Bug 1285367 - nm-libreswan-service abort when trying to establish vpn connection to RH intranet
nm-libreswan-service abort when trying to establish vpn connection to RH intr...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager-libreswan (Show other bugs)
7.2
x86_64 Linux
high Severity high
: rc
: ---
Assigned To: Lubomir Rintel
Desktop QE
:
Depends On:
Blocks: 1301628 1313485
  Show dependency treegraph
 
Reported: 2015-11-25 08:27 EST by Paolo Abeni
Modified: 2016-11-03 15:20 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 15:20:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
full contents of abrt-generated dump (12.46 MB, application/x-xz)
2015-11-25 08:31 EST, Paolo Abeni
no flags Details

  None (edit)
Description Paolo Abeni 2015-11-25 08:27:35 EST
After dumbly upgrading to rhel-7.2 from rhel-7.1 with:

yum upgrade --releasever 7.2

every time I try to establish the vpn connection to the RH intranet via nm/libreswan, the process nm-libreswan-service abort.

journalctl report:

Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: 002 listening for IKE messages
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: 003 ERROR: bind() for virbr1/virbr1 fc00::1:500 in process_raw_ifaces(). Errno 99: Cannot assign requested a
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: 002 forgetting secrets
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: 002 loading secrets from "/etc/ipsec.secrets"
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: 002 loading secrets from "/etc/ipsec.d/ipsec-7447fff5-3cb1-4794-995a-7fd5b48287ac.secrets"
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: ** Message: Spawn: child 4918 exited with error code 3
Nov 25 12:18:46 dhcp-176-88.mxp.redhat.com NetworkManager[1039]: ** Message: Spawn: 22 more tries...

Installed packages:
NetworkManager-glib-1.0.6-27.el7.x86_64
NetworkManager-libreswan-debuginfo-1.0.6-3.el7.x86_64
NetworkManager-libnm-1.0.6-27.el7.x86_64
NetworkManager-config-server-1.0.6-27.el7.x86_64
NetworkManager-1.0.6-27.el7.x86_64
NetworkManager-devel-1.0.6-27.el7.x86_64
NetworkManager-adsl-1.0.6-27.el7.x86_64
NetworkManager-libreswan-1.0.6-3.el7.x86_64
NetworkManager-wifi-1.0.6-27.el7.x86_64
NetworkManager-tui-1.0.6-27.el7.x86_64
NetworkManager-libnm-devel-1.0.6-27.el7.x86_64
NetworkManager-team-1.0.6-27.el7.x86_64
NetworkManager-libreswan-gnome-1.0.6-3.el7.x86_64
Comment 1 Paolo Abeni 2015-11-25 08:31 EST
Created attachment 1098822 [details]
full contents of abrt-generated dump
Comment 2 Lubomir Rintel 2016-01-06 12:06:13 EST
A couple of issues here:

libreswan indicates failure listening on the interface (virbr0) where it should not listed. It seems errorneously marked closed now, I"ll re-send the fix: https://github.com/libreswan/libreswan/pull/42

We trust the libreswan not to do the above (which caused the connection to fail): https://git.gnome.org/browse/network-manager-openswan/commit/?h=nm-1-0&id=0d73bef35688faf442414be545e2aa0cdef10118

We clean up incorrectly (which is what caused the crash): https://git.gnome.org/browse/network-manager-openswan/commit/?h=nm-1-0&id=98ad323105c89ac0d847996653463c250aa9f12a

All fixed upstream; will be fixed with the plugin rebase with RHEL 7.3.
Comment 3 Mike McCune 2016-03-28 18:57:02 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 7 errata-xmlrpc 2016-11-03 15:20:49 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2581.html

Note You need to log in before you can comment on or make changes to this bug.