Bug 331141 - NetworkManager 0.7 fails silently if vpnc password is incorrect [NEEDINFO]
NetworkManager 0.7 fails silently if vpnc password is incorrect
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: NetworkManager-vpnc (Show other bugs)
9
All Linux
medium Severity high
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
:
: 373601 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-13 23:45 EDT by Jussi Eloranta
Modified: 2008-12-21 18:43 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-21 18:39:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
nphilipp: needinfo? (denis)


Attachments (Terms of Use)

  None (edit)
Description Jussi Eloranta 2007-10-13 23:45:07 EDT
Description of problem (gnome network manager):

1. Create VPNC connection in NetworkManager. BTW When you create a new
connection, I often see that NetworkManager does not see this change immediately
but requires a restart - anyway but this is a different issue...
2. Try to connect - the connection fails and /var/log/messages shows:

Oct 13 12:13:34 epatto1 NetworkManager: <info>  VPN service 'org.freedesktop.Ne\
tworkManager.vpnc' exec scheduled...
Oct 13 12:13:34 epatto1 NetworkManager: <info>  VPN service 'org.freedesktop.Ne\
tworkManager.vpnc' executed (org.freedesktop.NetworkManager.vpnc), PID 6097
Oct 13 12:13:34 epatto1 NetworkManager: <info>  VPN service 'org.freedesktop.Ne\
tworkManager.vpnc' just appeared, activating connections
Oct 13 12:13:34 epatto1 NetworkManager: <info>  VPN service 'org.freedesktop.Ne\
tworkManager.vpnc' just appeared, activating connections
Oct 13 12:13:34 epatto1 NetworkManager: nm_vpn_connection_activate: assertion `\
nm_vpn_connection_get_state (connection) == NM_VPN_CONNECTION_STATE_PREPARE' fa\
iled
Oct 13 12:13:49 epatto1 NetworkManager: <info>  VPN connection 'CSUN' (Connect)\
 reply received.
Oct 13 12:13:49 epatto1 kernel: tun0: Disabled Privacy Extensions
Oct 13 12:14:04 epatto1 NetworkManager: <WARN>  connection_state_changed(): Cou\
ld not process the request because no VPN connection was active.
Oct 13 12:14:50 epatto1 kernel: tun0: Disabled Privacy Extensions
Oct 13 12:16:18 epatto1 NetworkManager: <info>  VPN service 'org.freedesktop.Ne\
tworkManager.vpnc' exec scheduled...
Oct 13 12:16:18 epatto1 NetworkManager: <info>  VPN service 'org.freedesktop.Ne\
tworkManager.vpnc' executed (org.freedesktop.NetworkManager.vpnc), PID 6182
Oct 13 12:16:18 epatto1 NetworkManager: <info>  VPN service 'org.freedesktop.Ne\
tworkManager.vpnc' just appeared, activating connections
Oct 13 12:16:18 epatto1 NetworkManager: <info>  VPN service 'org.freedesktop.Ne\
tworkManager.vpnc' just appeared, activating connections
Oct 13 12:16:18 epatto1 NetworkManager: nm_vpn_connection_activate: assertion `\
nm_vpn_connection_get_state (connection) == NM_VPN_CONNECTION_STATE_PREPARE' fa\
iled
Oct 13 12:16:18 epatto1 NetworkManager: <info>  VPN connection 'CSUN' (Connect)\
 reply received.

If I export the settings and convert them to vpnc config with
pcf2vpnc (which IMHO should reside somewhere else than in /usr/share/doc/...),
connection works just fine with CLI vpnc. I wonder if there is some kind of
conflict with the new vpnc 0.5 version (FC7 uses 0.4)?

