Bug 1490874
Summary: | VPN connection using NM fails (timeouts) but the same connection works from terminal | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Andreas Balg <andy> | ||||||
Component: | NetworkManager-fortisslvpn | Assignee: | Lubomir Rintel <lkundrak> | ||||||
Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 27 | CC: | a.korsunsky, andy, darko.bunic, dusan.stloukal, emelenas, extras-qa, foryauhen, j_doe, jimis, johu, kblaesi, lkundrak, negativo17, pawel.wierzbicki.pl, phlogi1, quiffman, self, stephen.sadowski, thaller | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | 1405456 | Environment: | |||||||
Last Closed: | 2018-11-30 23:09:46 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Andreas Balg
2017-09-12 12:09:02 UTC
Same issue here, no output at all in logs about the timeout. It just exits after a while. I also tried to rebuild 1.2.6 from f27/rawhide for Fedora 26, but the plugin crashes. Reverted back to openfortivpn from command line. I know from experience that version 1.2.4 is broken, while 1.2.2 worked. I have used git bisect to track the first bad commit, this is my result: $ git bisect bad 51e407ee873f6bb6e9903d04acee0a9b54119427 is the first bad commit commit 51e407ee873f6bb6e9903d04acee0a9b54119427 Author: Thomas Haller <thaller> Date: Fri Sep 16 14:44:53 2016 +0200 properties: split GTK dependent editor plugin To workaround a bug in autotools, we have to disable subdir-objects (see https://lists.gnu.org/archive/html/automake/2015-08/msg00003.html). :100644 100644 b2b6f6adb2502ff614b72cb73b5d59c2dc264036 0b3e6a4e6033acef1e67ce1352e32ea66c6f4b62 M Makefile.am :100644 100644 99f01417c4ec639e6928ab10e560358a5f63650a 05e6d77476a7bc018686e789111937ac34d783a1 M configure.ac :040000 040000 29c722763db7eec8caaab491abe94ad06e64a905 b184b1dd898e1e747438d1af64596b512c7e689f M properties Forgot to mention the project, I am talking about https://github.com/GNOME/network-manager-fortisslvpn Problem solved: The issue is no longer reproducible after the owner updated it's device from FortiOS v5.4.2 to v5.6.2 ! Hi, I have the same problem on fresh Fedora 27 (installed and updated). Here is list of my packages: NetworkManager-fortisslvpn-gnome-1.2.6-3.fc27.x86_64 NetworkManager-fortisslvpn-1.2.6-3.fc27.x86_64 openfortivpn-1.5.0-1.fc27.x86_64 ppp-2.4.7-13.fc27.x86_64 Connecting from command line works excellent (servername and trusted certificate are replaced): > openfortivpn servername:443 -umylogin -pmypasswd --trusted-cert 123456789012345678901234567890 When I try to login from GUI here is output from log: > journalctl -f -u NetworkManager.service Dec 25 12:25:23 pc-dbunic.culinec.hr NetworkManager[657]: <info> [1514201123.1709] audit: op="connection-activate" uuid="fb43ac45-c284-4706-ad90-41e405bce333" name="HRT" pid=3307 uid=1000 result="success" Dec 25 12:25:23 pc-dbunic.culinec.hr NetworkManager[657]: <info> [1514201123.1770] vpn-connection[0x55b48be40100,fb43ac45-c284-4706-ad90-41e405bce333,"HRT",0]: Started the VPN service, PID 3378 Dec 25 12:25:23 pc-dbunic.culinec.hr NetworkManager[657]: <info> [1514201123.1889] vpn-connection[0x55b48be40100,fb43ac45-c284-4706-ad90-41e405bce333,"HRT",0]: Saw the service appear; activating connection Dec 25 12:25:23 pc-dbunic.culinec.hr NetworkManager[657]: <info> [1514201123.2832] vpn-connection[0x55b48be40100,fb43ac45-c284-4706-ad90-41e405bce333,"HRT",0]: VPN connection: (ConnectInteractive) reply received Dec 25 12:25:23 pc-dbunic.culinec.hr NetworkManager[657]: <info> [1514201123.2874] vpn-connection[0x55b48be40100,fb43ac45-c284-4706-ad90-41e405bce333,"HRT",0]: VPN plugin: state changed: starting (3) Dec 25 12:25:23 pc-dbunic.culinec.hr NetworkManager[657]: INFO: Connected to gateway. Dec 25 12:25:23 pc-dbunic.culinec.hr NetworkManager[657]: INFO: Authenticated. Dec 25 12:25:23 pc-dbunic.culinec.hr NetworkManager[657]: INFO: Remote gateway has allocated a VPN. Dec 25 12:25:23 pc-dbunic.culinec.hr pppd[3389]: Plugin /usr/lib64/pppd/2.4.7/nm-fortisslvpn-pppd-plugin.so loaded. Dec 25 12:25:23 pc-dbunic.culinec.hr pppd[3389]: pppd 2.4.7 started by root, uid 0 Dec 25 12:25:23 pc-dbunic.culinec.hr pppd[3389]: Using