Red Hat Bugzilla – Bug 331141
NetworkManager 0.7 fails silently if vpnc password is incorrect
Last modified: 2008-12-21 18:43:12 EST
Description of problem (gnome network manager): 1. Create VPNC connection in NetworkManager. BTW When you create a new connection, I often see that NetworkManager does not see this change immediately but requires a restart - anyway but this is a different issue... 2. Try to connect - the connection fails and /var/log/messages shows: Oct 13 12:13:34 epatto1 NetworkManager: <info> VPN service 'org.freedesktop.Ne\ tworkManager.vpnc' exec scheduled... Oct 13 12:13:34 epatto1 NetworkManager: <info> VPN service 'org.freedesktop.Ne\ tworkManager.vpnc' executed (org.freedesktop.NetworkManager.vpnc), PID 6097 Oct 13 12:13:34 epatto1 NetworkManager: <info> VPN service 'org.freedesktop.Ne\ tworkManager.vpnc' just appeared, activating connections Oct 13 12:13:34 epatto1 NetworkManager: <info> VPN service 'org.freedesktop.Ne\ tworkManager.vpnc' just appeared, activating connections Oct 13 12:13:34 epatto1 NetworkManager: nm_vpn_connection_activate: assertion `\ nm_vpn_connection_get_state (connection) == NM_VPN_CONNECTION_STATE_PREPARE' fa\ iled Oct 13 12:13:49 epatto1 NetworkManager: <info> VPN connection 'CSUN' (Connect)\ reply received. Oct 13 12:13:49 epatto1 kernel: tun0: Disabled Privacy Extensions Oct 13 12:14:04 epatto1 NetworkManager: <WARN> connection_state_changed(): Cou\ ld not process the request because no VPN connection was active. Oct 13 12:14:50 epatto1 kernel: tun0: Disabled Privacy Extensions Oct 13 12:16:18 epatto1 NetworkManager: <info> VPN service 'org.freedesktop.Ne\ tworkManager.vpnc' exec scheduled... Oct 13 12:16:18 epatto1 NetworkManager: <info> VPN service 'org.freedesktop.Ne\ tworkManager.vpnc' executed (org.freedesktop.NetworkManager.vpnc), PID 6182 Oct 13 12:16:18 epatto1 NetworkManager: <info> VPN service 'org.freedesktop.Ne\ tworkManager.vpnc' just appeared, activating connections Oct 13 12:16:18 epatto1 NetworkManager: <info> VPN service 'org.freedesktop.Ne\ tworkManager.vpnc' just appeared, activating connections Oct 13 12:16:18 epatto1 NetworkManager: nm_vpn_connection_activate: assertion `\ nm_vpn_connection_get_state (connection) == NM_VPN_CONNECTION_STATE_PREPARE' fa\ iled Oct 13 12:16:18 epatto1 NetworkManager: <info> VPN connection 'CSUN' (Connect)\ reply received. If I export the settings and convert them to vpnc config with pcf2vpnc (which IMHO should reside somewhere else than in /usr/share/doc/...), connection works just fine with CLI vpnc. I wonder if there is some kind of conflict with the new vpnc 0.5 version (FC7 uses 0.4)? Version-Release number of selected component (if applicable): vpnc-0.5.1-1.fc8 NetworkManager-vpnc-0.7.0-0.2.svn2970.fc8
I think this was due to some incorrect information in my keychain. I recreated the connection under a different name, re-entered the passwords and it started working now. We really need some sort of tool for working with keychains (rather than just rm'ing the whole thing...)
(In reply to comment #1) > I think this was due to some incorrect information in my keychain. Yeah, I just had this problem; if the password is incorrect, the vpn connection fails silently. (At least, this happens if the group password is incorrect. Not sure about the user password.) > We really need some sort of tool for working with keychains yum install gnome-keyring-manager
*** Bug 373601 has been marked as a duplicate of this bug. ***
Yes, this is one of a number of issues in the vpn stack of NM 0.7.0.
(In reply to comment #2) > (In reply to comment #1) > > We really need some sort of tool for working with keychains > > yum install gnome-keyring-manager ... which doesn't let me delete individual secrets, only whole keyrings and that's a bit over the top. The last update on this is nearly 9 months old -- is this being worked on?
(In reply to comment #5) > > > We really need some sort of tool for working with keychains > > > > yum install gnome-keyring-manager > > ... which doesn't let me delete individual secrets, only whole keyrings Select the key, then choose "Delete Key" from the "Keyring" menu.
(In reply to comment #6) > Select the key, then choose "Delete Key" from the "Keyring" menu. Oops, sorry, I should have searched more -- I looked for it in a context menu (which the keys/keyrins don't have).
