Description of problem: Attempting to connect to a VPN results in an error: VPN Connect Failure Could not start the VPN connection '...' due to a connection error. The VPN service said: "The VPN login failed because the VPN program could not connect to the VPN server." Connecting using vpnc directly works fine. Version-Release number of selected component (if applicable): NetworkManager-vpnc-0.2-2 How reproducible: Always Steps to Reproduce: 1. Create a VPN in nm-applet. 2. Attempt to connect. 3. Actual results: The above-mentioned error. Expected results: Connection to the VPN. Additional info: Using NetworkManager*-0.4-34.cvs20050729. Cisco airo wireless driver.
Two questions 1. Does this happen all the time? 2. Does invoking vpnc from a shell work OK?
Btw, can you attach the bits of /var/log/messages that is printed during the connection attempt? Thanks
1. Yes. 2. Yes, as root. As user, I get "/usr/sbin/vpnc: binding to port 500: Permission denied". When I attempt to use NM-vpnc, the only message in /var/log/messages is: Aug 1 11:52:05 vincent52 NetworkManager: <WARNING> (): VPN failed for service 'org.freedesktop.NetworkManager.vpnc', signal 'ConnectFailed', with message 'The VPN login failed because the VPN program could not connect to the VPN server.'.
*** Bug 163405 has been marked as a duplicate of this bug. ***
Changing version to devel since this is only available in Rawhide / Rawhide Extras.
So, further debugging shows that selinux is the culprit here. This is the message thrown to /var/log/messages. Aug 2 10:48:25 dhcp83-16 dbus: avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp member=set dest=com.redhat.dhcp spid=3511 tpid=3445 scontext=root:system_r:dhcpc_t tcontext=root:system_r:unconfined_t tclass=dbus Workaround for this bug is to disable selinux.
Fixed in selinux-policy-targeted-1.25.3-11
Matthew Saltzman, does disabling selinux or updating to selinux-policy-targeted-1.25.3-11 make this work for you?
It is available on ftp://people.redhat.com/dwalsh/Fedora and will be available via rawhide tomorrow.
Make that ftp://people.redhat.com/dwalsh/SELinux/Fedora
Yes, "setenforce 0" works around the problem. Updating to selinux-policy-targeted-1.25.3-11 also solves the problem. Thanks!
Thanks to everyone involved. Closing this bug.