Description of problem: Since I installed F19, OpenVPN frequently disconnects. I have never had any issues with OpenVPN when using F18, so I assume something bad happened to NM. Version-Release number of selected component (if applicable): $ rpm -q NetworkManager-openvpn NetworkManager-openvpn-0.9.6.0-2.fc19.x86_64 How reproducible: Always Steps to Reproduce: 1. Connect to OpenVPN 2. journalctl: kvě 31 08:57:56 unused-4-195.brq.redhat.com nm-openvpn[13599]: Initialization Sequence Completed 3. journalctl: kvě 31 10:18:18 unused-4-195.brq.redhat.com nm-openvpn[13599]: [ovpn-ams2.redhat.com] Inactivity timeout (--ping-exit), exiting kvě 31 10:18:18 unused-4-195.brq.redhat.com avahi-daemon[642]: Withdrawing workstation service for tun0. kvě 31 10:18:18 unused-4-195.brq.redhat.com nm-openvpn[13599]: SIGTERM[soft,ping-exit] received, process exiting kvě 31 10:18:25 unused-4-195.brq.redhat.com NetworkManager[783]: <info> VPN service 'openvpn' disappeared Actual results: OpenVPN is frequently disconnecting. Expected results: OpenVPN is stalbe as it used to be on F18 Additional info:
There's an update for NM-openvpn plugin: NetworkManager-openvpn-0.9.8.2-2.fc19 I'm not sure what/if something changed in regard to the issue. But the update works for me without disconnects. I'm now connected for more than 10 hours.
Still an issue :/ $ rpm -q NetworkManager-openvpn NetworkManager-openvpn-0.9.8.2-3.fc19.x86_64 In 1 hour after connection, I can find this log entries: srp 23 10:16:02 localhost nm-openvpn[2162]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1417' srp 23 10:16:02 localhost nm-openvpn[2162]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1360' and in another 20 minutes the connection drops: srp 23 10:36:36 localhost nm-openvpn[2162]: [ovpn-ams2.redhat.com] Inactivity timeout (--ping-exit), exiting srp 23 10:36:36 localhost avahi-daemon[670]: Withdrawing workstation service for tun0. srp 23 10:36:36 localhost nm-openvpn[2162]: SIGTERM[soft,ping-exit] received, process exiting srp 23 10:36:36 localhost NetworkManager[757]: <info> VPN plugin state changed: stopped (6) srp 23 10:36:36 localhost NetworkManager[757]: <info> VPN plugin state change reason: 0 srp 23 10:36:36 localhost avahi-daemon[670]: Withdrawing address record for 192.168.0.112 on wlp3s0. srp 23 10:36:36 localhost avahi-daemon[670]: Leaving mDNS multicast group on interface wlp3s0.IPv4 with address 192.168.0.112. srp 23 10:36:36 localhost avahi-daemon[670]: Interface wlp3s0.IPv4 no longer relevant for mDNS. srp 23 10:36:36 localhost avahi-daemon[670]: Joining mDNS multicast group on interface wlp3s0.IPv4 with address 192.168.0.112. srp 23 10:36:36 localhost avahi-daemon[670]: New relevant interface wlp3s0.IPv4 for mDNS. srp 23 10:36:36 localhost avahi-daemon[670]: Registering new address record for 192.168.0.112 on wlp3s0.IPv4. srp 23 10:36:37 localhost NetworkManager[757]: <info> Policy set 'VitaLinksysE4200' (wlp3s0) as default for IPv4 routing and DNS. srp 23 10:36:38 localhost dbus-daemon[671]: dbus[671]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.se srp 23 10:36:38 localhost dbus-daemon[671]: dbus[671]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.nm-dispatcher.service': Unit dbus-org.freedesktop.n srp 23 10:36:38 localhost dbus[671]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' srp 23 10:36:38 localhost dbus[671]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.nm-dispatcher.service': Unit dbus-org.freedesktop.nm-dispatcher.servi srp 23 10:36:38 localhost NetworkManager[757]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active. srp 23 10:36:38 localhost NetworkManager[757]: <warn> (4) failed to find interface name for index srp 23 10:36:38 localhost NetworkManager[757]: nm_system_iface_flush_routes: assertion `iface != NULL' failed srp 23 10:36:38 localhost NetworkManager[757]: <warn> (4) failed to find interface name for index srp 23 10:36:38 localhost NetworkManager[757]: <warn> Dispatcher failed: (32) Unit dbus-org.freedesktop.nm-dispatcher.service failed to load: No such file or directory. See sys srp 23 10:36:43 localhost NetworkManager[757]: <info> VPN service 'openvpn' disappeared
The same issue on F20: $ rpm -q NetworkManager-openvpn NetworkManager-openvpn-0.9.8.2-3.fc20.x86_64
Do you know what the remote server configuration is? Does the remote server have an inactivity timeout setting enable that causes the remote side to disconnect if the client doesn't pass traffic for a while?
I resolved this issue by setting "Use custom renegotiation interval" to zero. I really don't understand, why this is not set by default? Why anybody would like to reconnect and why is this behaving so strange after the default one hour timeout. Could you please change the default? Thanks.
We can default this to zero in the client to disable *client* renegotiation requests, but note that since openvpn does not really negotiate values between client and server (and instead expects the values to just magically match) the server can have a completely different renegotiation interval. That said, using a default value of 0 for the client will stop this gotcha, at least for those of us that use two-factor authentication.
NetworkManager-openvpn-1.0.0-2.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/NetworkManager-openvpn-1.0.0-2.fc21
NetworkManager-openvpn-1.0.0-3.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/NetworkManager-openvpn-1.0.0-3.fc22
Package NetworkManager-openvpn-1.0.0-2.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing NetworkManager-openvpn-1.0.0-2.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-5847/NetworkManager-openvpn-1.0.0-2.fc21 then log in and leave karma (feedback).
NetworkManager-openvpn-1.0.0-3.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/NetworkManager-openvpn-1.0.0-3.el7
NetworkManager-openvpn-1.0.0-4.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/NetworkManager-openvpn-1.0.0-4.el7
The fix causes issues if using preshared key auth: nm-openvpn[22134]: Options error: Parameter renegotiate_seconds can only be specified in TLS-mode, i.e. where --tls-server o r --tls-client is also specified. When I set the interval to 3600 it works.
NetworkManager-openvpn-1.0.0-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This message is a reminder that Fedora 20 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 20. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '20'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 20 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
NetworkManager-fortisslvpn-1.0.8-1.el7 NetworkManager-vpnc-1.0.8-1.el7 NetworkManager-openvpn-1.0.8-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-2919d6d7d9
NetworkManager-openvpn-1.0.0-4.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
NetworkManager-fortisslvpn-1.0.8-1.el7, NetworkManager-openvpn-1.0.8-1.el7, NetworkManager-vpnc-1.0.8-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'yum --enablerepo=epel-testing update NetworkManager-openvpn NetworkManager-vpnc NetworkManager-fortisslvpn' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-2919d6d7d9
NetworkManager-openvpn-1.0.8-1.el7 NetworkManager-vpnc-1.0.8-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-2919d6d7d9
NetworkManager-openvpn-1.0.8-1.el7, NetworkManager-vpnc-1.0.8-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'yum --enablerepo=epel-testing update NetworkManager-openvpn NetworkManager-vpnc' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-2919d6d7d9
NetworkManager-openvpn-1.0.8-1.el7, NetworkManager-vpnc-1.0.8-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.