1214643 – pptp VPN Connection stops working after update

Bug 1214643 - pptp VPN Connection stops working after update

Summary: pptp VPN Connection stops working after update

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	NetworkManager-pptp
Sub Component:
Version:	20
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Dan Williams
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-04-23 09:48 UTC by Glenn L. Jenkins
Modified:	2017-10-06 18:03 UTC (History)
CC List:	6 users (show)
Fixed In Version:	NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-05-01 16:44:31 UTC
Type:	Bug
Embargoed:
Dependent Products:
Flags:	mleitner: needinfo-

Attachments	(Terms of Use)

Description Glenn L. Jenkins 2015-04-23 09:48:37 UTC

Description of problem:


Version-Release number of selected component (if applicable): 
NetworkManager-pptp.x86_64         1:0.9.8.2-3.fc20   

How reproducible:


Steps to Reproduce:
1. Create a new VPN Connection (pptp)
2. Configure for connection to Microsoft VPN
3.

Actual results: Fails

Apr 23 10:30:31 sc-miho NetworkManager: ** Message: pppd started with pid 3320
Apr 23 10:30:31 sc-miho NetworkManager[836]: <info> VPN connection 'VPN 1' (Connect) reply received.
Apr 23 10:30:31 sc-miho pppd[3320]: Plugin /usr/lib64/pppd/2.4.5/nm-pptp-pppd-plugin.so loaded.
Apr 23 10:30:31 sc-miho NetworkManager: Plugin /usr/lib64/pppd/2.4.5/nm-pptp-pppd-plugin.so loaded.
Apr 23 10:30:31 sc-miho NetworkManager: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
Apr 23 10:30:31 sc-miho pppd[3320]: pppd 2.4.5 started by root, uid 0
Apr 23 10:30:31 sc-miho NetworkManager: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
Apr 23 10:30:31 sc-miho pppd[3320]: Using interface ppp0
Apr 23 10:30:31 sc-miho pppd[3320]: Connect: ppp0 <--> /dev/pts/9
Apr 23 10:30:31 sc-miho NetworkManager: Using interface ppp0
Apr 23 10:30:31 sc-miho NetworkManager: Connect: ppp0 <--> /dev/pts/9
Apr 23 10:30:31 sc-miho NetworkManager: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Apr 23 10:30:31 sc-miho pptp[3322]: nm-pptp-service-3313 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
Apr 23 10:30:31 sc-miho pptp[3328]: nm-pptp-service-3313 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
Apr 23 10:30:31 sc-miho pptp[3328]: nm-pptp-service-3313 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
Apr 23 10:30:31 sc-miho pptp[3328]: nm-pptp-service-3313 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
Apr 23 10:30:31 sc-miho NetworkManager[836]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 16)
Apr 23 10:30:31 sc-miho NetworkManager[836]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/15
Apr 23 10:30:31 sc-miho NetworkManager[836]: <info> (ppp0): No existing connection detected.
Apr 23 10:30:32 sc-miho pptp[3328]: nm-pptp-service-3313 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
Apr 23 10:30:32 sc-miho pptp[3328]: nm-pptp-service-3313 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
Apr 23 10:30:32 sc-miho pptp[3328]: nm-pptp-service-3313 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 11820).
Apr 23 10:31:02 sc-miho pppd[3320]: LCP: timeout sending Config-Requests
Apr 23 10:31:02 sc-miho pppd[3320]: Connection terminated.
Apr 23 10:31:02 sc-miho avahi-daemon[843]: Withdrawing workstation service for ppp0.
Apr 23 10:31:02 sc-miho NetworkManager: LCP: timeout sending Config-Requests
Apr 23 10:31:02 sc-miho NetworkManager: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
Apr 23 10:31:02 sc-miho NetworkManager: Connection terminated.
Apr 23 10:31:02 sc-miho NetworkManager[836]: <warn> VPN plugin failed: connect-failed (1)
Apr 23 10:31:02 sc-miho gnome-session: Gjs-Message: JS LOG: Removing a network device that was not added
Apr 23 10:31:03 sc-miho pptp[3322]: nm-pptp-service-3313 warn[decaps_hdlc:pptp_gre.c:220]: short read (-1): Input/output error
Apr 23 10:31:03 sc-miho pptp[3322]: nm-pptp-service-3313 warn[decaps_hdlc:pptp_gre.c:232]: pppd may have shutdown, see pppd log
Apr 23 10:31:03 sc-miho pptp[3328]: nm-pptp-service-3313 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Apr 23 10:31:03 sc-miho pppd[3320]: Modem hangup
Apr 23 10:31:03 sc-miho pptp[3328]: nm-pptp-service-3313 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
Apr 23 10:31:03 sc-miho pptp[3328]: nm-pptp-service-3313 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Apr 23 10:31:03 sc-miho pppd[3320]: Exit.
Apr 23 10:31:03 sc-miho NetworkManager[836]: <warn> VPN plugin failed: connect-failed (1)
Apr 23 10:31:03 sc-miho NetworkManager[836]: <warn> VPN plugin failed: connect-failed (1)
Apr 23 10:31:03 sc-miho NetworkManager[836]: <info> VPN plugin state changed: stopped (6)
Apr 23 10:31:03 sc-miho NetworkManager[836]: <info> VPN plugin state change reason: unknown (0)
Apr 23 10:31:03 sc-miho NetworkManager[836]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Apr 23 10:31:03 sc-miho NetworkManager: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
Apr 23 10:31:03 sc-miho NetworkManager: Modem hangup
Apr 23 10:31:03 sc-miho NetworkManager: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
Apr 23 10:31:03 sc-miho NetworkManager: ** (nm-pptp-service:3313): WARNING **: pppd exited with error code 16
Apr 23 10:31:08 sc-miho NetworkManager[836]: <info> VPN service 'pptp' disappeared