Version-Release number of selected component (if applicable):

vpnc-0.5.1-1.fc8
NetworkManager-vpnc-0.7.0-0.2.svn2970.fc8
Comment 1 Jussi Eloranta 2007-10-24 03:09:31 EDT
I think this was due to some incorrect information in my keychain.
I recreated the connection under a different name, re-entered the passwords
and it started working now. We really need some sort of tool for working with
keychains (rather than just rm'ing the whole thing...)
Comment 2 Dan Winship 2007-11-07 15:11:37 EST
(In reply to comment #1)
> I think this was due to some incorrect information in my keychain.

Yeah, I just had this problem; if the password is incorrect, the vpn connection
fails silently. (At least, this happens if the group password is incorrect. Not
sure about the user password.)

> We really need some sort of tool for working with keychains

yum install gnome-keyring-manager
Comment 3 Denis Leroy 2007-11-27 10:10:28 EST
*** Bug 373601 has been marked as a duplicate of this bug. ***
Comment 4 Denis Leroy 2007-11-27 10:13:29 EST
Yes, this is one of a number of issues in the vpn stack of NM 0.7.0.
Comment 5 Nils Philippsen 2008-08-19 04:50:42 EDT
(In reply to comment #2)
> (In reply to comment #1)
> > We really need some sort of tool for working with keychains
> 
> yum install gnome-keyring-manager

... which doesn't let me delete individual secrets, only whole keyrings and that's a bit over the top. 

The last update on this is nearly 9 months old -- is this being worked on?
Comment 6 Dan Winship 2008-08-19 09:27:11 EDT
(In reply to comment #5)
> > > We really need some sort of tool for working with keychains
> > 
> > yum install gnome-keyring-manager
> 
> ... which doesn't let me delete individual secrets, only whole keyrings

Select the key, then choose "Delete Key" from the "Keyring" menu.
Comment 7 Nils Philippsen 2008-08-19 10:00:51 EDT
(In reply to comment #6)
> Select the key, then choose "Delete Key" from the "Keyring" menu.

Oops, sorry, I should have searched more -- I looked for it in a context menu (which the keys/keyrins don't have).
Comment 8 epablo 2008-09-03 10:32:29 EDT
Problem persists in NetworkManager-vpnc-0.7.7.svn3627.fc9.

I had my VPN password reset and forgot to upgrade my gnome-key info making the /usr/bin/nm-vpnc-service to fail.

After deleting the keys it started working again.


This is what I got in the messages file before finding the error:

Sep  3 15:18:46 seraph NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.vpnc'...
Sep  3 15:18:46 seraph NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 4534
Sep  3 15:18:46 seraph NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.vpnc' just appeared, activating connections
Sep  3 15:18:46 seraph NetworkManager: <info>  VPN plugin state changed: 1
Sep  3 15:18:46 seraph NetworkManager: <info>  VPN plugin state changed: 3
Sep  3 15:18:46 seraph NetworkManager: <info>  VPN connection 'DTSt' (Connect) reply received.
Sep  3 15:18:46 seraph kernel: tun0: Disabled Privacy Extensions
Sep  3 15:18:47 seraph NetworkManager: <info>  VPN plugin state changed: 6
Sep  3 15:18:47 seraph NetworkManager: <WARN>  connection_vpn_state_changed(): Could not process the request because no VPN connection was active.
Comment 9 Fedora Update System 2008-11-23 18:05:38 EST
NetworkManager-0.7.0-0.12.svn4326.fc9,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9,NetworkManager-openvpn-0.7.0-16.svn4326.fc9,NetworkManager-pptp-0.7.0-0.12.svn4326.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/NetworkManager-0.7.0-0.12.svn4326.fc9,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9,NetworkManager-openvpn-0.7.0-16.svn4326.fc9,NetworkManager-pptp-0.7.0-0.12.svn4326.fc9
Comment 10 Fedora Update System 2008-11-23 18:08:00 EST
NetworkManager-0.7.0-0.12.svn4326.fc8,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8,NetworkManager-openvpn-0.7.0-16.svn4326.fc8,NetworkManager-pptp-0.7.0-0.12.svn4326.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/NetworkManager-0.7.0-0.12.svn4326.fc8,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8,NetworkManager-openvpn-0.7.0-16.svn4326.fc8,NetworkManager-pptp-0.7.0-0.12.svn4326.fc8
Comment 11 Simo Sorce 2008-11-25 18:34:01 EST
I never store the password in the keyring yet if I fail to provide the right password vpnc will fail and any attempt to retry will just fail and not provide a password prompt.
The only way to retry with a good password *was* to restart network manager, with this update even restarting NetworkManager does not give a way to fix it.

