Bug 1271973 - no more vpn dialog after previous canceling
Summary: no more vpn dialog after previous canceling
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager-libreswan
Version: 7.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 7.2
Assignee: Lubomir Rintel
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-10-15 08:14 UTC by Vladimir Benes
Modified: 2015-11-19 11:06 UTC (History)
3 users (show)

Fixed In Version: NetworkManager-libreswan-1.0.6-3.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 11:06:21 UTC
Target Upstream Version:


Attachments (Terms of Use)
NetworkManager's log (11.95 KB, text/plain)
2015-10-15 08:15 UTC, Vladimir Benes
no flags Details
[nm-libreswan 1/3] Early fail race fix (1.53 KB, text/plain)
2015-10-21 15:28 UTC, Lubomir Rintel
no flags Details
full log (24.03 KB, text/plain)
2015-10-22 08:03 UTC, Vladimir Benes
no flags Details
[nm-libreswan 2/3] Fix for 100% cpu load on disconnect (2.20 KB, text/plain)
2015-10-22 12:38 UTC, Lubomir Rintel
no flags Details
[nm-libreswan 3/3] Fix reconnecting after a failure (3.00 KB, text/plain)
2015-10-22 12:41 UTC, Lubomir Rintel
no flags Details
[nm] Avoid disconnecting connection following an unsuccessful connection attempt (854 bytes, text/plain)
2015-10-22 12:42 UTC, Lubomir Rintel
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2315 normal SHIPPED_LIVE Moderate: NetworkManager security, bug fix, and enhancement update 2015-11-19 10:06:58 UTC

Description Vladimir Benes 2015-10-15 08:14:15 UTC
Description of problem:
Canceling gnome's dialog after entering wrong password and leads to an inconsistent libreswan vpn state. I can then connect w/o entering any credentials seeing an lock icon for a short period in GS but it disappears again in a while. I am not connected anytime. 
 
Version-Release number of selected component (if applicable):
NetworkManager-1.0.6-21.el7.x86_64
gnome-shell-3.14.4-36.el7.x86_64
NetworkManager-libreswan-1.0.6-1.el7.x86_64
libreswan-3.12-10.1.el7_1.x86_64


How reproducible:
always

Steps to Reproduce:
1.start vpn connection
2.enter incorrect password 
3.cancel dialog when re-questioned
4.try to connect once more

Actual results:
no more dialog

Expected results:
should have dialog again

Additional info:

Comment 1 Vladimir Benes 2015-10-15 08:15:26 UTC
Created attachment 1083164 [details]
NetworkManager's log

Comment 2 Lubomir Rintel 2015-10-20 18:06:34 UTC
I can't reproduce this one. Seems like the nm-libreswan-service is stuck somehow and doesn't respond.

I'm wondering if you could check if it's really running and check what blocks it (attach gdb and get a traceback or maybe just strace it to see if it is caught in a loop)?

Comment 3 Vladimir Benes 2015-10-21 10:22:48 UTC
(In reply to Lubomir Rintel from comment #2)
> I can't reproduce this one. Seems like the nm-libreswan-service is stuck
> somehow and doesn't respond.
> 
We've reproduced together. You just need to connect, write in incorrect password and then when second dialog appears press cancel button.

> I'm wondering if you could check if it's really running and check what
> blocks it (attach gdb and get a traceback or maybe just strace it to see if
> it is caught in a loop)?

Comment 4 Lubomir Rintel 2015-10-21 15:28:40 UTC
Created attachment 1085201 [details]
[nm-libreswan 1/3] Early fail race fix

Brew build: https://brewweb.devel.redhat.com/taskinfo?taskID=9991436

Comment 5 Vladimir Benes 2015-10-22 08:02:44 UTC
Lubo,
it's slightly better as I can see another dialog after unsuccessful connection but that dialog doesn't work anymore with these errors:
 
Oct 22 09:52:08 trautenberg NetworkManager[927]: <info>  VPN plugin state changed: starting (3)
Oct 22 09:52:08 trautenberg NetworkManager[927]: <info>  VPN connection 'redhat' (ConnectInteractive) reply received.
Oct 22 09:52:08 trautenberg NetworkManager[927]: <warn>  VPN connection 'redhat' failed to connect interactively: 'Already connecting!'.
Oct 22 09:52:08 trautenberg NetworkManager[927]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.
Oct 22 09:52:14 trautenberg NetworkManager[927]: <info>  VPN plugin state changed: starting (3)
Oct 22 09:52:14 trautenberg NetworkManager[927]: <info>  VPN connection 'redhat' (ConnectInteractive) reply received.
Oct 22 09:52:14 trautenberg NetworkManager[927]: <warn>  VPN connection 'redhat' failed to connect interactively: 'Already connecting!'.
Oct 22 09:52:14 trautenberg NetworkManager[927]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.

whole log attached (3 incorrect attempts + new opening and 2 immediate failures)

Comment 6 Vladimir Benes 2015-10-22 08:03:34 UTC
Created attachment 1085437 [details]
full log

Comment 7 Vladimir Benes 2015-10-22 08:34:40 UTC
and whatmore it's eating a lot of CPU:
  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                                                                              
 3554 root      20   0  262752   3804   3012 R 100.0  0.0   0:56.65 nm-libreswan-se

it sits there for 3 minutes and then goes away. I can reconnect after it's gone.

Comment 8 Lubomir Rintel 2015-10-22 12:38:31 UTC
Created attachment 1085489 [details]
[nm-libreswan 2/3] Fix for 100% cpu load on disconnect

Comment 9 Lubomir Rintel 2015-10-22 12:41:14 UTC
Created attachment 1085491 [details]
[nm-libreswan 3/3] Fix reconnecting after a failure

Comment 10 Lubomir Rintel 2015-10-22 12:42:30 UTC
Created attachment 1085494 [details]
[nm] Avoid disconnecting connection following an unsuccessful connection attempt

Comment 12 Thomas Haller 2015-10-23 14:12:56 UTC
All patches LGTM. Didn't test though.

Comment 13 Lubomir Rintel 2015-10-23 16:38:47 UTC
nm-1-0:

26094b7 service: always tear down the connection on helper failure
f516f6b service: watch for pty master hangups
636b2a5 service: don't delete connection while it's being upped

master:

50fc66b service: always tear down the connection on helper failure
984035d service: watch for pty master hangups
f58fde3 service: don't delete connection while it's being upped

Comment 17 Vladimir Benes 2015-10-29 14:52:21 UTC
this works well with current libreswan and NM package.

Comment 18 errata-xmlrpc 2015-11-19 11:06:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2315.html


Note You need to log in before you can comment on or make changes to this bug.