Bug 845599 - Cannot connect to Cisco VPN using NM-openswan plugin
Cannot connect to Cisco VPN using NM-openswan plugin
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager-openswan (Show other bugs)
7.0
All Linux
high Severity high
: rc
: ---
Assigned To: Avesh Agarwal
Desktop QE
:
Depends On: 865883
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-03 10:32 EDT by Jiri Koten
Modified: 2013-11-02 13:43 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-02 13:43:25 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
[PATCH] NM patch correcting the behaviour when no tun device is used (8.17 KB, patch)
2012-12-13 13:25 EST, Jirka Klimes
no flags Details | Diff
[PATCH] NM-openswan plugin patch indicating no tun is used (1.56 KB, patch)
2012-12-13 13:26 EST, Jirka Klimes
no flags Details | Diff

  None (edit)
Description Jiri Koten 2012-08-03 10:32:37 EDT
Description of problem:
Cannot connect to Cisco VPN with NetworkManager-openswan. Using openswan directly works as expected.

Version-Release number of selected component (if applicable):
NetworkManager-openswan-0.9.3.995-2.git20120302.el7
NetworkManager-0.9.4-3.git20120403.el7
openswan-2.6.37-3.el7

How reproducible:
100%

Steps to Reproduce:
1. Create a VPN profile to connect to a Cisco VPN endpoint
2. Attempt to connect
  
Actual results:
nothing happens, connection fails, but there is no notification why.

Expected results:
connection is established.

Additional info:
Proposing as a blocker since openswan is only VPN solution provided by Networkmanager.
Comment 4 Jirka Klimes 2012-12-13 13:18:53 EST
openswan does not use tun interface, so ip_iface and ip_ifindex are not valid.

Aug  3 16:07:04 dhcp-29-57 NetworkManager[1067]: nm_system_iface_set_up: assertion `ifindex > 0' failed
Aug  3 16:07:04 dhcp-29-57 NetworkManager[1067]: nm_system_apply_ip4_config: assertion `ifindex > 0' failed
Aug  3 16:07:04 dhcp-29-57 NetworkManager[1067]: <warn> VPN connection 'RH' did not receive valid IP config information.

The assertions are fixed by:
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=383a397a92621cdc299be561674fd3ad8b8304e5

However, we need to make some changes in both NM and the NM-openswan plugin in order to make openswan work again. See attached patches.
Comment 5 Jirka Klimes 2012-12-13 13:25:12 EST
Created attachment 663111 [details]
[PATCH] NM patch correcting the behaviour when no tun device is used

This patch allows VPN connections not to use tun device.
Comment 6 Jirka Klimes 2012-12-13 13:26:59 EST
Created attachment 663112 [details]
[PATCH] NM-openswan plugin patch indicating no tun is used

This patch makes NM-openswan tell NM that tun device is not used.
Comment 7 Avesh Agarwal 2012-12-13 14:45:59 EST
(In reply to comment #6)
> Created attachment 663112 [details]
> [PATCH] NM-openswan plugin patch indicating no tun is used
> 
> This patch makes NM-openswan tell NM that tun device is not used.

I can add this patch to NM-openswan, but on RHEL6 it works without this patch. Thats why I created bug 865883 as it is a regression.
Comment 8 Avesh Agarwal 2012-12-13 15:45:37 EST
I have committed the NM-openswan patch into f19/f18 and rhel7 and new builds have been created.
Comment 9 Paul Wouters 2013-05-17 23:31:50 EDT
This bug should probably be closed with CURRENT_RELEASE?

Note You need to log in before you can comment on or make changes to this bug.