Bug 1238840 – libreswan vpn is not working

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1238840 - libreswan vpn is not working

Summary:	libreswan vpn is not working

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	NetworkManager (Show other bugs)
Sub Component:
Version:	7.2
Hardware:	Unspecified Unspecified

Priority	high Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Lubomir Rintel
QA Contact:	Desktop QE
Docs Contact:

URL:
Whiteboard:
Keywords:	Regression

Depends On:
Blocks:	1246125 1259988
	Show dependency tree / graph

Reported:	2015-07-02 15:02 EDT by Vladimir Benes
Modified:	2015-11-19 05:56 EST (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-11-19 05:56:53 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
log (43.23 KB, text/x-vhdl) 2015-07-03 03:55 EDT, Vladimir Benes	no flags	Details
log from older version that's working well (24.98 KB, text/x-vhdl) 2015-07-03 06:02 EDT, Vladimir Benes	no flags	Details
log with new NM and wireless only (57.47 KB, text/x-vhdl) 2015-07-03 09:57 EDT, Vladimir Benes	no flags	Details
vpn-connection: fix unsetting the gateway (1.20 KB, text/plain) 2015-09-03 05:33 EDT, Lubomir Rintel	no flags	Details
device: don't reset NM_UNMANAGED_DEFAULT when platform doesn't override this (1.54 KB, text/plain) 2015-09-03 05:34 EDT, Lubomir Rintel	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:2315	normal	SHIPPED_LIVE	Moderate: NetworkManager security, bug fix, and enhancement update	2015-11-19 05:06:58 EST

Groups: None (edit)

Description Vladimir Benes 2015-07-02 15:02:41 EDT

Description of problem:
after updating to 1.0.3 libreswan stopped working. It's connected but it says 
[vbenes@trautenberg ~]$ ping 8.8.8.8
connect: Network is unreachable

Version-Release number of selected component (if applicable):
NetworkManager-libreswan-0.9.8.0-5.el7.x86_64
NetworkManager-1.0.3-1.git20160624.f245b49a.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1.connect to libreswan vpn (profile has option to use connection just for resources on the network)
2.ping some network in vpn
3.ping some network outside of vpn

Actual results:
no luck 

Expected results:
both should work

Additional info:

Comment 1 Vladimir Benes 2015-07-03 03:55:15 EDT

Created attachment 1045763 [details]
log

I was connected to wired and wireless and connected to libreswan, at the end there is a disconnect

Comment 2 Vladimir Benes 2015-07-03 06:02:05 EDT

Created attachment 1045818 [details]
log from older version that's working well

I was connected on wireless network and connected to vpn that was actually working

Comment 3 Jirka Klimes 2015-07-03 08:41:34 EDT

I would say the problem is that you can't connect to VPN while you are on Red Hat wired network. You have to be on external network or Wi-Fi. Please try again with Wi-Fi only.

 ERROR: asynchronous network error report on enp0s25 (sport=4500) for message to 209.132.186.252 port 4500, complainant 10.34.131.192: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]

Comment 4 Vladimir Benes 2015-07-03 09:56:00 EDT

no this is not true, it happened to me at home w/o wired network. I've connected to wireless only here and log is attached

Comment 5 Vladimir Benes 2015-07-03 09:57:13 EDT

Created attachment 1045871 [details]
log with new NM and wireless only

I am correctly connected (gnome shell's icon says that) but network is unavailable and it's crippled even after disconnect so I had to off/on wireless to get it back working

Comment 6 Thomas Haller 2015-07-14 11:56:44 EDT

Fixed on master:

http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=361b3456bac90971d3a6447e2e2c60557f61afd8
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=5cc2eabe5d24c8d9fe30aa675d48c7fa121d7c93

and relevant bits are backported to nm-1-0 branch too.


Should be fixed with the next build.

Comment 8 Lubomir Rintel 2015-08-29 08:53:09 EDT

Not really fixed.

Comment 10 Lubomir Rintel 2015-09-03 05:33:43 EDT

Created attachment 1069715 [details]
vpn-connection: fix unsetting the gateway

Comment 11 Lubomir Rintel 2015-09-03 05:34:13 EDT

Created attachment 1069716 [details]
device: don't reset NM_UNMANAGED_DEFAULT when platform doesn't override this

Comment 12 Thomas Haller 2015-09-08 06:10:29 EDT

(In reply to Lubomir Rintel from comment #10)
> Created attachment 1069715 [details]
> vpn-connection: fix unsetting the gateway

LGTM

(In reply to Lubomir Rintel from comment #11)
> Created attachment 1069716 [details]
> device: don't reset NM_UNMANAGED_DEFAULT when platform doesn't override this

LGTM

Comment 14 Vladimir Benes 2015-09-08 15:53:14 EDT

Verified on:
NetworkManager-libreswan-1.0.6-1.el7.x86_64
NetworkManager-1.0.6-3.el7.x86_64

Comment 15 errata-xmlrpc 2015-11-19 05:56:53 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2315.html

Note You need to log in before you can comment on or make changes to this bug.