Bug 497992 - [PATCH] Importing pcf file does not work
[PATCH] Importing pcf file does not work
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: NetworkManager-vpnc (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-28 06:35 EDT by Taunus
Modified: 2010-01-29 14:40 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 498503 (view as bug list)
Environment:
Last Closed: 2010-01-29 14:40:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Importing pcf file error (17.10 KB, image/png)
2009-04-28 06:35 EDT, Taunus
no flags Details
pcf file (613 bytes, text/plain)
2009-04-29 08:11 EDT, Taunus
no flags Details
Accept files with missing description (2.25 KB, text/plain)
2009-04-30 15:15 EDT, Lubomir Rintel
no flags Details

  None (edit)
Description Taunus 2009-04-28 06:35:20 EDT
Created attachment 341551 [details]
Importing pcf file error

Description of problem:
Importing pcf file does not work

Version-Release number of selected component (if applicable):
NetworkManager-vpnc-0.7.0.99-1

How reproducible:
Import pcf file

Steps to Reproduce:
1. Import pcf file with networkmanager
2.
3.
  
Actual results:
Failed import

Expected results:
Successful import

Additional info:
The file name in the attachment is not correct. The file name seems to change randomly.
Comment 1 Huzaifa S. Sidhpurwala 2009-04-28 06:41:23 EDT
can you attach the pcf file you are trying to import?
Comment 2 Taunus 2009-04-29 08:11:04 EDT
Created attachment 341747 [details]
pcf file

Pcf file is attached.
Comment 3 Lubomir Rintel 2009-04-30 08:22:02 EDT
Need Real Name (heck, is this really your name? ;),

There are really two problems here:

1.) NetworkManager-vpnc does not like your file because it lacks Description=

Did you generate the file with some software or created by hand? Do you know whether other VPNC clients accept this file?

Please add some Description= there and let me know if it helps.

2.) The file name is obviously garbled.
I could not reproduce this.

Do you use any other NetworkManager plugins? I'd be very thankful if you could launch nm-connection-editor and attached output of the following commands:

This will list which shared objects are in use by the connection editor:
cat /proc/$(/sbin/pidof nm-connection-editor)/maps

And this will list exactly which versions of packages are in use:
cat /proc/$(/sbin/pidof nm-connection-editor)/maps |awk '{print $6}' |xargs rpm -qf |sort |uniq

Thanks in advance!
Comment 4 Lubomir Rintel 2009-04-30 15:15:44 EDT
Created attachment 341982 [details]
Accept files with missing description

(In reply to comment #3)
> Did you generate the file with some software or created by hand? Do you know
> whether other VPNC clients accept this file?

I'm still interested in answer for this, I think I sorted the rest out. I'd prefer if Dan had a look before I commit though.

> 2.) The file name is obviously garbled.

This was filed as separate issue (bug #497992) and it can't be fixed in EPEL (it is a NetworkManager issue).

dcbw: Does the patch make sense to you, should I commit? (the previous build didn't leave testing yet, patch was tested)
Comment 5 Taunus 2009-05-04 04:54:30 EDT
The pcf file may have been created automatically but it has been modified by hand afterwards.
Comment 6 Taunus 2009-05-04 04:56:35 EDT
The pcf file may have been created automatically but it has been modified by
hand afterwards.
Comment 7 Lubomir Rintel 2009-05-04 13:35:11 EDT
Fixed in revision 1:0.7.0.99-1.4 in EPEL.
Handing the open bug to Dan to track fixing in Fedora Rawhide.
Comment 8 Dan Williams 2009-05-04 13:41:17 EDT
1fb3ebbef18b621733b3dea00ff72d114fad80fc (master)
4e04bfb4877f23ec14ac298a9ff7a63f1e7eaa5d (0.7)

Thanks!
Comment 9 Taunus 2009-05-05 03:13:14 EDT
Where can I find this new package?
Comment 11 Taunus 2009-05-05 03:43:28 EDT
Yes, the importing works except the encrypted group password does not get imported. In pcf file "enc_GroupPwd=somethingencrypted"
Comment 12 Lubomir Rintel 2009-05-05 04:23:32 EDT
(In reply to comment #11)
> Yes, the importing works except the encrypted group password does not get
> imported. In pcf file "enc_GroupPwd=somethingencrypted"  

I'd prefer if you opened separate reports for separate bugs. enc_GroupPwd works for me, tested with (which decrypts to "world"):

enc_GroupPwd=A7AB1FF21C8A1488A319FA5BA302D9644D04D2346D47097B3441FF44C0B55D4C1BD59983ED15E7E478BEE2B42DE9D709

Is your enc_GroupPwd similar to that? (Same length, similar characters, etc.)
Comment 13 Taunus 2009-05-06 02:55:45 EDT
I tried with your enc_GroupPwd, it does not get imported either. If I put something to the cleartext grouppwd it gets imported. Mine enc_GroupPwd should be ok, I've tested it with other tools.