interface ppp0 Dec 25 12:25:23 pc-dbunic.culinec.hr pppd[3389]: Connect: ppp0 <--> /dev/pts/1 Dec 25 12:25:23 pc-dbunic.culinec.hr NetworkManager[657]: <info> [1514201123.6643] manager: (ppp0): new Generic device (/org/freedesktop/NetworkManager/Devices/3) Dec 25 12:26:23 pc-dbunic.culinec.hr nm-fortisslvpn-[3378]: Connect timer expired, disconnecting. Dec 25 12:26:23 pc-dbunic.culinec.hr NetworkManager[657]: INFO: Cancelling threads... Dec 25 12:26:23 pc-dbunic.culinec.hr NetworkManager[657]: <warn> [1514201183.2756] vpn-connection[0x55b48be40100,fb43ac45-c284-4706-ad90-41e405bce333,"HRT",0]: VPN connection: connect timeout exceeded. Dec 25 12:26:23 pc-dbunic.culinec.hr pppd[3389]: Hangup (SIGHUP) Dec 25 12:26:23 pc-dbunic.culinec.hr NetworkManager[657]: <info> [1514201183.2825] vpn-connection[0x55b48be40100,fb43ac45-c284-4706-ad90-41e405bce333,"HRT",0]: VPN service disappeared Dec 25 12:26:23 pc-dbunic.culinec.hr pppd[3389]: Modem hangup Dec 25 12:26:23 pc-dbunic.culinec.hr pppd[3389]: Connection terminated. Dec 25 12:26:23 pc-dbunic.culinec.hr pppd[3389]: Exit. Dec 25 12:26:23 pc-dbunic.culinec.hr NetworkManager[657]: INFO: Terminated pppd. Dec 25 12:26:23 pc-dbunic.culinec.hr NetworkManager[657]: INFO: Closed connection to gateway. Dec 25 12:26:23 pc-dbunic.culinec.hr NetworkManager[657]: INFO: Logged out. Dec 25 12:55:53 pc-dbunic.culinec.hr NetworkManager[657]: <info> [1514202953.4397] manager: (ppp0): new Generic device (/org/freedesktop/NetworkManager/Devices/4) ... and finally, here is list from "ps aux | grep forti > /tmp/command.txt" root 10484 0.0 0.0 326608 7044 ? Sl 13:48 0:00 /usr/libexec/nm-fortisslvpn-service --bus-name org.freedesktop.NetworkManager.fortisslvpn.Connection_3 root 10494 1.0 0.0 341000 6168 ? Sl 13:48 0:00 /bin/openfortivpn -c /fb43ac45-c284-4706-ad90-41e405bce333.config --no-routes --no-dns servername 443 --trusted-cert 123456789012345678901234567890 --pppd-plugin /usr/lib64/pppd/2.4.7/nm-fortisslvpn-pppd-plugin.so root 10495 0.0 0.1 255688 8924 pts/2 Ssl+ 13:48 0:00 /usr/sbin/pppd 38400 noipdefault noaccomp noauth default-asyncmap nopcomp receive-all nodefaultroute :1.1.1.1 nodetach lcp-max-configure 40 mru 1354 usepeerdns plugin /usr/lib64/pppd/2.4.7/nm-fortisslvpn-pppd-plugin.so Is the problem maybe related to the command line that GUI creates. In the command line I have to write "servername:port" but in the "ps aux" port is separated with space. I can provide more output data if needed. Thanks in advance and Merry Xmas, dbunic Right now I can only connect via commandline :( If I use the gnome shell UI I get the following in the systemd journal: Jan 09 17:57:03 konstantin-pc NetworkManager[1150]: <info> [1515517023.3987] vpn-connection[0x55c4b5f5e4c0,a3b35d84-ea60-4a21-8e14-808a3fea0098,"foobar",0]: VPN connection: (ConnectInteractive) reply received Jan 09 17:57:03 konstantin-pc audit[6657]: AVC avc: denied { write } for pid=6657 comm="nm-fortisslvpn-" name="root" dev="dm-0" ino=256 scontext=system_u:system_r:openfortivpn_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir permissive=0 Jan 09 17:57:03 konstantin-pc NetworkManager[1150]: <warn> [1515517023.3994] vpn-connection[0x55c4b5f5e4c0,a3b35d84-ea60-4a21-8e14-808a3fea0098,"foobar",0]: VPN connection: failed to connect: 'Datei »/a3b35d84-ea60-4a21-8e14-808a3fea0098.config.245HCZ« konnte nicht angelegt werden: Keine Berechtigung' The german part at the end says "Failed to create file /a3b35d84-ea60-4a21-8e14-808a3fea0098.config.245HCZ: Permission denied". Hi, on my clean installed and with latest upgrades F27 works workaround - using CLI command with "--ask" parameter. So, I can confirm reported behavior when connecting using GUI or CLI command without "--ask" (although I am asked for password by pop-up window). Using this command everything works as expected: $ nmcli connection up my_vpn_connection --ask A password is required to connect to 'my_vpn_connection'. Password (vpn.secrets.password): Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) Installed packages: openfortivpn-1.5.0-1.fc27.x86_64 NetworkManager-fortisslvpn-1.2.8-1.fc27.x86_64 NetworkManager-fortisslvpn-gnome-1.2.8-1.fc27.x86_64 