Description of problem: Using a VPNC profile created with NetworkManager itself, NM cannot connect to the VPN. Version-Release number of selected component (if applicable): NetworkManager-0.8.1-1.fc13.x86_64 NetworkManager-vpnc-0.8.0-1.git20100411.fc13.x86_64 vpnc-0.5.3-7.fc13.x86_64 vpnc-consoleuser-0.5.3-7.fc13.x86_64 How reproducible: Every time I attempt to connect to VPN. Steps to Reproduce: 1. Create VPNC profile in NetworkManager 2. Click on NM icon in Notification Area and select appropriate VPN connection. Actual results: NM icon shows busy for several seconds. Then, error "bubble" pops up with this message: VPN Connection Failed. The VPN connection 'My VPN name' failed. Expected results: VPN connection to succeed. Additional info: 2.6.33.6-147.fc13.x86_64 #1 SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux I have SELinux Disabled. IP address and other network configs are manually (statically) set. Attempts at using commandline version of vpnc. The 5th attempt below works (i.e. sudo with --local-port 0). 1. Using vpnc-consoleuser: /usr/bin/vpnc ~/etc/vpnc/FooBar.conf Enter IPSec gateway address: 111.222.333.444 Enter IPSec ID for 111.222.333.444: FooBar Enter IPSec secret for FooBar.333.444: ******** Enter username for 111.222.333.444: myname Enter password for myname.333.444: /usr/sbin/vpnc: no response from target 2. Using vpnc directly: /usr/sbin/vpnc ~/etc/vpnc/FooBar.conf Enter password for myname.333.444: /usr/sbin/vpnc: Error binding to source port. Try '--local-port 0' Failed to bind to 0.0.0.0:500: Permission denied 3. Using vpnc specifying '--local-port 0' (i.e. random port): /usr/sbin/vpnc --local-port 0 ~/etc/vpnc/FooBar.conf Enter password for myname.333.444: /usr/sbin/vpnc: can't initialise tunnel interface: Operation not permitted 4. Using vpnc with sudo: sudo /usr/sbin/vpnc ~/etc/vpnc/FooBar.conf Enter password for myname.333.444: /usr/sbin/vpnc: no response from target 5. Using vpnc with sudo and '--local-port 0': sudo /usr/sbin/vpnc --local-port 0 ~/etc/vpnc/FooBar.conf Enter password for myname.333.444: VPNC started in background (pid: 1120)...
To clarify: The file FooBar.conf for VPNC contains the same info as the NM profile, except I stored the obfuscated IPSec secret in the .conf.
Snippet from /var/log/messages showing NetworkManager log: Jul 29 11:32:48 mymachine NetworkManager[1539]: <info> Starting VPN service 'org.freedesktop.NetworkManager.vpnc'... Jul 29 11:32:48 mymachine NetworkManager[1539]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 32544 Jul 29 11:32:48 mymachine NetworkManager[1539]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' appeared, activating connections Jul 29 11:32:48 mymachine NetworkManager[1539]: <info> VPN plugin state changed: 3 Jul 29 11:32:48 mymachine NetworkManager[1539]: <info> VPN connection 'FooBar' (Connect) reply received. Jul 29 11:32:48 mymachine kernel: tun0: Disabled Privacy Extensions Jul 29 11:33:03 mymachine NetworkManager[1539]: <warn> VPN plugin failed: 1 Jul 29 11:33:03 mymachine NetworkManager[1539]: <info> VPN plugin state changed: 6 Jul 29 11:33:03 mymachine NetworkManager[1539]: <info> VPN plugin state change reason: 0 Jul 29 11:33:03 mymachine NetworkManager[1539]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active. Jul 29 11:33:03 mymachine NetworkManager[1539]: <info> Policy set 'System eth0' (eth0) as default for IPv4 routing and DNS.
Made sure that the ipsec service was off, which it was. No change: connection still fails. And then, tried removing the openswan package. No change: connection still fails.
duplicate of bug #514071 ?
Yeah, it's duplicate of bug 514071. Why do you open new bug, David? It is definitely something sitting on port 500 as indicated by > /usr/sbin/vpnc ~/etc/vpnc/FooBar.conf > Enter password for myname.333.444: > /usr/sbin/vpnc: Error binding to source port. Try '--local-port 0' > Failed to bind to 0.0.0.0:500: Permission denied Please check once more that the port is free. I fixed the issue in bug 514071.
*** This bug has been marked as a duplicate of bug 514071 ***