfile? Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
op 27-02-14 17:02, Marcus Meissner schreef:
On Thu, Feb 27, 2014 at 04:57:09PM +0100, Jan Ritzerfeld wrote:
Am Mittwoch, 26. Februar 2014, 12:56:37 schrieb Koenraad Lelong:
[...] /usr/sbin/vpnc: can't send packet: Operation not permitted [...]
Could you stop your SuSEfirewall2 and try to connect again? # systemctl stop SuSEfirewall2
This error can not be caused by the SuSEfirewall.
- does vpnc run as root? - is an apparmor profile involved? - can you run strace -ologfile vpnc ... and look for EPERM in the logfile?
Ciao, Marcus
Hi, Got it working. It was indeed the firewall. But since I had troubles with suse-filewall in combination with cups, I installed shorewall. When I cleared shorewall, I could connect. Adding a tun0 interface and adding it to the external zone solved the problem. Thanks all. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Donnerstag, 27. Februar 2014, 17:02:53 schrieb Marcus Meissner:
On Thu, Feb 27, 2014 at 04:57:09PM +0100, Jan Ritzerfeld wrote:
Am Mittwoch, 26. Februar 2014, 12:56:37 schrieb Koenraad Lelong:
[...] /usr/sbin/vpnc: can't send packet: Operation not permitted [...]
Could you stop your SuSEfirewall2 and try to connect again? # systemctl stop SuSEfirewall2
This error can not be caused by the SuSEfirewall. [...]
You were right. Sorry. I do not see a place where the SuSEfirewall puts a DROP rule into the OUTPUT chain. Gruß Jan -- People who say they're willing to meet you halfway are often poor judges of distance. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Jan Ritzerfeld -
Koenraad Lelong -
Marcus Meissner