Hope this helps. Have a nice day! D. This is still killing me. Our FortiSSLVPN uses radius for mfa, and NetworkManager-fortisslvpn-gnome doesn't wait long enough for the second factor challenge-response (which in my case is Microsoft Authenticator), but the command line executable does. There's a 10 second timeout between sending the username/password credentials and the VPN timeout, which is right on the cusp of how long it takes for the mfa notification to make it to my device. Installed packages: NetworkManager-fortisslvpn-1.2.8-1.fc27.x86_64 NetworkManager-fortisslvpn-gnome-1.2.8-1.fc27.x86_64 openfortivpn-1.5.0-1.fc27.x86_64 Created attachment 1402925 [details]
NetworkManager log
Relevant (cleaned) section from Network Manger logs.
Note the 10 seconds between connect and timeout.
Found this while searching - similar issue. I believe this has to do with dbus, specifically, as the connection always closes with the problem '<warn> Looks like pppd didn't initialize our dbus module' Installed packages: NetworkManager-fortisslvpn-1.2.8-1.fc27.x86_64 NetworkManager-fortisslvpn-gnome-1.2.8-1.fc27.x86_64 openfortivpn-1.5.0-1.fc27.x86_64 Methods: I've attached a log with TRACE enabled for CONCHECK,DBUS_PROPS,PPP,VPN,VPN_PLUGIN enabled through nmcli Sensitive info is replaced with 'XXXX_XXXX' Logs: Apr 18 12:23:56 m NetworkManager[1142]: <info> [1524072236.1258] vpn-connection[0x55a467da74a0,1ac91874-5da2-4601-a8af-046cf4864000,"VPN_CONNECTION",0]: Started the VPN service, PID 4561 Apr 18 12:23:56 m NetworkManager[1142]: nm-fortisslvpn[4561] <debug> nm-fortisslvpn-service (version 1.2.8-1.fc27) starting... Apr 18 12:23:56 m NetworkManager[1142]: nm-fortisslvpn[4561] <debug> uses --bus-name "org.freedesktop.NetworkManager.fortisslvpn.Connection_12" Apr 18 12:23:56 m NetworkManager[1142]: <info> [1524072236.1337] vpn-connection[0x55a467da74a0,1ac91874-5da2-4601-a8af-046cf4864000,"VPN_CONNECTION",0]: Saw the service appear; activating connection Apr 18 12:23:56 m journal[4569]: GtkDialog mapped without a transient parent. This is discouraged. Apr 18 12:24:09 m NetworkManager[1142]: <info> [1524072249.0315] vpn-connection[0x55a467da74a0,1ac91874-5da2-4601-a8af-046cf4864000,"VPN_CONNECTION",0]: VPN connection: (ConnectInteractive) reply received Apr 18 12:24:09 m NetworkManager[1142]: nm-fortisslvpn[4561] <debug> connection: Apr 18 12:24:09 m NetworkManager[1142]: connection Apr 18 12:24:09 m NetworkManager[1142]: #011id : "VPN_CONNECTION" (s) Apr 18 12:24:09 m NetworkManager[1142]: #011uuid : "1ac91874-5da2-4601-a8af-046cf4864000" (s) Apr 18 12:24:09 m NetworkManager[1142]: #011interface-name : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011type : "vpn" (s) Apr 18 12:24:09 m NetworkManager[1142]: #011permissions : [] (s) Apr 18 12:24:09 m NetworkManager[1142]: #011autoconnect : FALSE (s) Apr 18 12:24:09 m NetworkManager[1142]: #011autoconnect-priority : 0 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011autoconnect-retries : -1 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011timestamp : 0 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011read-only : FALSE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011zone : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011master : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011slave-type : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011secondaries : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011gateway-ping-timeout : 0 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011metered : ((NMMetered) NM_METERED_UNKNOWN) (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011lldp : -1 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011stable-id : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: ipv6 Apr 18 12:24:09 m NetworkManager[1142]: #011method : "auto" (s) Apr 18 12:24:09 m NetworkManager[1142]: #011dns : [] (s) Apr 18 12:24:09 m NetworkManager[1142]: #011dns-search : [] (s) Apr 18 12:24:09 m NetworkManager[1142]: #011dns-options : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dns-priority : 0 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011addresses : ((GPtrArray*) 