Bug 1317390

Summary: Using 2 vpn connections simultaneously
Product: [Fedora] Fedora Reporter: Daniel Rindt <drindt>
Component: NetworkManager-pptpAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: dcbw, lkundrak, lrintel, psimerda, rh, thaller
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: NetworkManager-pptp-1.2.2-1.fc24 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-14 23:27:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Use a single dbus name for VPN plugin & the pptp helper service none

Description Daniel Rindt 2016-03-14 08:07:54 UTC 
Description of problem:
I need to use 2 VPN's at same time. I heard thats a tunneled VPN or something similar. The first i connect to have always same credentials, the second one is pin & hardware token based and thus it change every time. Searching the net says i can simple enable in NetworkManagers GUI the VPN's i would like to use but this isn't true for pptp based ones. 

Version-Release number of selected component (if applicable):
NetworkManager-1.2.0-0.6.beta2.fc24.x86_64

How reproducible:
Create 2 VPN connections from type pptp and try to establish the connection in order. The is no connection possible if another VPN connection is established. Error is: "Connection activation failed: The 'pptp' plugin only supports a single active connection."

Steps to Reproduce:
1. Create two pptp VPN's
2. Connect first.
3. Connect second. (Won't work)

Actual results:
Half working VPN situation.

Expected results:
The second VPN connects via the first.

Additional info:
The bug is created based on request of 'lubko'. Thank you for all who help me to clear this situation.
Comment 1 Fedora Update System 2016-04-20 18:34:47 UTC 
network-manager-applet-1.2.0-1.rc1.fc24 NetworkManager-libreswan-1.2.0-1.fc24 NetworkManager-fortisslvpn-1.2.0-1.fc24 NetworkManager-openconnect-1.2.0-1.fc24 NetworkManager-pptp-1.2.0-1.fc24 NetworkManager-openvpn-1.2.0-1.fc24 NetworkManager-vpnc-1.2.0-1.fc24 NetworkManager-1.2.0-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e287fa1e6
Comment 2 Lubomir Rintel 2016-04-21 10:16:33 UTC 
Created attachment 1149420 [details]
Use a single dbus name for VPN plugin & the pptp helper service

Uh, I think this needs more work. Attaching a patch for review.
Comment 3 Fedora Update System 2016-04-21 21:58:28 UTC 
NetworkManager-1.2.0-1.fc24, NetworkManager-fortisslvpn-1.2.0-1.fc24, NetworkManager-libreswan-1.2.0-1.fc24, NetworkManager-openconnect-1.2.0-1.fc24, NetworkManager-openvpn-1.2.0-1.fc24, NetworkManager-pptp-1.2.0-1.fc24, NetworkManager-vpnc-1.2.0-1.fc24, network-manager-applet-1.2.0-1.rc1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e287fa1e6
Comment 4 Thomas Haller 2016-04-27 09:53:34 UTC 
(In reply to Lubomir Rintel from comment #2)
> Created attachment 1149420 [details]
> Use a single dbus name for VPN plugin & the pptp helper service
> 
> Uh, I think this needs more work. Attaching a patch for review.


Patch lgtm. The following are minor style issues. Fix them if you agree.




+static gboolean
+handle_need_secrets (NMDBusPptpPpp *object,
+              GDBusMethodInvocation *invocation,
+              gpointer user_data)

whitespace.





»···if (priv->saddr) {
»···»···g_free (priv->saddr);
»···»···priv->saddr = NULL;
»···}

To bad, we don't have nm-glib around, like we do on nm-openvpn. g_clear_pointer() would be nice.




nm_pptp_plugin_new() should not contain any additional logic like creating the dbus-skeleton. I would overwrite init_sync() instead.



