Description of problem: Cannot use NetworkManager to connect to Cisco VPN as of 27th July 2009. Last successful connection via NM was on 23rd July 2009. Version-Release number of selected component (if applicable): NetworkManager-0.7.1-8.git20090708.fc11.i586 NetworkManager-glib-0.7.1-8.git20090708.fc11.i586 NetworkManager-gnome-0.7.1-8.git20090708.fc11.i586 How reproducible: All the time. Steps to Reproduce: 1. Existing VPN configuration imported from PCF file, about 7 months ago 2. Activate VPN via NM tray icon, and enter password Actual results: NM fails to authenticate with the VPN Expected results: Creation of tun0 device, and establishment of VPN Additional info: I tried to reimport my PCF file into NM, but NM rejected it as invalid. However, the pcf2vpnc perl script had no problem using it to create a default.conf file, and vpnc used this file to create a successful VPN despite NM's protestations.
Created attachment 355318 [details] A sanitised version of my PCF file Here is what pcf2vpnc makes of my sanitised file (key notwithstanding): ## generated by pcf2vpnc IPSec ID groupname IPSec gateway 0.0.0.0 IPSec secret yadaydayadayadayada Xauth username myusername IKE Authmode psk IKE DH Group dh2
Reverting to these packages fixes the problem (for now): NetworkManager-gnome-0.7.1-4.git20090414.fc11.i586 NetworkManager-glib-0.7.1-4.git20090414.fc11.i586 NetworkManager-0.7.1-4.git20090414.fc11.i586
Note that even 0.7.1-4.git20090414.fc11.i586 cannot parse my perfectly valid PCF file.
(In reply to comment #3) > Note that even 0.7.1-4.git20090414.fc11.i586 cannot parse my perfectly valid > PCF file. I have discovered that this PCF file is rejected only because the Description property is blank. The help message was absolutely *no use whatsoever* in diagnosing this.
(In reply to comment #4) > (In reply to comment #3) > > Note that even 0.7.1-4.git20090414.fc11.i586 cannot parse my perfectly valid > > PCF file. > > I have discovered that this PCF file is rejected only because the Description > property is blank. The help message was absolutely *no use whatsoever* in > diagnosing this. This should be fixed in rawhide and will be fixed soon in F11/F10.
If this is still happening, try running nm-vpnc-service from a terminal (as root) with: /usr/libexec/nm-vpnc-service and then try to connection. This will redirect vpnc's output to the terminal where we can get more information about the error. Thanks!
I am having similar problems. What's weird is that I have colleagues who connect to the same VPN using Fedora Core 11 with no issues. Anyway, to summarize: 1. Setup Cisco VPN connection but NM cannot connect. 2. Run /usr/libexec/nm-vpn-service from terminal (using sudo), and here's the output while the connection attempt was made: ** Message: <info> vpnc started with pid 18985 /usr/sbin/vpnc: no response from target ** (process:18974): WARNING **: <WARN> vpnc_watch_cb(): vpnc exited with error code 1 3. Ran vpnc on from terminal with a config file that was converted with pcf2vpnc. (All attempts are with iptables off.): ## generated by pcf2vpnc IPSec ID MyNiceVPN IPSec gateway 11.22.33.45 IPSec secret BigSecret3 Xauth username myname IKE Authmode psk IKE DH Group dh2 a) First try: myself> sudo vpnc $HOME/mynicevpn.vpnc Enter password for myname.33.45: vpnc: no response from target b) Second try, specifying local-port: myself> sudo vpnc --local-port 0 $HOME/mynicevpn.vpnc Enter password for myname.33.45: VPNC started in background (pid: 20061)... So, knowing that, I added the line "Local Port 0" in the .vpnc file.
(In reply to comment #6) > If this is still happening, try running nm-vpnc-service from a terminal (as > root) with: It is no longer happening for me, and I have no idea what might have changed to get things working again.
Local Port "0" should be the default already if local port isn't sepecified in the config. NM-vpnc doesn't send Local Port so I'd expect that to work. I've committed some code upstream to turn on vpnc debugging manually which should show up soon in F12's NM-vpnc which we can use to try to help debug this.
David, this link: https://admin.fedoraproject.org/updates/F11/FEDORA-2009-13032 has the NetworkManager-vpnc with updated debugging support. To help diagnose your issue, do the following, as root: 1) killall -TERM nm-vpnc-service 2) VPNC_DEBUG=1 /usr/libexec/nm-vpnc-service 3) try to connect and get the problem to appear then attach the output of nm-vpnc-service with the debug info to this bug. I do not believe it will expose any passwords, but feel free to set the "Private" flag on the attachment just to be safe. Thanks!
