Bug 1285367 - nm-libreswan-service abort when trying to establish vpn connection to RH intranet
Summary: nm-libreswan-service abort when trying to establish vpn connection to RH intr...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager-libreswan
Version: 7.2
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Lubomir Rintel
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: 1301628 1313485
TreeView+ depends on / blocked
 
Reported: 2015-11-25 13:27 UTC by Paolo Abeni
Modified: 2016-11-03 19:20 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-03 19:20:49 UTC


Attachments (Terms of Use)
full contents of abrt-generated dump (12.46 MB, application/x-xz)
2015-11-25 13:31 UTC, Paolo Abeni
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2581 normal SHIPPED_LIVE Low: NetworkManager security, bug fix, and enhancement update 2016-11-03 12:08:07 UTC

Description Paolo Abeni 2015-11-25 13:27:35 UTC
After dumbly upgrading to rhel-7.2 from rhel-7.1 with:

yum upgrade --releasever 7.2

every time I try to establish the vpn connection to the RH intranet via nm/libreswan, the process nm-libreswan-service abort.

journalctl report:

Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: 002 listening for IKE messages
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: 003 ERROR: bind() for virbr1/virbr1 fc00::1:500 in process_raw_ifaces(). Errno 99: Cannot assign requested a
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: 002 forgetting secrets
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: 002 loading secrets from "/etc/ipsec.secrets"
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: 002 loading secrets from "/etc/ipsec.d/ipsec-7447fff5-3cb1-4794-995a-7fd5b48287ac.secrets"
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: ** Message: Spawn: child 4918 exited with error code 3
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: ** Message: Spawn: 22 more tries...

Installed packages:
NetworkManager-glib-1.0.6-27.el7.x86_64
NetworkManager-libreswan-debuginfo-1.0.6-3.el7.x86_64
NetworkManager-libnm-1.0.6-27.el7.x86_64
NetworkManager-config-server-1.0.6-27.el7.x86_64
NetworkManager-1.0.6-27.el7.x86_64
NetworkManager-devel-1.0.6-27.el7.x86_64
NetworkManager-adsl-1.0.6-27.el7.x86_64
NetworkManager-libreswan-1.0.6-3.el7.x86_64
NetworkManager-wifi-1.0.6-27.el7.x86_64
NetworkManager-tui-1.0.6-27.el7.x86_64
NetworkManager-libnm-devel-1.0.6-27.el7.x86_64
NetworkManager-team-1.0.6-27.el7.x86_64
NetworkManager-libreswan-gnome-1.0.6-3.el7.x86_64

Comment 1 Paolo Abeni 2015-11-25 13:31:52 UTC
Created attachment 1098822 [details]
full contents of abrt-generated dump

Comment 2 Lubomir Rintel 2016-01-06 17:06:13 UTC
A couple of issues here:

libreswan indicates failure listening on the interface (virbr0) where it should not listed. It seems errorneously marked closed now, I"ll re-send the fix: https://github.com/libreswan/libreswan/pull/42

We trust the libreswan not to do the above (which caused the connection to fail): https://git.gnome.org/browse/network-manager-openswan/commit/?h=nm-1-0&id=0d73bef35688faf442414be545e2aa0cdef10118

We clean up incorrectly (which is what caused the crash): https://git.gnome.org/browse/network-manager-openswan/commit/?h=nm-1-0&id=98ad323105c89ac0d847996653463c250aa9f12a

All fixed upstream; will be fixed with the plugin rebase with RHEL 7.3.

Comment 3 Mike McCune 2016-03-28 22:57:02 UTC
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Comment 7 errata-xmlrpc 2016-11-03 19:20:49 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2581.html


Note You need to log in before you can comment on or make changes to this bug.