0x55c180df0640) (s) Apr 18 12:24:09 m NetworkManager[1142]: #011gateway : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011routes : ((GPtrArray*) 0x55c180ddcfa0) (s) Apr 18 12:24:09 m NetworkManager[1142]: #011route-metric : -1 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011ignore-auto-routes : FALSE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011ignore-auto-dns : FALSE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dhcp-hostname : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dhcp-send-hostname : TRUE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011never-default : FALSE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011may-fail : TRUE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dad-timeout : -1 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dhcp-timeout : 0 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_DISABLED) (s) Apr 18 12:24:09 m NetworkManager[1142]: #011addr-gen-mode : 1 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011token : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: proxy Apr 18 12:24:09 m NetworkManager[1142]: #011method : 0 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011browser-only : FALSE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011pac-url : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011pac-script : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: vpn Apr 18 12:24:09 m NetworkManager[1142]: #011service-type : "org.freedesktop.NetworkManager.fortisslvpn" (s) Apr 18 12:24:09 m NetworkManager[1142]: #011user-name : "XXXX_XXXX" (s) Apr 18 12:24:09 m NetworkManager[1142]: #011persistent : FALSE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011data : ((GHashTable*) 0x55c180de5f00) (s) Apr 18 12:24:09 m NetworkManager[1142]: #011secrets : ((GHashTable*) 0x55c180de5f60) (s) Apr 18 12:24:09 m NetworkManager[1142]: #011timeout : 0 (sd) Apr 18 12:24:09 m NetworkManager[1142]: ipv4 Apr 18 12:24:09 m NetworkManager[1142]: #011method : "auto" (s) Apr 18 12:24:09 m NetworkManager[1142]: #011dns : [] (s) Apr 18 12:24:09 m NetworkManager[1142]: #011dns-search : [] (s) Apr 18 12:24:09 m NetworkManager[1142]: #011dns-options : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dns-priority : 0 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011addresses : ((GPtrArray*) 0x55c180ddcfa0) (s) Apr 18 12:24:09 m NetworkManager[1142]: #011gateway : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011routes : ((GPtrArray*) 0x55c180df0640) (s) Apr 18 12:24:09 m NetworkManager[1142]: #011route-metric : -1 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011ignore-auto-routes : FALSE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011ignore-auto-dns : TRUE (s) Apr 18 12:24:09 m NetworkManager[1142]: #011dhcp-hostname : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dhcp-send-hostname : TRUE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011never-default : FALSE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011may-fail : TRUE (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dad-timeout : -1 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dhcp-timeout : 0 (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dhcp-client-id : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: #011dhcp-fqdn : NULL (sd) Apr 18 12:24:09 m NetworkManager[1142]: nm-fortisslvpn[4561] <debug> start /bin/openfortivpn -c /var/lib/NetworkManager-fortisslvpn/1ac91874-5da2-4601-a8af-046cf4864000.config --no-routes --no-dns vpn.icf.com:443/full -vvvvv --trusted-cert XXXX_XXXX --pppd-plugin /usr/lib64/pppd/2.4.7/nm-fortisslvpn-pppd-plugin.so Apr 18 12:24:09 m NetworkManager[1142]: nm-fortisslvpn[4561] <info> openfortivpn started with pid 4576 Apr 18 12:24:09 m NetworkManager[1142]: <info> [1524072249.0358] vpn-connection[0x55a467da74a0,1ac91874-5da2-4601-a8af-046cf4864000,"VPN_CONNECTION",0]: VPN plugin: state changed: starting (3) Apr 18 12:24:09 m NetworkManager[1142]: DEBUG: Loaded config file "/var/lib/NetworkManager-fortisslvpn/1ac91874-5da2-4601-a8af-046cf4864000.config". Apr 18 12:24:09 m NetworkManager[1142]: DEBUG: Config host = "XXXX_XXXX" Apr 18 12:24:09 m