Just for the reference. There has been similar problems with Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/network-manager-vpnc/+bug/283635

If that is any help...
Comment 14 Taunus 2009-05-19 02:06:32 EDT
Does anybody have the time to look at this?
Comment 15 Lubomir Rintel 2009-05-19 03:17:08 EDT
(In reply to comment #14)
> Does anybody have the time to look at this?  

I would love to, I just can not reproduce. Are you able to reproduce the problem with the PCF file you initially attached with enc_GroupPwd set as follows?

enc_GroupPwd=A7AB1FF21C8A1488A319FA5BA302D9644D04D2346D47097B3441FF44C0B55D4C1BD59983ED15E7E478BEE2B42DE9D709

If yes, it would be awesome if you could attach list of packages you have installed (output of rpm -qa) and your architecture.

And, please open a separate bug for this issue, so that it doesn't mix with the Description handling and garbled file name issues which were fixed.
Comment 16 Bug Zapper 2009-06-09 10:42:03 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 17 Joachim Frieben 2009-06-11 13:00:32 EDT
With the new default setting "Use this connection only for resources on its network" in "IPv4 settings > Routes...", I can connect to an internal network via VPN but I cannot access resources on the latter. I am treated like a foreign system for which access is blocked. Output of 'route' (192.168.2.1 is the IP of an AP at home) then reads

 [liveuser@localhost ~]$ route
 Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
 pix-outside.ccc 192.168.2.1     255.255.255.255 UGH   0      0        0 wlan0
 192.168.2.0     *               255.255.255.0   U     2      0        0 wlan0
 172.17.1.0      *               255.255.255.0   U     0      0        0 tun0
 default         192.168.2.1     0.0.0.0         UG    0      0        0 wlan0

Removing the corresponding checkmark and reconnecting restores full access to internal resources. Now, output of 'route' reads

 [liveuser@localhost ~]$ route
 Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
 pix-outside.ccc 192.168.2.1     255.255.255.255 UGH   0      0        0 wlan0
 192.168.2.0     *               255.255.255.0   U     2      0        0 wlan0
 172.17.1.0      *               255.255.255.0   U     0      0        0 tun0
 default         *               0.0.0.0         U     0      0        0 tun0

For final F10, VPN connection worked out of the box after importing the PCF file provided by the accessed site. For a fully updated F10, I have to uncheck "Use this connection only for resources on its network" in order to obtain access via VPN.
Comment 18 Taunus 2009-07-02 04:22:32 EDT
I mean on RHEL 5.3 importing enc_GroupPwd does not work. Did you try to reproduce it with RHEL 5.3 or Fedora?
Comment 19 Joachim Frieben 2009-07-02 04:51:05 EDT
VPN works again correctly for me after removing the checkmark from option "Use this connection only for resources on its network" under "IPv4 Settings / Routes...". I suppose this means that the entire network traffic is handled through the VPN channel now but that's still better than not being able to use it.
Comment 20 Huzaifa S. Sidhpurwala 2009-12-28 01:20:47 EST
@Taunus,
This bug was opened against Fedora and not RHEL.
Are you talking about the EPEL  version of NM-vpnc?


Importing encrypted group passwords worked for me on a RHEL 5.3 machine with NetworkManager-vpnc-0.7.0.99-1
Comment 21 Taunus 2010-01-28 07:37:22 EST
Yes, the epel version of NM-vpnc on RHEL 5. For some reason it does not work for me.
Comment 22 Taunus 2010-01-29 08:12:47 EST
To be more specific: it works otherwise well but not importing the enc group pw
Comment 23 Dan Williams 2010-01-29 14:37:35 EST
Importing the encrypted group password depends on the cisco-decrypt tool that's provided with the vpnc package.  Is that tool present?  Can you provide the output of 'rpm -ql vpnc' for me?
Comment 24 Dan Williams 2010-01-29 14:40:37 EST
In any case, fedora packages have been long updated with this fix (0.7.2 packages in F11 will have the fix); if there's a problem with encrypted group passwords in the EPEL packages, let's clone this bug (see the "Clone this bug" link near the bottom of the page) and set the distribution to RHEL5.

Note You need to log in before you can comment on or make changes to this bug.