Bug 510779

Summary: NetworkManager-openvpn seems completely broken for password auth on F11
Product: [Fedora] Fedora Reporter: Tomas Mraz <tmraz>
Component: NetworkManager-openvpnAssignee: Dan Williams <dcbw>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 11CC: anton, azelinka, b.bellec, bche, choeger, dcbw, djuran, kzak, mcepl, mcepl, mishu, poelstra, steve, tim, vvaldez
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-28 13:33:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Mraz 2009-07-10 18:21:14 UTC 
I can't get neither the vanilla package from Fedora nor a package I compiled myself from src.rpm with one additional patch to work.

It will not even attempt to connect to the openvpn gateway as the NM plugin seems to not be able to obtain the password from me. The password dialog sometimes appears, and sometimes not but the /var/log/messages always contains messages like:
ERROR: could not read Auth username/password/ok/string from management interface
or:
vpn_service_watch_cb(): VPN service 'org.freedesktop.NetworkManager.openvpn' exited with error: 1
Comment 1 Matěj Cepl 2009-07-13 08:21:44 UTC 
I get different logs:

bradford:~# grep -i openvpn /var/log/messages
Jul 12 21:46:41 bradford NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Jul 12 21:46:41 bradford NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 3020
Jul 12 21:46:42 bradford NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Jul 12 21:47:14 bradford NetworkManager: <info>  VPN connection 'RH OpenVPN' (Connect) reply received.
Jul 12 21:47:14 bradford NetworkManager: <WARN>  nm_vpn_connection_connect_cb(): VPN connection 'RH OpenVPN' failed to connect: 'Invalid HMAC auth.'.
Jul 13 10:09:15 bradford NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Jul 13 10:09:15 bradford NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 7201
Jul 13 10:09:15 bradford NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Jul 13 10:09:15 bradford NetworkManager: <info>  VPN connection 'RH OpenVPN' (Connect) reply received.
Jul 13 10:09:15 bradford NetworkManager: <WARN>  nm_vpn_connection_connect_cb(): VPN connection 'RH OpenVPN' failed to connect: 'Invalid HMAC auth.'.
Jul 13 10:09:27 bradford NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Jul 13 10:09:27 bradford NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 7206
Jul 13 10:09:27 bradford NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Jul 13 10:09:27 bradford NetworkManager: <info>  VPN connection 'RH OpenVPN' (Connect) reply received.
Jul 13 10:09:27 bradford NetworkManager: <WARN>  nm_vpn_connection_connect_cb(): VPN connection 'RH OpenVPN' failed to connect: 'Invalid HMAC auth.'.
Jul 13 10:13:19 bradford NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Jul 13 10:13:19 bradford NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 7827
Jul 13 10:13:19 bradford NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Jul 13 10:13:34 bradford NetworkManager: <info>  VPN connection 'RH OpenVPN' (Connect) reply received.
Jul 13 10:13:34 bradford NetworkManager: <WARN>  nm_vpn_connection_connect_cb(): VPN connection 'RH OpenVPN' failed to connect: 'Invalid HMAC auth.'.
bradford:~#
Comment 2 Matěj Cepl 2009-07-13 10:52:13 UTC 
I have filed my separate bug 511026
Comment 3 Tomas Mraz 2009-07-15 07:35:38 UTC 
With NetworkManager-openvpn-0.7.1-1.git20090714.fc11.x86_64 I'm getting the same  error as Matej in comment #1.

The plugin still does not ask for the password every time which it should because I did not checked that it should save it.
Comment 4 Matěj Cepl 2009-07-15 17:44:34 UTC 
(In reply to comment #3)
> With NetworkManager-openvpn-0.7.1-1.git20090714.fc11.x86_64 I'm getting the
> same  error as Matej in comment #1.

It's kind of weird, I have set up HMAC hard to SHA-1 and then it worked. Then I have switched back to default and it still works. ;-)

> The plugin still does not ask for the password every time which it should
> because I did not checked that it should save it.  

Sometimes you have to restart NetworkManager service between two attempts of login (especially if you used vpnc plugin in between).
Comment 5 Dan Williams 2009-11-06 06:22:28 UTC 
The password bug should be fixed already in NM in both rawhide and:

https://admin.fedoraproject.org/updates/F11/FEDORA-2009-10696

Please test that build.  Thanks!
Comment 6 Anton Arapov 2009-12-15 20:54:08 UTC 
NetworkManager-openvpn-0.7.996-4.git20090923.fc12.x86_64
same problem, F12. Comment #4 works for me.
Comment 7 Bryan Che 2010-01-01 06:50:49 UTC 
I have the same experience as Comment #6 (f12, same version, same problem, same fix)
Comment 8 Vinny Valdez 2010-02-09 01:24:12 UTC 
Same version, error, and fix as Comment #6.

For anyone else with this issue, you change the setting on the profile that was imported/created, under Advanced > Security > HMAC.

I too am able to revert it back to "Default" and it works.
Comment 9 Bug Zapper 2010-04-27 15:36:05 UTC 
This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 11 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 10 Bug Zapper 2010-06-28 13:33:52 UTC 
Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 11 Benjamin Bellec 2011-01-02 12:27:40 UTC 
I have this issue when I'm trying to connect to a VPN (vpntunnel.se). I have not modified the VPN config. This doesn't works since 2 or 3 weeks only.

When connecting :
NetworkManager[1049]: <info> Starting VPN service 'openvpn'...
NetworkManager[1049]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 2492
NetworkManager[1049]: <info> VPN service 'openvpn' appeared; activating connections
NetworkManager[1049]: <info> VPN plugin state changed: 1
NetworkManager[1049]: <info> VPN plugin state changed: 3
NetworkManager[1049]: <info> VPN connection 'openvpn' (Connect) reply received.
nm-openvpn[2496]: OpenVPN 2.1.1 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan  5 2010
NetworkManager[1049]: <warn> VPN connection 'openvpn' (IP Config Get) timeout exceeded.
nm-openvpn[2496]: ERROR: could not read Auth username/password/ok/string from management interface
nm-openvpn[2496]: Exiting
NetworkManager[1049]: <info> Policy set 'System eth0' (eth0) as default for IPv4 routing and DNS.
NetworkManager[1049]: <info> VPN service 'openvpn' disappeared
Comment 12 Benjamin Bellec 2011-01-02 12:30:01 UTC 
Sorry, I forget :
NetworkManager 1:0.8.1-10.git20100831.fc14.x86_64
NetworkManager-gnome 1:0.8.1-10.git20100831.fc14.x86_64
NetworkManager-openvpn 1:0.8.1-1.fc14.x86_64