Expected results:

Connected. 

Additional info:

This stopped working several weeks ago and I spent some time checking with the company techies that their end of the connection was working and had not changed.  Interestingly my colleague could still use the VPN from Windows.  I tried connected to the VPN from Windows and this worked with my credentials.  I tried creating new connections but these produced the same results. 

More recently I found this:

https://ask.fedoraproject.org/en/question/62909/cant-connect-to-vpn-on-fedora-21/

and their solution:

firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT
firewall-cmd --reload

Worked on my laptop which uses firewalld, I've since updated the iptables on my desktop in work to include 

-A INPUT -p gre -j ACCEPT

based on this site http://minhtech.com/linux/fedora-linux-16-install-pptp-vpn-server-pptpd/ and this now connects also.  

I've not checked this on a fresh install of Fedora 20 or on any more recent versions so there is a chance this is to do with my installs being upgrades from earlier versions.  However given that the connection on my laptop was one which had worked for a number of years and the one on my desktop was freshly created (where none had existed before) I believe this may be an issue worthy of investigation.

Comment 1 Jirka Klimes 2015-04-23 15:13:55 UTC

There has been an change in kernel and pptp now requires nf_conntrack_pptp module to be loaded.
# sudo modprobe nf_conntrack_pptp

There are more information in bug 1187328.

However, I am considering the option that NM-pptp plugin would load the module automatically.

Comment 2 Jirka Klimes 2015-04-23 15:27:53 UTC

Pushed upstream branch jk/pptp-nf_conntrack_pptp (network-manager-pptp plugin) with the change (loading the module).

Comment 3 Glenn L. Jenkins 2015-04-24 08:15:57 UTC

Confirmed this is the cause of my issue. After loading the module, removing my firewall rule and restarting the VPN now works. 

Many thanks for your prompt response.

Comment 4 Lubomir Rintel 2015-04-27 14:03:42 UTC

(In reply to Jirka Klimes from comment #2)
> Pushed upstream branch jk/pptp-nf_conntrack_pptp (network-manager-pptp
> plugin) with the change (loading the module).

Looks good to me.

Comment 5 Jirka Klimes 2015-04-28 11:46:36 UTC

The patch was pushed to network-manager-pptp master upstream:
695d4f2 service: try to load nf_conntrack_pptp kernel module (rh #1214643)

Comment 6 Fedora Update System 2015-04-28 12:57:23 UTC

NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc22

Comment 7 Bas Mevissen 2015-04-28 14:44:28 UTC

Can this patch please be made available to F20 and F21 too?