I suspect this may also mean that Network Manager keeps this password somewhere which would also be bad, I explicitly do not want to store this password.

Why the dialog was completely changed form what was available before ?

It seem like a very bad regression ...
Comment 12 Fedora Update System 2008-11-26 01:15:29 EST
NetworkManager-0.7.0-0.12.svn4326.fc8, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8, NetworkManager-openvpn-0.7.0-16.svn4326.fc8, NetworkManager-pptp-0.7.0-0.12.svn4326.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing-newkey update NetworkManager NetworkManager-vpnc NetworkManager-openvpn NetworkManager-pptp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-10263
Comment 13 Fedora Update System 2008-11-26 01:19:27 EST
NetworkManager-0.7.0-0.12.svn4326.fc9, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9, NetworkManager-openvpn-0.7.0-16.svn4326.fc9, NetworkManager-pptp-0.7.0-0.12.svn4326.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing-newkey update NetworkManager NetworkManager-vpnc NetworkManager-openvpn NetworkManager-pptp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-10321
Comment 14 Fedora Update System 2008-11-26 01:23:02 EST
NetworkManager-pptp-0.7.0-0.12.svn4326.fc10, NetworkManager-openvpn-0.7.0-16.svn4326.fc10, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc10, NetworkManager-0.7.0-0.12.svn4326.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Dan Williams 2008-11-26 11:02:21 EST
(In reply to comment #11)
> I never store the password in the keyring yet if I fail to provide the right
> password vpnc will fail and any attempt to retry will just fail and not provide
> a password prompt.

Ok, that seems like a bug; but can you change the dropdown next to your password in the connection editor for your VPN connection to "Always Ask"?  That's the real fix here.  This behavior doesn't seem like a regression since NM simply would never ask you for the password before after you'd entered it once.
Comment 16 Simo Sorce 2008-11-26 14:20:27 EST
So far every time I tried to start a vpnc connection, NetworkManager presented me with a dialog asking for the user password.
Below the dialog I had the group password dialog (that password was saved and showed up as asterisks).
Below that I had 3 radio buttons and the selected option was "save group password"

After insalling the latest packages from koji I got just a request for a password with no other options, and NM decided to save it.

If the dialog changed then it seem with have an upgrade issue where NM does not understand what were the previous defaults.
Comment 17 Dan Williams 2008-11-28 12:34:50 EST
Previous "defaults" were never saved anywhere; if the group password didn't exist in the keyring, you were asked for it.  Try modifying the connection in the connection editor to "always ask" for the passwords you dont' want saved to the keyring.
Comment 18 Simo Sorce 2008-11-28 12:56:18 EST
Well previously the default dialog I always got had 2 text entries, one for the user password, and one for the group password, and a set of radiobuttons that defaulted to save group password.
Every time I tried to connect I always had the user password blank and the group password saved (and shown as asterisks).

If the previous defaults were not saved as you claim then I would expect that the default for each password is "always ask" unless a user explicitly chooses otherwise.
Comment 19 Fedora Update System 2008-12-21 18:38:06 EST
NetworkManager-0.7.0-0.12.svn4326.fc9, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9, NetworkManager-openvpn-0.7.0-16.svn4326.fc9, NetworkManager-pptp-0.7.0-0.12.svn4326.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2008-12-21 18:43:12 EST
NetworkManager-0.7.0-0.12.svn4326.fc8, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8, NetworkManager-openvpn-0.7.0-16.svn4326.fc8, NetworkManager-pptp-0.7.0-0.12.svn4326.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.