Description of problem: Network manager fails to establish an L2tp/IPsec PSK client connection. The log contains avc: denied messages. Version-Release number of selected component (if applicable): NetworkManager.x86_64 1:0.9.8.0-1.fc18 NetworkManager-l2tp.x86_64 0.9.6-2.fc18 selinux-policy.noarch 3.11.1-86.fc18 selinux-policy-targeted.noarch 3.11.1-86.fc18 How reproducible: always Steps to Reproduce: 1. Use regular NetworkManager GUI to create an l2tp client connection. On VPN tab, click "IPsec Settings..." button, check "Enable IPsec tunnel to L2TP host" box, enter pre-shared key. 2. Save the connection. 3. Start the connection. Actual results: NetworkManager fails with the following in /var/log/messages: Mar 22 18:37:33 mysystem NetworkManager[672]: <info> Starting VPN service 'l2tp'... Mar 22 18:37:33 mysystem NetworkManager[672]: <info> VPN service 'l2tp' started (org.freedesktop.NetworkManager.l2tp), PID 1564 Mar 22 18:37:33 mysystem NetworkManager[672]: <info> VPN service 'l2tp' appeared; activating connections Mar 22 18:37:33 mysystem NetworkManager[672]: <info> VPN plugin state changed: starting (3) Mar 22 18:37:33 mysystem kernel: [ 552.972740] type=1400 audit(1363963053.616:4): avc: denied { name_bind } for pid=1564 comm="nm-l2tp-service" src=1701 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:l2tp_port_t:s0 tclass=udp_socket Mar 22 18:37:33 mysystem kernel: [ 553.034018] type=1400 audit(1363963053.678:5): avc: denied { rename } for pid=1564 comm="nm-l2tp-service" name="ipsec.secrets" dev="dm-1" ino=394807 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:ipsec_key_file_t:s0 tclass=file Mar 22 18:37:33 mysystem NetworkManager[672]: <info> VPN connection 'test l2tp' (Connect) reply received. Mar 22 18:37:33 mysystem NetworkManager[672]: <warn> VPN connection 'test l2tp' failed to connect: 'Cannot save /etc/ipsec.secrets'. Mar 22 18:37:33 mysystem NetworkManager[672]: <info> Policy set 'eth1' (em1) as default for IPv4 routing and DNS. Mar 22 18:37:33 mysystem NetworkManager[672]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active. Mar 22 18:37:38 mysystem NetworkManager[672]: <info> VPN service 'l2tp' disappeared Expected results: Either VPN connection is being established, or Network Manager complains about some client settings. Additional info: Nothing is written to audit.log, "ausearch -m avc" yields nothing. There is a similar-looking issue opened for Fedora 17, though I'm not sure if these are the same or not: https://bugzilla.redhat.com/show_bug.cgi?id=887674
I think is the same. Anyway I haven't any SELinux and IPSec experience to fix this. Feel to free provide a patch to resolve this issue. I will forward this issue to upstream. But in previous time he couldn't to help. *** This bug has been marked as a duplicate of bug 887674 ***