+    errno = 0;
+    if (inet_ntop (AF_INET, &naddr, buf, sizeof (buf) - 1) == NULL) {
+         g_set_error (error,
+                      NM_VPN_PLUGIN_ERROR,
+                      NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
+                      _("no usable addresses returned for PPTP VPN gateway '%s' (%d)"),
+                      src, errno);
+         return FALSE;
+    }

inet_ntop() doesn't fail due to a regular error.
Comment 5 Daniel Rindt 2016-04-28 17:45:32 UTC 
How i can test this build? Is it available in the testing repo?
Comment 6 Fedora Update System 2016-05-11 16:03:08 UTC 
NetworkManager-1.2.2-1.fc24 NetworkManager-vpnc-1.2.2-1.fc24 NetworkManager-libreswan-1.2.2-1.fc24 NetworkManager-openconnect-1.2.2-1.fc24 NetworkManager-fortisslvpn-1.2.2-1.fc24 NetworkManager-pptp-1.2.2-1.fc24 NetworkManager-openvpn-1.2.2-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-73f517cf1a
Comment 7 Fedora Update System 2016-05-12 09:41:00 UTC 
NetworkManager-1.2.2-1.fc24, NetworkManager-fortisslvpn-1.2.2-1.fc24, NetworkManager-libreswan-1.2.2-1.fc24, NetworkManager-openconnect-1.2.2-1.fc24, NetworkManager-openvpn-1.2.2-1.fc24, NetworkManager-pptp-1.2.2-1.fc24, NetworkManager-vpnc-1.2.2-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-73f517cf1a
Comment 8 Fedora Update System 2016-05-14 23:27:14 UTC 
NetworkManager-1.2.2-1.fc24, NetworkManager-fortisslvpn-1.2.2-1.fc24, NetworkManager-libreswan-1.2.2-1.fc24, NetworkManager-openconnect-1.2.2-1.fc24, NetworkManager-openvpn-1.2.2-1.fc24, NetworkManager-pptp-1.2.2-1.fc24, NetworkManager-vpnc-1.2.2-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Daniel Rindt 2016-05-23 13:04:03 UTC 
I've installed and tested nm with my company settings. Company network support sys its connected, and i see that both connections in order and connected, no login issue which show up when i enter my pin wrong. Just to test it. I also can confirm that resolv.conf contains proper dns ip addresses, but i have no packet flow. When i see the statistics from the adapter i would tend to say that all traffic goes to the first connected adapter and not the second one. They are have big differences in RX/TX package count. 
I doesn't find a documentation for this feature, so it's possible i forgot something to configure?
Comment 10 Jarmo 2016-06-21 07:42:01 UTC 
Not work for me:

d="0a4517eb-0b61-43c2-b5d1-27536db72d68" name="XXX" pid=8949 uid=1000 result="fail" reason="The 'vpnc' plugin only supports a single active connection."
---

rpm -qa|grep vpn
NetworkManager-openvpn-1.2.2-1.fc24.x86_64
vpnc-script-20140805-4.gitdf5808b.fc24.noarch
NetworkManager-vpnc-1.2.2-1.fc24.x86_64
NetworkManager-openvpn-gnome-1.2.2-1.fc24.x86_64
vpnc-0.5.3-27.svn550.fc24.x86_64
openvpn-2.3.11-1.fc24.x86_64
NetworkManager-vpnc-gnome-1.2.2-1.fc24.x86_64
Comment 11 Thomas Haller 2016-06-21 08:11:53 UTC 
(In reply to jrh from comment #10)
> Not work for me:
> 
> NetworkManager-vpnc-1.2.2-1.fc24.x86_64

nm-vpn 1.2.x does not support this yet. Was added for 1.4, not backported as of now:

https://git.gnome.org/browse/network-manager-vpnc/commit/?id=cdad999c132e1e9ef611c255ffd4843e3a3d12c4
Comment 12 Jarmo 2016-06-28 17:42:01 UTC 
Sorry, misunderstood the blog update (https://blogs.gnome.org/lkundrak/2016/04/20/networkmanager-1-2-is-here/).
Anyway, seems to work fine:) Thanks a lot!
Hope it will released in version 1.3 if not backported to 1.2.