Bug 1238840 - libreswan vpn is not working
Summary: libreswan vpn is not working
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager
Version: 7.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Lubomir Rintel
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: 1246125 1259988
TreeView+ depends on / blocked
 
Reported: 2015-07-02 19:02 UTC by Vladimir Benes
Modified: 2015-11-19 10:56 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 10:56:53 UTC
Target Upstream Version:


Attachments (Terms of Use)
log (43.23 KB, text/x-vhdl)
2015-07-03 07:55 UTC, Vladimir Benes
no flags Details
log from older version that's working well (24.98 KB, text/x-vhdl)
2015-07-03 10:02 UTC, Vladimir Benes
no flags Details
log with new NM and wireless only (57.47 KB, text/x-vhdl)
2015-07-03 13:57 UTC, Vladimir Benes
no flags Details
vpn-connection: fix unsetting the gateway (1.20 KB, text/plain)
2015-09-03 09:33 UTC, Lubomir Rintel
no flags Details
device: don't reset NM_UNMANAGED_DEFAULT when platform doesn't override this (1.54 KB, text/plain)
2015-09-03 09:34 UTC, Lubomir Rintel
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2315 normal SHIPPED_LIVE Moderate: NetworkManager security, bug fix, and enhancement update 2015-11-19 10:06:58 UTC

Description Vladimir Benes 2015-07-02 19:02:41 UTC
Description of problem:
after updating to 1.0.3 libreswan stopped working. It's connected but it says 
[vbenes@trautenberg ~]$ ping 8.8.8.8
connect: Network is unreachable

Version-Release number of selected component (if applicable):
NetworkManager-libreswan-0.9.8.0-5.el7.x86_64
NetworkManager-1.0.3-1.git20160624.f245b49a.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1.connect to libreswan vpn (profile has option to use connection just for resources on the network)
2.ping some network in vpn
3.ping some network outside of vpn

Actual results:
no luck 

Expected results:
both should work

Additional info:

Comment 1 Vladimir Benes 2015-07-03 07:55:15 UTC
Created attachment 1045763 [details]
log

I was connected to wired and wireless and connected to libreswan, at the end there is a disconnect

Comment 2 Vladimir Benes 2015-07-03 10:02:05 UTC
Created attachment 1045818 [details]
log from older version that's working well

I was connected on wireless network and connected to vpn that was actually working

Comment 3 Jirka Klimes 2015-07-03 12:41:34 UTC
I would say the problem is that you can't connect to VPN while you are on Red Hat wired network. You have to be on external network or Wi-Fi. Please try again with Wi-Fi only.

 ERROR: asynchronous network error report on enp0s25 (sport=4500) for message to 209.132.186.252 port 4500, complainant 10.34.131.192: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]

Comment 4 Vladimir Benes 2015-07-03 13:56:00 UTC
no this is not true, it happened to me at home w/o wired network. I've connected to wireless only here and log is attached

Comment 5 Vladimir Benes 2015-07-03 13:57:13 UTC
Created attachment 1045871 [details]
log with new NM and wireless only

I am correctly connected (gnome shell's icon says that) but network is unavailable and it's crippled even after disconnect so I had to off/on wireless to get it back working

Comment 8 Lubomir Rintel 2015-08-29 12:53:09 UTC
Not really fixed.

Comment 10 Lubomir Rintel 2015-09-03 09:33:43 UTC
Created attachment 1069715 [details]
vpn-connection: fix unsetting the gateway

Comment 11 Lubomir Rintel 2015-09-03 09:34:13 UTC
Created attachment 1069716 [details]
device: don't reset NM_UNMANAGED_DEFAULT when platform doesn't override this

Comment 12 Thomas Haller 2015-09-08 10:10:29 UTC
(In reply to Lubomir Rintel from comment #10)
> Created attachment 1069715 [details]
> vpn-connection: fix unsetting the gateway

LGTM

(In reply to Lubomir Rintel from comment #11)
> Created attachment 1069716 [details]
> device: don't reset NM_UNMANAGED_DEFAULT when platform doesn't override this

LGTM

Comment 14 Vladimir Benes 2015-09-08 19:53:14 UTC
Verified on:
NetworkManager-libreswan-1.0.6-1.el7.x86_64
NetworkManager-1.0.6-3.el7.x86_64

Comment 15 errata-xmlrpc 2015-11-19 10:56:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2315.html


Note You need to log in before you can comment on or make changes to this bug.