Bug 460754 - NetworkManager fails to run helper script
NetworkManager fails to run helper script
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: NetworkManager-openvpn (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-31 01:14 EDT by Nigel Jones
Modified: 2008-09-30 16:26 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-30 16:26:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nigel Jones 2008-08-31 01:14:22 EDT
Description of problem:
/usr/libexec/nm-openvpn-service-openvpn-helper is unable to run on my Rawhide/F10 system during VPN connection.  It does however work on F-9.  This _may_ be the same/similar to Bug 456915 but due to the lack of detail I'd sooner create a new bug.

Version-Release number of selected component (if applicable):
NetworkManager-openvpn-0.7.0-15.svn4027.fc10.x86_64
NetworkManager-0.7.0-0.11.svn4022.fc10.x86_64
kernel-2.6.27-0.287.rc4.git7.fc10.x86_64

How reproducible:
I have no idea if it's kernel related or not, I've only tried with the one, but it's always reproducible for me.

Steps to Reproduce:
1. Configure VPN
2. Attempt to connect
  
Actual results:
Connection fails with logging as shown below.

Expected results:
Happy-Happy-VPN

Additional info:
/var/log/messages:
Aug 31 15:09:57 fantail NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...                                                                          
Aug 31 15:09:57 fantail NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 6375                           
Aug 31 15:09:57 fantail NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections                                                
Aug 31 15:09:57 fantail NetworkManager: <info>  VPN plugin state changed: 1                  
Aug 31 15:09:57 fantail NetworkManager: <info>  VPN plugin state changed: 3                  
Aug 31 15:09:57 fantail NetworkManager: <info>  VPN connection 'whio' (Connect) reply received.                                                                                           
Aug 31 15:09:57 fantail nm-openvpn[6378]: OpenVPN 2.1_rc9 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Aug 13 2008
Aug 31 15:09:57 fantail nm-openvpn[6378]: WARNING: No server certificate verification methodhas been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Aug 31 15:09:57 fantail nm-openvpn[6378]: UDPv4 link local: [undef]
Aug 31 15:09:57 fantail nm-openvpn[6378]: UDPv4 link remote: 65.49.60.219:1194
Aug 31 15:10:01 fantail nm-openvpn[6378]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
Aug 31 15:10:01 fantail nm-openvpn[6378]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Aug 31 15:10:01 fantail nm-openvpn[6378]: [server] Peer Connection Initiated with 65.49.60.219:1194
Aug 31 15:10:02 fantail kernel: tun0: Disabled Privacy Extensions
Aug 31 15:10:02 fantail nm-openvpn[6378]: TUN/TAP device tun0 opened
Aug 31 15:10:02 fantail nm-openvpn[6378]: /sbin/ip link set dev tun0 up mtu 1500
Aug 31 15:10:02 fantail nm-openvpn[6378]: /sbin/ip addr add dev tun0 local 192.168.50.6 peer192.168.50.5
Aug 31 15:10:02 fantail nm-openvpn[6378]: /usr/libexec/nm-openvpn-service-openvpn-helper tun0 1500 1541 192.168.50.6 192.168.50.5 init
Aug 31 15:10:02 fantail nm-openvpn[6378]: openvpn_execve: external program may not be calleddue to setting of --script-security level
Aug 31 15:10:02 fantail nm-openvpn[6378]: script failed: external program fork failed
Aug 31 15:10:02 fantail nm-openvpn[6378]: Exiting
Aug 31 15:10:02 fantail NetworkManager: <info>  VPN plugin state changed: 6
Aug 31 15:10:02 fantail NetworkManager: <WARN>  connection_state_changed(): Could not process the request because no VPN connection was active.


sudo NetworkManager --no-daemon:
NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 6375
NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
NetworkManager: <info>  VPN plugin state changed: 1
NetworkManager: <info>  VPN plugin state changed: 3
** Message: <info>  openvpn started with pid 6378

NetworkManager: <info>  VPN connection 'whio' (Connect) reply received.

** (process:6375): WARNING **: <WARN>  openvpn_watch_cb(): openvpn exited with error code 1

NetworkManager: <info>  VPN plugin state changed: 6
NetworkManager: <WARN>  connection_state_changed(): Could not process the request because noVPN connection was active.
NetworkManager: <debug> [1220152214.613469] ensure_killed(): waiting for vpn service pid 6375 to exit
NetworkManager: <debug> [1220152214.614052] ensure_killed(): vpn service pid 6375 cleaned up
Comment 1 Nigel Jones 2008-08-31 01:27:28 EDT
Also, just to note that rebooting didn't help.
Comment 2 Nigel Jones 2008-09-02 20:12:45 EDT
(In reply to comment #0)
> Version-Release number of selected component (if applicable):
> NetworkManager-openvpn-0.7.0-15.svn4027.fc10.x86_64
> NetworkManager-0.7.0-0.11.svn4022.fc10.x86_64
> kernel-2.6.27-0.287.rc4.git7.fc10.x86_64
> 
> How reproducible:
> I have no idea if it's kernel related or not, I've only tried with the one, but
> it's always reproducible for me.
Interestingly it's not reproducable on the Fedora 10 Alpha GNOME LiveCD with:

NetworkManager-0.7.0-0.11.svn3830.fc10.i386
NetworkManager-openvpn-0.7.0-0.11.svn3832.fc10.i386
kernel-2.6.27-0.166.rc0.git8.fc10.i686

I'll try and see if I can work out anything else going by this, but something does seem to have changed since then.
Comment 3 Steven Pritchard 2008-09-02 23:29:53 EDT
(In reply to comment #0)
> Aug 31 15:10:02 fantail nm-openvpn[6378]: openvpn_execve: external program may
> not be calleddue to setting of --script-security level
> Aug 31 15:10:02 fantail nm-openvpn[6378]: script failed: external program fork
> failed
> Aug 31 15:10:02 fantail nm-openvpn[6378]: Exiting

That's a new "feature" in openvpn 2.1_rc9.  See bug #458594.

We'll need an update for NetworkManager-openvpn to go along with the openvpn update.  Unfortunately, it's an incompatible change.
Comment 4 Nigel Jones 2008-09-02 23:50:26 EDT
(In reply to comment #3)
> (In reply to comment #0)
> > Aug 31 15:10:02 fantail nm-openvpn[6378]: openvpn_execve: external program may
> > not be calleddue to setting of --script-security level
> > Aug 31 15:10:02 fantail nm-openvpn[6378]: script failed: external program fork
> > failed
> > Aug 31 15:10:02 fantail nm-openvpn[6378]: Exiting
> 
> That's a new "feature" in openvpn 2.1_rc9.  See bug #458594.
> 
> We'll need an update for NetworkManager-openvpn to go along with the openvpn
> update.  Unfortunately, it's an incompatible change.
Argh rats, I just love 'features' like this.  

At least I should be able to get it working for the time being now.
Comment 5 Dan Williams 2008-09-03 16:10:19 EDT
yeah, these sort of new features suck.  not really sure what they were trying to accomplish here with --script-security.
Comment 6 Nigel Jones 2008-09-27 02:40:03 EDT
Is there any update on getting NetworkManager compatible with this latest change?
Comment 7 Dan Williams 2008-09-30 16:26:51 EDT
built in koji:  http://koji.fedoraproject.org/koji/taskinfo?taskID=853083

Note You need to log in before you can comment on or make changes to this bug.