Description of problem: After upgrade to NetworkManager-l2tp 1.20.4-1.fc36 , output of libreswan-4.9-1.fc36's 'ipsec --version' command does not contain a leading space, so in source file 'shared/utils.c', @ line 15: NML2tpIpsecDaemon check_ipsec_daemon(const char *path) { const char * argv[] = {path, "--version", NULL}; g_autofree char *output = NULL; if (path == NULL) return NM_L2TP_IPSEC_DAEMON_UNKNOWN; if (g_spawn_sync(NULL, (char **) argv, NULL, 0, NULL, NULL, &output, NULL, NULL, NULL)) { if (!output) return NM_L2TP_IPSEC_DAEMON_UNKNOWN; if (strstr(output, " strongSwan ")) return NM_L2TP_IPSEC_DAEMON_STRONGSWAN; if (strstr(output, " Libreswan ")) return NM_L2TP_IPSEC_DAEMON_LIBRESWAN; if (strstr(output, " Openswan ")) return NM_L2TP_IPSEC_DAEMON_OPENSWAN; } return NM_L2TP_IPSEC_DAEMON_UNKNOWN; } , the string emitted by ipsec --version does NOT match: $ echo "^$(/usr/sbin/ipsec.real --version)^" ^Libreswan 4.9^ $ I have had to fake up /usr/sbin/ipsec: $ cat /usr/sbin/ipsec #!/usr/bin/bash case "$1" in (--version) echo ' Libreswan 4.9' ;; (*) exec /usr/sbin/ipsec.real "$@" ;; esac $ echo "^$(/usr/sbin/ipsec --version)^" ^ Libreswan 4.9^ so that NetworkManager can bring up my LibreSwan XL2TP VPN connections; otherwise, it fails to bring up ANY of my my LibreSwan connections with log messages like : Oct 27 23:24:26 jvdspc.jvds.net NetworkManager[382885]: <warn> [1666909466.3744] vpn[0x5634e95788c0,d8b43858-cd4b-4ead-88eb-a7df3ca1ed32,"PTTI_DevBox01"]: failed to connect: 'Neither Libreswan nor strongSwan were found.' , since ' Libreswan' does NOT match 'Libreswan' . I am not sure if this was an updated /usr/sbin/ipsec OR an updated NetworkManager-l2tp , but with the current versions in Fedora 36, as updated today, this problem occurs ; I have to install my fake /usr/sbin/ipsec script wrapper in order to bring up my VPNs. Version-Release number of selected component (if applicable): 1.20.4-1.fc36 How reproducible: 100% Steps to Reproduce: 1. Update to today's versions of 'libreswan' and 'NetworkManager-l2tp'. 2. Try to bring up a nmcli VPN connection, which uses libreswan Actual results: No VPN connection is brought up because NetworkManager-l2tp thinks neither libreswan nor strongswan are installed. Expected results: All such pre-existing libreswan VPN connections should be brought up OK. Additional info:
The NetworkManager-l2tp detection for Libreswan 4.9 was fixed upstream in the git repository only a few days ago: https://github.com/nm-l2tp/NetworkManager-l2tp/commit/3c6ccfe331e65c7af8be4df78cac67c030e96958 A new upstream NetworkManager-l2tp 1.20.6 source tarball will most likely be released tomorrow, with Fedora package to follow soon after.
Created attachment 1920862 [details] Patch to 'shared/utils.c' of NetworkManager-l2tp-1.20.4 to fix this issue. The patch also compares '/usr/sbin/ipsec --version' output to 'Libreswan ', as well as to ' Libreswan '.
FEDORA-2022-999c172212 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-999c172212
FEDORA-2022-453d93c252 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-453d93c252
FEDORA-2022-714babeb3d has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-714babeb3d
FEDORA-2022-999c172212 has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-999c172212` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-999c172212 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-453d93c252 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-453d93c252` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-453d93c252 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-714babeb3d has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-714babeb3d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-714babeb3d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
The new NetworkManager-l2tp-1.20.6-1 RPMs will be automatically pushed from testing to stable in one week's time, unless people vote on the corresponding Bohdi page and 3 Karma points are received which will push them earlier. (In reply to Jason Vas Dias from comment #2) > Patch to 'shared/utils.c' of NetworkManager-l2tp-1.20.4 to fix this issue. > > The patch also compares '/usr/sbin/ipsec --version' output to 'Libreswan ', > as well as to ' Libreswan '. The upstream fix in NetworkManager-l2tp-1.20.6 just does a strstr search for "Libreswan" with no white space padding and that was sufficient for detection of both old and new versions of Libreswan. So, I didn't end up having to use this patch.
Great, thanks Douglas - please post link to that page and I will vote . RE: > The upstream fix in NetworkManager-l2tp-1.20.6 just does a > strstr search for "Libreswan" that will work fine until some new "superDuperNewLibreswan" (or "notLibreswanReally"...) package comes out! :-) I think maybe insisting on space delimitation OR beginning a line for the distinguished Word (in "strongSwan", "Libreswan", "Openswan") is not a bad idea - just my 2ยข .
(In reply to Jason Vas Dias from comment #10) > Great, thanks Douglas - please post link to that page and I will vote . The "Fedora Update System" posted the links a few messages back, for Fedora 36 it was: https://bodhi.fedoraproject.org/updates/FEDORA-2022-453d93c252 I think you voted for the EPEL8 update of NetworkManager-l2tp. As Red Hat Enterprise Linux 8 is still using Libreswan 4.5, I didn't provide a link to this bug for that update. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-3a7dcce30c
(In reply to Douglas Kosovic from comment #11) RE: > I think you voted for the EPEL8 update of NetworkManager-l2tp. As Red Hat > Enterprise Linux 8 is still using Libreswan 4.5, I didn't provide a link to > this bug for that update. > https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-3a7dcce30c I go to that link, and see only the EPEL-8 build - and my vote on the first screen - see attached screenshot.
Created attachment 1921541 [details] Screenshot showing builds my 'jvd66' Fedora Account can view
Anyway, I've been using my fake /usr/sbin/ipsec script, and it works fine - so I have a workaround. I am sure either your new 1.20.6 build or a build of 1.20.4-2 with my patch (which I did test) will work fine. I've been busy getting the new linux-6.0.6 kernel working with my https://bugzilla.redhat.com/show_bug.cgi?id=2125104 fs/pipe.c patch - which applies unchanged and is working great - I am now running linux-6.0.6 .
I posted the link for Fedora 36 voting in that same response: (In reply to Douglas Kosovic from comment #11) > (In reply to Jason Vas Dias from comment #10) > > Great, thanks Douglas - please post link to that page and I will vote . > > The "Fedora Update System" posted the links a few messages back, for Fedora > 36 it was: > > https://bodhi.fedoraproject.org/updates/FEDORA-2022-453d93c252 No worries, there was only one other person that voted for the NetworkManager-l2tp 1.20.6 Fedora 36 package. The updated packages will automatically pass from testing to stable in a few days. This bug report will automatically close when the packages move to stable. Thanks for the bug report and glad you had a workaround.
FEDORA-2022-453d93c252 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-714babeb3d has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-999c172212 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.