Bug 1037638

Summary: Can't connect to openvpn
Product: [Fedora] Fedora Reporter: Elad Alfassa <elad>
Component: NetworkManager-openvpnAssignee: Dan Williams <dcbw>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: brian, choeger, dcbw, huzaifas, loganjerry, steve, thaller
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-06-29 13:23:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Elad Alfassa 2013-12-03 14:19:55 UTC 
Here's the log:

Dec 03 16:15:45 rincewind NetworkManager[9841]: <info> Starting VPN service 'openvpn'...
Dec 03 16:15:45 rincewind NetworkManager[9841]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 10578
Dec 03 16:15:45 rincewind NetworkManager[9841]: <info> VPN service 'openvpn' appeared; activating connections
Dec 03 16:15:48 rincewind NetworkManager[9841]: <info> VPN plugin state changed: starting (3)
Dec 03 16:15:48 rincewind NetworkManager[9841]: ** Message: openvpn started with pid 10587
Dec 03 16:15:48 rincewind NetworkManager[9841]: <info> VPN connection 'VPN 1' (Connect) reply received.
Dec 03 16:15:48 rincewind nm-openvpn[10587]: OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Dec 03 16:15:48 rincewind nm-openvpn[10587]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 03 16:15:48 rincewind nm-openvpn[10587]: Attempting to establish TCP connection with [AF_INET]82.80.23.59:443 [nonblock]
Dec 03 16:15:49 rincewind nm-openvpn[10587]: TCP connection established with [AF_INET]82.80.23.59:443
Dec 03 16:15:49 rincewind nm-openvpn[10587]: TCPv4_CLIENT link local: [undef]
Dec 03 16:15:49 rincewind nm-openvpn[10587]: TCPv4_CLIENT link remote: [AF_INET]82.80.23.59:443
Dec 03 16:15:51 rincewind nm-openvpn[10587]: WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
Dec 03 16:15:51 rincewind nm-openvpn[10587]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1544', remote='link-mtu 1576'
Dec 03 16:15:51 rincewind nm-openvpn[10587]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Dec 03 16:15:51 rincewind nm-openvpn[10587]: [server] Peer Connection Initiated with [AF_INET]82.80.23.59:443
Dec 03 16:15:54 rincewind nm-openvpn[10587]: WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address.  You are using someth...config-nowarn)
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> (tun0): carrier is OFF
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> (tun0): new Tun device (driver: 'unknown' ifindex: 25)
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> (tun0): exported as /org/freedesktop/NetworkManager/Devices/6
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> (tun0): No existing connection detected.
Dec 03 16:15:54 rincewind nm-openvpn[10587]: TUN/TAP device tun0 opened
Dec 03 16:15:54 rincewind nm-openvpn[10587]: /usr/libexec/nm-openvpn-service-openvpn-helper tun0 1500 1544 172.17.5.50 255.255.255.0 init
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> VPN connection 'VPN 1' (IP4 Config Get) reply received from old-style plugin.
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> VPN Gateway: [CENSORED]
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> Tunnel Device: tun0
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> IPv4 configuration:
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info>   Internal Gateway: 172.17.5.0
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info>   Internal Address: 172.17.5.50
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info>   Internal Prefix: 24
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info>   Internal Point-to-Point Address: 0.0.0.0
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info>   Maximum Segment Size (MSS): 0
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info>   Static Route: 172.17.0.0/16   Next Hop: 172.17.5.0
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info>   Forbid Default Route: no
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info>   Internal DNS: 172.17.17.2
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info>   DNS Domain: '(none)'
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> No IPv6 configuration
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> (tun0): link connected
Dec 03 16:15:54 rincewind NetworkManager[9841]: <error> [1386080154.495605] [platform/nm-linux-platform.c:1116] add_object(): Netlink error: Invalid input data or parameter
Dec 03 16:15:54 rincewind NetworkManager[9841]: <warn> VPN connection 'VPN 1' did not receive valid IP config information.
Dec 03 16:15:54 rincewind nm-openvpn[10587]: Initialization Sequence Completed
Dec 03 16:15:54 rincewind NetworkManager[9841]: inet 172.17.0.0/16 table main
Dec 03 16:15:54 rincewind NetworkManager[9841]: priority 0x400
Dec 03 16:15:54 rincewind NetworkManager[9841]: nexthop via 172.17.5.0 dev 25
Dec 03 16:15:54 rincewind NetworkManager[9841]: ** Message: Terminated openvpn daemon with PID 10587.
Dec 03 16:15:54 rincewind dnsmasq[3180]: reading /etc/resolv.conf
Dec 03 16:15:54 rincewind dnsmasq[3180]: using nameserver 192.168.43.1#53
Dec 03 16:15:54 rincewind dnsmasq[3180]: using local addresses only for unqualified names
Dec 03 16:15:54 rincewind NetworkManager[9841]: <info> (tun0): link disconnected
Dec 03 16:15:54 rincewind avahi-daemon[376]: Withdrawing workstation service for tun0.
Dec 03 16:15:54 rincewind nm-openvpn[10587]: SIGTERM[hard,] received, process exiting
Dec 03 16:15:54 rincewind gnome-session[661]: Gjs-Message: JS LOG: Removing a network device that was not added
Dec 03 16:16:00 rincewind NetworkManager[9841]: <info> VPN service 'openvpn' disappeared
Comment 1 Jerry James 2014-01-08 03:47:47 UTC 
I also cannot connect, and the log looks similar; i.e., it reports "add_Object(): Netlink error: Invalid input data or parameter", and then we're toast.  The same configuration worked before I upgraded this system from F-19 to F-20.  Also, I can run openvpn from the command line and connect successfully.

I'm happy to collect more information if someone will tell me how to do so.
Comment 2 Brian Tusi 2014-01-23 19:55:14 UTC 
I, too, am having this problem - with just one of my two OpenVPN connections. They're both to different pfSense OpenVPN endpoints.

I get the following output when I use the commandline openvpn client on the "bad" connection:

$ sudo openvpn --config cmapfsense-udp-1194-brian.ovpn
[truncated]
Thu Jan 23 11:41:38 2014 /usr/sbin/ip link set dev tun0 up mtu 1500
Thu Jan 23 11:41:38 2014 /usr/sbin/ip addr add dev tun0 local 10.100.6.38 peer 10.100.6.37
RTNETLINK answers: Invalid argument
Thu Jan 23 11:41:38 2014 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Jan 23 11:41:38 2014 Initialization Sequence Completed

However, the client stays operational. This seems to suggest that the underlying problem exists in both cases, but that NetworkManager detects the error and bails out, while the CLI client ignores it and continues on, and the tunnel appears to be functional.
Comment 3 Brian Tusi 2014-01-25 09:20:23 UTC 
Ignore Comment #2; I'd had a misconfiguration on the server end. ("push route x.x.x.129 255.255.255.224" -- oops, should be .128)
Comment 4 Fedora End Of Life 2015-05-29 09:54:37 UTC 
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 5 Fedora End Of Life 2015-06-29 13:23:00 UTC 
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.