This message is a reminder that Fedora 11 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 11. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '11'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 11's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 11 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Closing due to lack of response. Please re-open if you grab the info I've requested. Thanks!
Re-opening. I'm seeing this with Fedora 13 right after upgrading from Fedora 12 where it worked perfectly. NetworkManager-0.8.1-4.git20100817.fc13.x86_64 NetworkManager-vpnc-0.8.1-1.fc13.x86_64 vpnc-0.5.3-7.fc13.x86_64 fedora-release-13-1.noarch DEBUG OUTPUT: *** VPNC_DEBUG=1 /usr/libexec/nm-vpnc-service ** Message: <info> vpnc started with pid 4438 vpnc version 0.5.3 hex_test: 00010203 S1 init_sockaddr [2010-08-30 09:25:48] S2 make_socket [2010-08-30 09:25:48] /usr/sbin/vpnc: Error binding to source port. Try '--local-port 0' Failed to bind to 0.0.0.0:500: Address already in use ** (process:4435): WARNING **: <WARN> vpnc_watch_cb(): vpnc exited with error code 1 *** (tested starting vpnc manually with --local-port 0 and it works)
The error is due to problem in binding the local port 500. The port 500 is used by vpnc client as default ISAKMP port. However, some other process has already bound the port. Probably, you have 'openswan' package installed for managing IPsec. The package installs 'ipsec' service that runs 'pluto' daemon to perform key exchange for IPsec and it binds UDP port 500. To release the port stop/disable ipsec service: sudo service ipsec stop (temporarily stops the service) sudo chkconfig --level 35 ipsec off (permanently disables the service) Or you can just remove openswan if you don't use it.
Jirka, thank you for the solution, it was ipsec service hanging on the port. I think there's a need to add some permanent solution to this also. Is the port configurable for NetworkManager-vpnc? I didn't find anything in the docs. If we change the default port from 500 to some upper port we shouldn't have this problem anymore.
(In reply to comment #14) > The error is due to problem in binding the local port 500. The port 500 is used > by vpnc client as default ISAKMP port. > > However, some other process has already bound the port. Probably, you have > 'openswan' package installed for managing IPsec. The package installs 'ipsec' > service that runs 'pluto' daemon to perform key exchange for IPsec and it binds > UDP port 500. > > To release the port stop/disable ipsec service: > sudo service ipsec stop (temporarily stops the service) > sudo chkconfig --level 35 ipsec off (permanently disables the service) > > Or you can just remove openswan if you don't use it. I am now running Fedora 13, and opened [Bug 619469]. Anyway, my ipsec service is off. According to netstat, port 500 is free. But the VPNC client in NetworkManager still cannot connect. I can do it from the commandline: sudo /usr/sbin/vpnc --local-port 0 ~/etc/vpnc/myvpn.conf
vpnc actually uses local port 500 by default. So, without configuring vpnc tries to bind port 500 and fails when it was bound before. I fixed that by sending 'Local Port 0' configuration to vpnc. Upstream fix: fcb196788634db66b30245f346812070604ff0ef (master)
*** Bug 619469 has been marked as a duplicate of this bug. ***
This message is a reminder that Fedora 13 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '13'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 13's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 13 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 13 changed to end-of-life (EOL) status on 2011-06-25. Fedora 13 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.
I am using Fedora 28 -- I tried Fedora 26, 27-- and I get the same stupid error: vpnc: no response from target I have done all the previous steps and nothing but in Ubuntu it works! -- I want to continue with Fedora, what happens with vpnc ? May 13 09:48:51 soporte.fedora.local NetworkManager[1248]: /usr/sbin/vpnc: no response from target May 13 09:48:51 soporte.fedora.local NetworkManager[1248]: <warn> [1526222931.9124] vpn-connection[0x5615a3e8a360,a41791d3-9d90-44c2-8272-ae98735010be,"SIC",0]: VPN plugin: failed: connect-failed (1) May 13 09:48:51 soporte.fedora.local NetworkManager[1248]: <warn> [1526222931.9126] vpn-connection[0x5615a3e8a360,a41791d3-9d90-44c2-8272-ae98735010be,"SIC",0]: VPN plugin: failed: connect-failed (1) May 13 09:48:51 soporte.fedora.local NetworkManager[1248]: <info> [1526222931.9126] vpn-connection[0x5615a3e8a360,a41791d3-9d90-44c2-8272-ae98735010be,"SIC",0]: VPN plugin: state changed: stopping (5) Someone has fixed exactly ?