Bug 1248866 - NetworkManager-openvpn stopped working after F21->F22 upgrade
NetworkManager-openvpn stopped working after F21->F22 upgrade
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: NetworkManager-openvpn (Show other bugs)
22
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Lubomir Rintel
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-31 00:46 EDT by Andy Lutomirski
Modified: 2016-07-19 13:17 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-19 13:17:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andy Lutomirski 2015-07-31 00:46:22 EDT
My configuration used to work perfectly, and now it seems to fail to connect for no obvious reason almost every time.  The failures started when I upgraded to F22.

Partially redacted logs below:

Jul 30 21:40:02 hostname NetworkManager[924]: <info>  Starting VPN service 'openvpn'...
Jul 30 21:40:02 hostname NetworkManager[924]: <info>  VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 2754
Jul 30 21:40:02 hostname NetworkManager[924]: <info>  VPN service 'openvpn' appeared; activating connections
Jul 30 21:40:02 hostname NetworkManager[924]: <info>  VPN plugin state changed: init (1)
Jul 30 21:40:02 hostname NetworkManager[924]: <info>  VPN plugin state changed: starting (3)
Jul 30 21:40:02 hostname NetworkManager[924]: nm-openvpn-Message: openvpn started with pid 2757
Jul 30 21:40:02 hostname NetworkManager[924]: <info>  VPN connection 'XYZ' (ConnectInteractive) reply received.
Jul 30 21:40:02 hostname nm-openvpn[2757]: OpenVPN 2.3.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun  9 2015
Jul 30 21:40:02 hostname nm-openvpn[2757]: library versions: OpenSSL 1.0.1k-fips 8 Jan 2015, LZO 2.08
Jul 30 21:40:02 hostname nm-openvpn[2757]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 30 21:40:02 hostname nm-openvpn[2757]: Control Channel Authentication: using '/home/luto/.cert/amavpn/tlsauth' as a OpenVPN static key file
Jul 30 21:40:02 hostname nm-openvpn[2757]: UDPv4 link local: [undef]
Jul 30 21:40:02 hostname nm-openvpn[2757]: UDPv4 link remote: [AF_INET]50.76.60.73:1194
Jul 30 21:40:03 hostname nm-openvpn[2757]: [hermes] Peer Connection Initiated with [AF_INET]50.76.60.73:1194
Jul 30 21:40:04 hostname audit[1]: <audit-1131> pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 30 21:40:04 hostname kernel: audit: type=1131 audit(1438317604.246:198): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 30 21:40:05 hostname nm-openvpn[2757]: TUN/TAP device tun0 opened
Jul 30 21:40:05 hostname NetworkManager[924]: <info>  (tun0): carrier is OFF
Jul 30 21:40:05 hostname nm-openvpn[2757]: /usr/libexec/nm-openvpn-service-openvpn-helper --tun -- tun0 1500 1558 192.168.133.2 255.255.255.0 init
Jul 30 21:40:05 hostname NetworkManager[924]: <info>  (tun0): new Tun device (driver: 'unknown' ifindex: 7)
Jul 30 21:40:05 hostname NetworkManager[924]: <info>  (tun0): exported as /org/freedesktop/NetworkManager/Devices/6
Jul 30 21:40:05 hostname NetworkManager[924]: <info>  VPN connection 'XYZ' (IP Config Get) reply received.
Jul 30 21:40:05 hostname NetworkManager[924]: <info>  VPN connection 'XYZ' (IP4 Config Get) reply received.
Jul 30 21:40:05 hostname NetworkManager[924]: <info>  VPN Gateway: A.B.C.D
Jul 30 21:40:05 hostname NetworkManager[924]: <info>  Tunnel Device: tun0
Jul 30 21:40:05 hostname NetworkManager[924]: <info>  IPv4 configuration:
Jul 30 21:40:05 hostname NetworkManager[924]: <info>    Internal Address: 192.168.133.2
Jul 30 21:40:05 hostname NetworkManager[924]: <info>    Internal Prefix: 24
Jul 30 21:40:05 hostname NetworkManager[924]: <info>    Internal Point-to-Point Address: 0.0.0.0
Jul 30 21:40:05 hostname NetworkManager[924]: <info>    Maximum Segment Size (MSS): 0
Jul 30 21:40:05 hostname NetworkManager[924]: <info>    Static Route: 192.168.133.0/24   Next Hop: 192.168.133.1
Jul 30 21:40:05 hostname NetworkManager[924]: <info>    Static Route: 192.168.132.0/24   Next Hop: 192.168.133.1
Jul 30 21:40:05 hostname NetworkManager[924]: <info>    Static Route: E.F.G.H/I   Next Hop: 192.168.133.1
Jul 30 21:40:05 hostname NetworkManager[924]: <info>    Forbid Default Route: yes
Jul 30 21:40:05 hostname nm-openvpn[2757]: Initialization Sequence Completed
Jul 30 21:40:05 hostname NetworkManager[924]: <info>    DNS Domain: '(none)'
Jul 30 21:40:05 hostname NetworkManager[924]: <info>  No IPv6 configuration
Jul 30 21:40:05 hostname NetworkManager[924]: <info>  (tun0): link connected
Jul 30 21:40:05 hostname NetworkManager[924]: <error> [1438317605.852304] [platform/nm-linux-platform.c:1790] add_object(): Netlink error adding 192.168.132.0/24 via 192.168.133.1 dev tun0 metric 50 mss 0 src user: Unspecific failure
Jul 30 21:40:05 hostname NetworkManager[924]: <error> [1438317605.852372] [platform/nm-linux-platform.c:1790] add_object(): Netlink error adding E.F.G.H/24 via 192.168.133.1 dev tun0 metric 50 mss 0 src user: Unspecific failure
Jul 30 21:40:05 hostname NetworkManager[924]: <warn>  VPN connection 'XYZ' did not receive valid IP config information.
Jul 30 21:40:05 hostname /usr/libexec/gdm-wayland-session[1278]: Activating service name='ca.desrt.dconf'
Jul 30 21:40:05 hostname NetworkManager[924]: nm-openvpn-Message: Terminated openvpn daemon with PID 2757.
Jul 30 21:40:05 hostname /usr/libexec/gdm-x-session[1649]: Activating service name='ca.desrt.dconf'
Jul 30 21:40:05 hostname /usr/libexec/gdm-wayland-session[1278]: Successfully activated service 'ca.desrt.dconf'
Jul 30 21:40:05 hostname NetworkManager[924]: <error> [1438317605.878114] [platform/nm-linux-platform.c:2357] link_change(): Netlink error changing link 7:  <DOWN> mtu 0 (1) driver 'unknown' udi '/sys/devices/virtual/net/tun0': No such device
Jul 30 21:40:05 hostname NetworkManager[924]: <error> [1438317605.878590] [platform/nm-linux-platform.c:1861] delete_object(): Netlink error deleting 192.168.133.2/24 lft forever pref forever lifetime 50-0[4294967295,4294967295] dev tun0 src kernel: No such device (-31)
Jul 30 21:40:05 hostname nm-openvpn[2757]: SIGTERM[hard,] received, process exiting



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Fedora Admin XMLRPC Client 2015-10-14 10:48:21 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 2 Andy Lutomirski 2015-10-14 12:44:41 EDT
FWIW, I've tracked this down.  It's this:

[platform/nm-linux-platform.c:1790] add_object(): Netlink error adding E.F.G.H/24 via 192.168.133.1 dev tun0 metric 50 mss 0 src user: Unspecific failure

I was pushing a bad route from the server.  The command-line openvpn client logs the error and carries on.  NetworkManager-openvpn detects the error and, with no usable feedback as to what error was considered fatal, kills the VPN.
Comment 3 Fedora End Of Life 2016-07-19 13:17:17 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.