NetworkManager[1142]: DEBUG: Config realm = "" Apr 18 12:24:09 m NetworkManager[1142]: DEBUG: Config port = "443" Apr 18 12:24:09 m NetworkManager[1142]: DEBUG: Config username = "XXXX_XXXX" Apr 18 12:24:09 m NetworkManager[1142]: DEBUG: Config password = "********" Apr 18 12:24:09 m NetworkManager[1142]: DEBUG: One-time password = "XXXX_XXXX" Apr 18 12:24:09 m NetworkManager[1142]: DEBUG: Gateway certificate validation failed. Apr 18 12:24:09 m NetworkManager[1142]: DEBUG: Gateway certificate digest found in white list. Apr 18 12:24:09 m NetworkManager[1142]: INFO: Connected to gateway. Apr 18 12:24:12 m NetworkManager[1142]: DEBUG: Error reading from SSL connection (Protocol violation with EOF). Apr 18 12:24:12 m NetworkManager[1142]: DEBUG: Gateway certificate validation failed. Apr 18 12:24:12 m NetworkManager[1142]: DEBUG: Gateway certificate digest found in white list. Apr 18 12:24:19 m NetworkManager[1142]: nm-fortisslvpn[4561] <warn> Looks like pppd didn't initialize our dbus module Apr 18 12:24:19 m NetworkManager[1142]: nm-fortisslvpn[4561] <info> Terminated ppp daemon with PID 4576. Apr 18 12:24:19 m NetworkManager[1142]: <warn> [1524072259.0464] vpn-connection[0x55a467da74a0,1ac91874-5da2-4601-a8af-046cf4864000,"VPN_CONNECTION",0]: VPN plugin: failed: connect-failed (1) Apr 18 12:24:19 m NetworkManager[1142]: <warn> [1524072259.0466] vpn-connection[0x55a467da74a0,1ac91874-5da2-4601-a8af-046cf4864000,"VPN_CONNECTION",0]: VPN plugin: failed: connect-failed (1) Apr 18 12:24:19 m NetworkManager[1142]: <info> [1524072259.0466] vpn-connection[0x55a467da74a0,1ac91874-5da2-4601-a8af-046cf4864000,"VPN_CONNECTION",0]: VPN plugin: state changed: stopping (5) Apr 18 12:24:19 m NetworkManager[1142]: <info> [1524072259.0471] vpn-connection[0x55a467da74a0,1ac91874-5da2-4601-a8af-046cf4864000,"VPN_CONNECTION",0]: VPN plugin: state changed: stopped (6) Apr 18 12:24:19 m NetworkManager[1142]: <info> [1524072259.0508] vpn-connection[0x55a467da74a0,1ac91874-5da2-4601-a8af-046cf4864000,"VPN_CONNECTION",0]: VPN service disappeared This message is a reminder that Fedora 26 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '26'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 26 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. Same here, with the following packages: NetworkManager-fortisslvpn.x86_64-1.2.8-2.fc28 openfortivpn.x86_64-1.6.0-1.fc28 plasma-nm-fortisslvpn.x86_64-5.13.4-1.fc28 Using openfortivpn n a terminal works flawlessly,but neither NM nor the plasma applet are able to connect. Both time out *** Bug 1636697 has been marked as a duplicate of this bug. *** This message is a reminder that Fedora 27 is nearing its end of life. On 2018-Nov-30 Fedora will stop maintaining and issuing updates for Fedora 27. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '27'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 27 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. Fedora 27 changed to end-of-life (EOL) status on 2018-11-30. Fedora 27 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. I'm having the same issue, here is what I found: - the port with a space is definitely wrong. The argument must be of server.com:443 and not server.com 443 - The argument for the pppd is causing the hangup: --pppd-plugin /usr/lib/pppd/2.4.5/nm-fortisslvpn-pppd-plugin.so If i manually remove that, the connection succeeds. The timeout happens because of a hardcoded 10s timeout in NetworkManager-fortisslvpn: https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/blob/1.2.10/src/nm-fortisslvpn-service.c#L290 The message that this timeout emits is "Looks like pppd didn't initialize our dbus module": https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/blob/1.2.10/src/nm-fortisslvpn-service.c#L200 For some weird reason, even if the message is at level WARN, I only get it if I increase the verbosity in all NetworkManager domains, with the command: sudo nmcli general logging level trace domains all NOTE: The issue seems to be fixed in newest development versions of NetworkManager-fortisslvpn. In particular, version 1.4-rc1 doesn't have the issue, while latest stable 1.2.10 does have it. |