Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1271973 - no more vpn dialog after previous canceling
no more vpn dialog after previous canceling
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager-libreswan (Show other bugs)
7.2
Unspecified Unspecified
high Severity high
: rc
: 7.2
Assigned To: Lubomir Rintel
Desktop QE
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-15 04:14 EDT by Vladimir Benes
Modified: 2015-11-19 06:06 EST (History)
3 users (show)

See Also:
Fixed In Version: NetworkManager-libreswan-1.0.6-3.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-19 06:06:21 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
NetworkManager's log (11.95 KB, text/plain)
2015-10-15 04:15 EDT, Vladimir Benes 		no flags Details
[nm-libreswan 1/3] Early fail race fix (1.53 KB, text/plain)
2015-10-21 11:28 EDT, Lubomir Rintel 		no flags Details
full log (24.03 KB, text/plain)
2015-10-22 04:03 EDT, Vladimir Benes 		no flags Details
[nm-libreswan 2/3] Fix for 100% cpu load on disconnect (2.20 KB, text/plain)
2015-10-22 08:38 EDT, Lubomir Rintel 		no flags Details
[nm-libreswan 3/3] Fix reconnecting after a failure (3.00 KB, text/plain)
2015-10-22 08:41 EDT, Lubomir Rintel 		no flags Details
[nm] Avoid disconnecting connection following an unsuccessful connection attempt (854 bytes, text/plain)
2015-10-22 08:42 EDT, Lubomir Rintel 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2315 normal SHIPPED_LIVE Moderate: NetworkManager security, bug fix, and enhancement update 2015-11-19 05:06:58 EST

  None (edit)
Description Vladimir Benes 2015-10-15 04:14:15 EDT 
Description of problem:
Canceling gnome's dialog after entering wrong password and leads to an inconsistent libreswan vpn state. I can then connect w/o entering any credentials seeing an lock icon for a short period in GS but it disappears again in a while. I am not connected anytime. 
 
Version-Release number of selected component (if applicable):
NetworkManager-1.0.6-21.el7.x86_64
gnome-shell-3.14.4-36.el7.x86_64
NetworkManager-libreswan-1.0.6-1.el7.x86_64
libreswan-3.12-10.1.el7_1.x86_64


How reproducible:
always

Steps to Reproduce:
1.start vpn connection
2.enter incorrect password 
3.cancel dialog when re-questioned
4.try to connect once more

Actual results:
no more dialog

Expected results:
should have dialog again

Additional info:
Comment 1 Vladimir Benes 2015-10-15 04:15 EDT 
Created attachment 1083164 [details]
NetworkManager's log
Comment 2 Lubomir Rintel 2015-10-20 14:06:34 EDT 
I can't reproduce this one. Seems like the nm-libreswan-service is stuck somehow and doesn't respond.

I'm wondering if you could check if it's really running and check what blocks it (attach gdb and get a traceback or maybe just strace it to see if it is caught in a loop)?
Comment 3 Vladimir Benes 2015-10-21 06:22:48 EDT 
(In reply to Lubomir Rintel from comment #2)
> I can't reproduce this one. Seems like the nm-libreswan-service is stuck
> somehow and doesn't respond.
> 
We've reproduced together. You just need to connect, write in incorrect password and then when second dialog appears press cancel button.

> I'm wondering if you could check if it's really running and check what
> blocks it (attach gdb and get a traceback or maybe just strace it to see if
> it is caught in a loop)?
Comment 4 Lubomir Rintel 2015-10-21 11:28 EDT 
Created attachment 1085201 [details]
[nm-libreswan 1/3] Early fail race fix

Brew build: https://brewweb.devel.redhat.com/taskinfo?taskID=9991436
Comment 5 Vladimir Benes 2015-10-22 04:02:44 EDT 
Lubo,
it's slightly better as I can see another dialog after unsuccessful connection but that dialog doesn't work anymore with these errors:
 
Oct 22 09:52:08 trautenberg NetworkManager[927]: <info>  VPN plugin state changed: starting (3)
Oct 22 09:52:08 trautenberg NetworkManager[927]: <info>  VPN connection 'redhat' (ConnectInteractive) reply received.
Oct 22 09:52:08 trautenberg NetworkManager[927]: <warn>  VPN connection 'redhat' failed to connect interactively: 'Already connecting!'.
Oct 22 09:52:08 trautenberg NetworkManager[927]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.
Oct 22 09:52:14 trautenberg NetworkManager[927]: <info>  VPN plugin state changed: starting (3)
Oct 22 09:52:14 trautenberg NetworkManager[927]: <info>  VPN connection 'redhat' (ConnectInteractive) reply received.
Oct 22 09:52:14 trautenberg NetworkManager[927]: <warn>  VPN connection 'redhat' failed to connect interactively: 'Already connecting!'.
Oct 22 09:52:14 trautenberg NetworkManager[927]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.

whole log attached (3 incorrect attempts + new opening and 2 immediate failures)
Comment 6 Vladimir Benes 2015-10-22 04:03 EDT 
Created attachment 1085437 [details]
full log
Comment 7 Vladimir Benes 2015-10-22 04:34:40 EDT 
and whatmore it's eating a lot of CPU:
  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                                                                              
 3554 root      20   0  262752   3804   3012 R 100.0  0.0   0:56.65 nm-libreswan-se

it sits there for 3 minutes and then goes away. I can reconnect after it's gone.
Comment 8 Lubomir Rintel 2015-10-22 08:38 EDT 
Created attachment 1085489 [details]
[nm-libreswan 2/3] Fix for 100% cpu load on disconnect
Comment 9 Lubomir Rintel 2015-10-22 08:41 EDT 
Created attachment 1085491 [details]
[nm-libreswan 3/3] Fix reconnecting after a failure
Comment 10 Lubomir Rintel 2015-10-22 08:42 EDT 
Created attachment 1085494 [details]
[nm] Avoid disconnecting connection following an unsuccessful connection attempt
Comment 12 Thomas Haller 2015-10-23 10:12:56 EDT 
All patches LGTM. Didn't test though.
Comment 13 Lubomir Rintel 2015-10-23 12:38:47 EDT 
nm-1-0:

26094b7 service: always tear down the connection on helper failure
f516f6b service: watch for pty master hangups
636b2a5 service: don't delete connection while it's being upped

master:

50fc66b service: always tear down the connection on helper failure
984035d service: watch for pty master hangups
f58fde3 service: don't delete connection while it's being upped
Comment 17 Vladimir Benes 2015-10-29 10:52:21 EDT 
this works well with current libreswan and NM package.
Comment 18 errata-xmlrpc 2015-11-19 06:06:21 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2315.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.