Bug 619469

Summary: NetworkManager VPNC cannot connect
Product: [Fedora] Fedora Reporter: David Chin <david.w.h.chin>
Component: NetworkManager-vpncAssignee: Dan Williams <dcbw>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: dcbw, jklimes, twillber
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-15 13:20:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Chin 2010-07-29 15:44:04 UTC
Description of problem:

Using a VPNC profile created with NetworkManager itself, NM cannot connect to the VPN.

Version-Release number of selected component (if applicable):

NetworkManager-0.8.1-1.fc13.x86_64
NetworkManager-vpnc-0.8.0-1.git20100411.fc13.x86_64
vpnc-0.5.3-7.fc13.x86_64
vpnc-consoleuser-0.5.3-7.fc13.x86_64


How reproducible:

Every time I attempt to connect to VPN.

Steps to Reproduce:
1. Create VPNC profile in NetworkManager
2. Click on NM icon in Notification Area and select appropriate VPN connection.
  
Actual results:

NM icon shows busy for several seconds. Then, error "bubble" pops up with this message: VPN Connection Failed. The VPN connection 'My VPN name' failed.

Expected results:

VPN connection to succeed.

Additional info:
2.6.33.6-147.fc13.x86_64 #1 SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux

I have SELinux Disabled. IP address and other network configs are manually (statically) set.

Attempts at using commandline version of vpnc. The 5th attempt below works (i.e. sudo with --local-port 0).

1. Using vpnc-consoleuser:

/usr/bin/vpnc ~/etc/vpnc/FooBar.conf 
Enter IPSec gateway address: 111.222.333.444
Enter IPSec ID for 111.222.333.444: FooBar
Enter IPSec secret for FooBar.333.444: ******** 
Enter username for 111.222.333.444: myname
Enter password for myname.333.444: 
/usr/sbin/vpnc: no response from target


2. Using vpnc directly:

/usr/sbin/vpnc ~/etc/vpnc/FooBar.conf
Enter password for myname.333.444: 
/usr/sbin/vpnc: Error binding to source port. Try '--local-port 0'
Failed to bind to 0.0.0.0:500: Permission denied


3. Using vpnc specifying '--local-port 0' (i.e. random port):

/usr/sbin/vpnc --local-port 0 ~/etc/vpnc/FooBar.conf
Enter password for myname.333.444: 
/usr/sbin/vpnc: can't initialise tunnel interface: Operation not permitted


4. Using vpnc with sudo:

sudo /usr/sbin/vpnc ~/etc/vpnc/FooBar.conf
Enter password for myname.333.444: 
/usr/sbin/vpnc: no response from target


5. Using vpnc with sudo and '--local-port 0':

sudo /usr/sbin/vpnc --local-port 0 ~/etc/vpnc/FooBar.conf
Enter password for myname.333.444: 
VPNC started in background (pid: 1120)...

Comment 1 David Chin 2010-07-29 15:46:21 UTC
To clarify: The file FooBar.conf for VPNC contains the same info as the NM profile, except I stored the obfuscated IPSec secret in the .conf.

Comment 2 David Chin 2010-07-29 16:55:25 UTC
Snippet from /var/log/messages showing NetworkManager log:


Jul 29 11:32:48 mymachine NetworkManager[1539]: <info> Starting VPN service 'org.freedesktop.NetworkManager.vpnc'...
Jul 29 11:32:48 mymachine NetworkManager[1539]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 32544
Jul 29 11:32:48 mymachine NetworkManager[1539]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' appeared, activating connections
Jul 29 11:32:48 mymachine NetworkManager[1539]: <info> VPN plugin state changed: 3
Jul 29 11:32:48 mymachine NetworkManager[1539]: <info> VPN connection 'FooBar' (Connect) reply received.
Jul 29 11:32:48 mymachine kernel: tun0: Disabled Privacy Extensions
Jul 29 11:33:03 mymachine NetworkManager[1539]: <warn> VPN plugin failed: 1
Jul 29 11:33:03 mymachine NetworkManager[1539]: <info> VPN plugin state changed: 6
Jul 29 11:33:03 mymachine NetworkManager[1539]: <info> VPN plugin state change reason: 0
Jul 29 11:33:03 mymachine NetworkManager[1539]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Jul 29 11:33:03 mymachine NetworkManager[1539]: <info> Policy set 'System eth0' (eth0) as default for IPv4 routing and DNS.

Comment 3 David Chin 2010-08-30 14:28:44 UTC
Made sure that the ipsec service was off, which it was. No change: connection still fails.

And then, tried removing the openswan package. No change: connection still fails.

Comment 4 Toni Willberg 2010-08-30 15:03:30 UTC
duplicate of bug #514071 ?

Comment 5 Jirka Klimes 2010-10-15 13:19:36 UTC
Yeah, it's duplicate of bug 514071. Why do you open new bug, David?

It is definitely something sitting on port 500 as indicated by
> /usr/sbin/vpnc ~/etc/vpnc/FooBar.conf
> Enter password for myname.333.444: 
> /usr/sbin/vpnc: Error binding to source port. Try '--local-port 0'
> Failed to bind to 0.0.0.0:500: Permission denied

Please check once more that the port is free.
I fixed the issue in bug 514071.

Comment 6 Jirka Klimes 2010-10-15 13:20:01 UTC

*** This bug has been marked as a duplicate of bug 514071 ***