Thanks,

Bas.

Comment 8 Bas Mevissen 2015-04-28 14:50:22 UTC

I can confirm that the F22 build I grabbed from koji works fine for me in F21. The two packages upgraded without complaints. When starting the VPN in NM, the module got loaded and the VPN was setup properly.

Comment 9 Bas Mevissen 2015-04-28 14:53:37 UTC

Sorry for the noise. One question can up: is there a reason why the nf_conntrack_pptp kmod is not unloaded after the VPN is stopped? One can check for it not being used and then unload it.

Comment 10 Fedora Update System 2015-04-28 16:09:11 UTC

NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21

Comment 11 Bas Mevissen 2015-04-28 22:25:43 UTC

Seems fine on FC21, karma added.

Comment 12 Fedora Update System 2015-04-29 12:59:57 UTC

Package NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc22:
* should fix your issue,
* was pushed to the Fedora 22 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc22'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-7100/NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc22
then log in and leave karma (feedback).

Comment 13 Glenn L. Jenkins 2015-04-29 20:47:27 UTC

Could someone create a version for F20, I'd have a look myself but I don't really know where to start. 

Thanks,
Glenn

Comment 14 Bas Mevissen 2015-04-30 09:42:11 UTC

Get the file https://kojipkgs.fedoraproject.org//packages/NetworkManager-pptp/1.1.0/1.20150428git695d4f2.fc21/src/NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21.src.rpm and rebuild it for yourself:

As normal user (not root!) perform the following steps:

$ sudo yum install yum-utils rpmbuild
$ cd ~/Downloads # for example
$ wget https://kojipkgs.fedoraproject.org//packages/NetworkManager-pptp/1.1.0/1.20150428git695d4f2.fc21/src/NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21.src.rpm
$ sudo yum-builddep NetworkManager-pptp
$ rpmbuild --rebuild NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21.src.rpm
$ sudo rpm -Uhv ~/rpmbuild/RPMS/*/NetworkManager-pptp-gnome-1.1.0-1.20150428git695d4f2.fc21.*.rpm ~/rpmbuild/RPMS/*/NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21.*.rpm

Note that strictly speaking, the yum-builddep utility will install the build deps from the latest version of the package in the repository. Usually, that is sufficient to build the package you got from an unreleased build. Otherwise, you have to manually install the build dependencies manually. Notice that build dependencies are different from the dependencies to install the package.

Hope this helps.

Comment 15 Zirneklitis 2015-05-01 01:35:29 UTC

The update works for Fedora 20 as well. You have to update some more packages to succeed. First of all You have to build following packages:

libnl3-3.2.25-5.fc21
http://koji.fedoraproject.org/koji/buildinfo?buildID=598009

NetworkManager-0.9.10.2-2.fc21
http://koji.fedoraproject.org/koji/buildinfo?buildID=620708

network-manager-applet-0.9.10.2-1.fc21
http://koji.fedoraproject.org/koji/buildinfo?buildID=617947

And at last:

NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21
http://koji.fedoraproject.org/koji/buildinfo?buildID=631407

The updates for Fedora 20 repository will be welcomed!!!

I have put-up for myself a repository. It's a bit messy, but you can find binaries in 
http://priede.bf.lu.lv/ftp/Linux/Fedora/repo/20/i386/os/packages/
http://priede.bf.lu.lv/ftp/Linux/Fedora/repo/20/x86_64/os/packages/

or use

http://priede.bf.lu.lv/ftp/Linux/Fedora/bf.lu.lv-repository-1.0-K01.noarch.rpm

Comment 16 Glenn L. Jenkins 2015-05-01 07:35:34 UTC

Well done Zirneklitis!  I worked my way back to NetworkManager last night, but didn't have time to go any further.  I'll have another go this evening and report back, I'd like to go through this for myself so I can help out in the future.

Comment 17 Fedora Update System 2015-05-01 16:44:31 UTC

NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2015-05-14 11:13:20 UTC

NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.