Problem persists in NetworkManager-vpnc-0.7.7.svn3627.fc9. I had my VPN password reset and forgot to upgrade my gnome-key info making the /usr/bin/nm-vpnc-service to fail. After deleting the keys it started working again. This is what I got in the messages file before finding the error: Sep 3 15:18:46 seraph NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.vpnc'... Sep 3 15:18:46 seraph NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 4534 Sep 3 15:18:46 seraph NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' just appeared, activating connections Sep 3 15:18:46 seraph NetworkManager: <info> VPN plugin state changed: 1 Sep 3 15:18:46 seraph NetworkManager: <info> VPN plugin state changed: 3 Sep 3 15:18:46 seraph NetworkManager: <info> VPN connection 'DTSt' (Connect) reply received. Sep 3 15:18:46 seraph kernel: tun0: Disabled Privacy Extensions Sep 3 15:18:47 seraph NetworkManager: <info> VPN plugin state changed: 6 Sep 3 15:18:47 seraph NetworkManager: <WARN> connection_vpn_state_changed(): Could not process the request because no VPN connection was active.
NetworkManager-0.7.0-0.12.svn4326.fc9,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9,NetworkManager-openvpn-0.7.0-16.svn4326.fc9,NetworkManager-pptp-0.7.0-0.12.svn4326.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/NetworkManager-0.7.0-0.12.svn4326.fc9,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9,NetworkManager-openvpn-0.7.0-16.svn4326.fc9,NetworkManager-pptp-0.7.0-0.12.svn4326.fc9
NetworkManager-0.7.0-0.12.svn4326.fc8,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8,NetworkManager-openvpn-0.7.0-16.svn4326.fc8,NetworkManager-pptp-0.7.0-0.12.svn4326.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/NetworkManager-0.7.0-0.12.svn4326.fc8,NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8,NetworkManager-openvpn-0.7.0-16.svn4326.fc8,NetworkManager-pptp-0.7.0-0.12.svn4326.fc8
I never store the password in the keyring yet if I fail to provide the right password vpnc will fail and any attempt to retry will just fail and not provide a password prompt. The only way to retry with a good password *was* to restart network manager, with this update even restarting NetworkManager does not give a way to fix it. I suspect this may also mean that Network Manager keeps this password somewhere which would also be bad, I explicitly do not want to store this password. Why the dialog was completely changed form what was available before ? It seem like a very bad regression ...
NetworkManager-0.7.0-0.12.svn4326.fc8, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8, NetworkManager-openvpn-0.7.0-16.svn4326.fc8, NetworkManager-pptp-0.7.0-0.12.svn4326.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update NetworkManager NetworkManager-vpnc NetworkManager-openvpn NetworkManager-pptp'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-10263
NetworkManager-0.7.0-0.12.svn4326.fc9, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9, NetworkManager-openvpn-0.7.0-16.svn4326.fc9, NetworkManager-pptp-0.7.0-0.12.svn4326.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update NetworkManager NetworkManager-vpnc NetworkManager-openvpn NetworkManager-pptp'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-10321
NetworkManager-pptp-0.7.0-0.12.svn4326.fc10, NetworkManager-openvpn-0.7.0-16.svn4326.fc10, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc10, NetworkManager-0.7.0-0.12.svn4326.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
(In reply to comment #11) > I never store the password in the keyring yet if I fail to provide the right > password vpnc will fail and any attempt to retry will just fail and not provide > a password prompt. Ok, that seems like a bug; but can you change the dropdown next to your password in the connection editor for your VPN connection to "Always Ask"? That's the real fix here. This behavior doesn't seem like a regression since NM simply would never ask you for the password before after you'd entered it once.
So far every time I tried to start a vpnc connection, NetworkManager presented me with a dialog asking for the user password. Below the dialog I had the group password dialog (that password was saved and showed up as asterisks). Below that I had 3 radio buttons and the selected option was "save group password" After insalling the latest packages from koji I got just a request for a password with no other options, and NM decided to save it. If the dialog changed then it seem with have an upgrade issue where NM does not understand what were the previous defaults.
Previous "defaults" were never saved anywhere; if the group password didn't exist in the keyring, you were asked for it. Try modifying the connection in the connection editor to "always ask" for the passwords you dont' want saved to the keyring.
Well previously the default dialog I always got had 2 text entries, one for the user password, and one for the group password, and a set of radiobuttons that defaulted to save group password. Every time I tried to connect I always had the user password blank and the group password saved (and shown as asterisks). If the previous defaults were not saved as you claim then I would expect that the default for each password is "always ask" unless a user explicitly chooses otherwise.
NetworkManager-0.7.0-0.12.svn4326.fc9, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9, NetworkManager-openvpn-0.7.0-16.svn4326.fc9, NetworkManager-pptp-0.7.0-0.12.svn4326.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
NetworkManager-0.7.0-0.12.svn4326.fc8, NetworkManager-vpnc-0.7.0-0.11.svn4326.fc8, NetworkManager-openvpn-0.7.0-16.svn4326.fc8, NetworkManager-pptp-0.7.0-0.12.svn4326.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.