Bug 641068

Summary: Doesn't work as an idicator of the VPN connection
Product: [Fedora] Fedora Reporter: Matěj Cepl <mcepl>
Component: NetworkManager-openswanAssignee: Avesh Agarwal <avagarwa>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: avagarwa, mcepl, msanders, sgrubb
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 705890 (view as bug list) Environment:
Last Closed: 2012-03-06 20:11:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 637248, 705890, 738385    

Description Matěj Cepl 2010-10-07 17:13:54 UTC 
Description of problem:
When using NM-vpnc (and NM-openvpn, but it is not that much relevant there, because it is more stable) I can see when the VPN connection is down (because of failed 23 hours rekeying or something), because then NM icon in the status bar looses the padlock icon. Unfortunately, when using NM-openswan the padlock icon is still there even though ping <server inside of VPN> doesn't give any response. If nothing else is possible, couldn't NM-openswan ping some computer inside of VPN to check the connection is actually up?

Version-Release number of selected component (if applicable):
NetworkManager-openswan-0.8.0-5.20100411git.fc14.x86_64

How reproducible:
100%

Steps to Reproduce:
1.make VPN connection with NM-openswan
2.wait
3.
  
Actual results:
When the connection falls down, there is still padlock on the NM icon

Expected results:
When the connection is down, padlock should be removed

Additional info:
Comment 1 Avesh Agarwal 2010-10-13 21:20:11 UTC 
I looked at this, here is the reason. Openswan does not create any interface like tun0 something done by vpnc. When tun0 is down, NM gets to know about it, and takes care of removing the padlock. However, as there is no such interface with Openswan, NM never comes to know about it, and does not take padlock icon away.

It will probably require changes in NM, so that when openswan connection goes down, and it should take this padlock away, or it will require creating tun like interface in Openswan (but Openswan upstream does not seem comfortable with it).
Comment 2 Matěj Cepl 2010-10-15 12:11:11 UTC 
So, what to do? Switch this to NM bug?
Comment 3 Avesh Agarwal 2010-10-15 14:34:25 UTC 
Specifically, if NM can track ip address add/delete events in addition to network interface up/down events, then it can work for Openswan.

I will send email to Dan Williams, and see what are his views.
Comment 4 Matthew Mosesohn 2010-12-14 22:43:26 UTC 
this affects RHEL 6.0 also
Comment 5 Avesh Agarwal 2012-03-06 20:11:04 UTC 
This has been solved in rhel (705890 738385) and patches have been upstream nm-openswan and openswan so closing it as fixed.