Bug 1271973 - no more vpn dialog after previous canceling
no more vpn dialog after previous canceling
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager-libreswan (Show other bugs)
7.2
Unspecified Unspecified
high Severity high
: rc
: 7.2
Assigned To: Lubomir Rintel
Desktop QE
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-15 04:14 EDT by Vladimir Benes
Modified: 2015-11-19 06:06 EST (History)
3 users (show)

See Also:
Fixed In Version: NetworkManager-libreswan-1.0.6-3.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-19 06:06:21 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
NetworkManager's log (11.95 KB, text/plain)
2015-10-15 04:15 EDT, Vladimir Benes
no flags Details
[nm-libreswan 1/3] Early fail race fix (1.53 KB, text/plain)
2015-10-21 11:28 EDT, Lubomir Rintel
no flags Details
full log (24.03 KB, text/plain)
2015-10-22 04:03 EDT, Vladimir Benes
no flags Details
[nm-libreswan 2/3] Fix for 100% cpu load on disconnect (2.20 KB, text/plain)
2015-10-22 08:38 EDT, Lubomir Rintel
no flags Details
[nm-libreswan 3/3] Fix reconnecting after a failure (3.00 KB, text/plain)
2015-10-22 08:41 EDT, Lubomir Rintel
no flags Details
[nm] Avoid disconnecting connection following an unsuccessful connection attempt (854 bytes, text/plain)
2015-10-22 08:42 EDT, Lubomir Rintel
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2315 normal SHIPPED_LIVE Moderate: NetworkManager security, bug fix, and enhancement update 2015-11-19 05:06:58 EST

  None (edit)
Description Vladimir Benes 2015-10-15 04:14:15 EDT
Description of problem:
Canceling gnome's dialog after entering wrong password and leads to an inconsistent libreswan vpn state. I can then connect w/o entering any credentials seeing an lock icon for a short period in GS but it disappears again in a while. I am not connected anytime. 
 
Version-Release number of selected component (if applicable):
NetworkManager-1.0.6-21.el7.x86_64
gnome-shell-3.14.4-36.el7.x86_64
NetworkManager-libreswan-1.0.6-1.el7.x86_64
libreswan-3.12-10.1.el7_1.x86_64


How reproducible:
always

Steps to Reproduce:
1.start vpn connection
2.enter incorrect password 
3.cancel dialog when re-questioned
4.try to connect once more

Actual results:
no more dialog

Expected results:
should have dialog again

Additional info:
Comment 1 Vladimir Benes 2015-10-15 04:15 EDT
Created attachment 1083164 [details]
NetworkManager's log
Comment 2 Lubomir Rintel 2015-10-20 14:06:34 EDT
I can't reproduce this one. Seems like the nm-libreswan-service is stuck somehow and doesn't respond.

I'm wondering if you could check if it's really running and check what blocks it (attach gdb and get a traceback or maybe just strace it to see if it is caught in a loop)?
Comment 3 Vladimir Benes 2015-10-21 06:22:48 EDT
(In reply to Lubomir Rintel from comment #2)
> I can't reproduce this one. Seems like the nm-libreswan-service is stuck
> somehow and doesn't respond.
> 
We've reproduced together. You just need to connect, write in incorrect password and then when second dialog appears press cancel button.

> I'm wondering if you could check if it's really running and check what
> blocks it (attach gdb and get a traceback or maybe just strace it to see if
> it is caught in a loop)?
Comment 4 Lubomir Rintel 2015-10-21 11:28 EDT
Created attachment 1085201 [details]
[nm-libreswan 1/3] Early fail race fix

Brew build: https://brewweb.devel.redhat.com/taskinfo?taskID=9991436
Comment 5 Vladimir Benes 2015-10-22 04:02:44 EDT
Lubo,
it's slightly better as I can see another dialog after unsuccessful connection but that dialog doesn't work anymore with these errors:
 
Oct 22 09:52:08 trautenberg NetworkManager[927]: <info>  VPN plugin state changed: starting (3)
Oct 22 09:52:08 trautenberg NetworkManager[927]: <info>  VPN connection 'redhat' (ConnectInteractive) reply received.
Oct 22 09:52:08 trautenberg NetworkManager[927]: <warn>  VPN connection 'redhat' failed to connect interactively: 'Already connecting!'.
Oct 22 09:52:08 trautenberg NetworkManager[927]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.
Oct 22 09:52:14 trautenberg NetworkManager[927]: <info>  VPN plugin state changed: starting (3)
Oct 22 09:52:14 trautenberg NetworkManager[927]: <info>  VPN connection 'redhat' (ConnectInteractive) reply received.
Oct 22 09:52:14 trautenberg NetworkManager[927]: <warn>  VPN connection 'redhat' failed to connect interactively: 'Already connecting!'.
Oct 22 09:52:14 trautenberg NetworkManager[927]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.

whole log attached (3 incorrect attempts + new opening and 2 immediate failures)
Comment 6 Vladimir Benes 2015-10-22 04:03 EDT
Created attachment 1085437 [details]
full log
Comment 7 Vladimir Benes 2015-10-22 04:34:40 EDT
and whatmore it's eating a lot of CPU:
  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                                                                              
 3554 root      20   0  262752   3804   3012 R 100.0  0.0   0:56.65 nm-libreswan-se

it sits there for 3 minutes and then goes away. I can reconnect after it's gone.
Comment 8 Lubomir Rintel 2015-10-22 08:38 EDT
Created attachment 1085489 [details]
[nm-libreswan 2/3] Fix for 100% cpu load on disconnect
Comment 9 Lubomir Rintel 2015-10-22 08:41 EDT
Created attachment 1085491 [details]
[nm-libreswan 3/3] Fix reconnecting after a failure
Comment 10 Lubomir Rintel 2015-10-22 08:42 EDT
Created attachment 1085494 [details]
[nm] Avoid disconnecting connection following an unsuccessful connection attempt
Comment 12 Thomas Haller 2015-10-23 10:12:56 EDT
All patches LGTM. Didn't test though.
Comment 13 Lubomir Rintel 2015-10-23 12:38:47 EDT
nm-1-0:

26094b7 service: always tear down the connection on helper failure
f516f6b service: watch for pty master hangups
636b2a5 service: don't delete connection while it's being upped

master:

50fc66b service: always tear down the connection on helper failure
984035d service: watch for pty master hangups
f58fde3 service: don't delete connection while it's being upped
Comment 17 Vladimir Benes 2015-10-29 10:52:21 EDT
this works well with current libreswan and NM package.
Comment 18 errata-xmlrpc 2015-11-19 06:06:21 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2315.html

Note You need to log in before you can comment on or make changes to this bug.