Bug 991653 - Openconnect VPN cannot start in gnome3 f19
Openconnect VPN cannot start in gnome3 f19
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: NetworkManager-openconnect (Show other bugs)
19
x86_64 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: David Woodhouse
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-03 06:18 EDT by enrico
Modified: 2014-01-03 03:35 EST (History)
5 users (show)

See Also:
Fixed In Version: openconnect-5.02-1.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-03 03:31:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description enrico 2013-08-03 06:18:55 EDT
Description of problem:
OpenConnect VPN connection via NetworkManager fails with the following messages in /var/log/messages:

Aug  3 12:06:23 tweety NetworkManager[517]: <info> Starting VPN service 'openconnect'...
Aug  3 12:06:23 tweety NetworkManager[517]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 7895
Aug  3 12:06:23 tweety NetworkManager[517]: <info> VPN service 'openconnect' appeared; activating connections
Aug  3 12:06:36 tweety fprintd[7859]: ** Message: No devices in use, exit
Aug  3 12:06:37 tweety NetworkManager[517]: <info> VPN plugin state changed: starting (3)
Aug  3 12:06:37 tweety NetworkManager[517]: <info> VPN connection 'Mycompany Corp.' (Connect) reply received.
Aug  3 12:06:37 tweety NetworkManager[517]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring...
Aug  3 12:06:37 tweety openconnect[7909]: Attempting to connect to server ipaddressremoved:443
Aug  3 12:06:38 tweety openconnect[7909]: SSL negotiation with myaccess.mycompanyvpn.com
Aug  3 12:06:38 tweety openconnect[7909]: Connected to HTTPS on myaccess.mycompanyvpn.com
Aug  3 12:06:39 tweety openconnect[7909]: Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized
Aug  3 12:06:39 tweety avahi-daemon[473]: Withdrawing workstation service for vpn0.
Aug  3 12:06:39 tweety NetworkManager[517]: <warn> VPN plugin failed: 0
Aug  3 12:06:39 tweety NetworkManager[517]: <info> VPN plugin state changed: stopped (6)
Aug  3 12:06:39 tweety NetworkManager[517]: <info> VPN plugin state change reason: 10
Aug  3 12:06:39 tweety NetworkManager[517]: <info> Policy set 'wargames' (wlp2s0) as default for IPv4 routing and DNS.
Aug  3 12:06:39 tweety NetworkManager[517]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Aug  3 12:06:44 tweety NetworkManager[517]: <info> VPN service 'openconnect' disappeared
Aug  3 12:07:06 tweety /etc/gdm/Xsession[7048]: (process:7913): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed
Aug  3 12:07:11 tweety /etc/gdm/Xsession[7048]: Avviso del window manager: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x2e0007f (Mozilla Fi)
Aug  3 12:07:11 tweety /etc/gdm/Xsession[7048]: Avviso del window manager: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed.

Works fine on command line as root.


Version-Release number of selected component (if applicable):
openconnect-5.01-1.fc19.x86_64
gnome-desktop3-3.8.2-2.fc19.x86_64
NetworkManager-openconnect-0.9.7.0-2.git20120918.fc19.x86_64

How reproducible:
Define a new Openconnect VPN and try to start it in the graphical interface.

Steps to Reproduce:
1. define a simple openconnect connection via network manager applet
2. specify a vpn gateway
3. save it
4. tail -100f /var/log/messages in a shell as root
5. try to connect
6. see the above messages

Actual results:
VPN connection cannot start

Expected results:
VPN connection starts

Additional info:
Worked perfectly in f18.
Comment 1 sgs 2013-12-18 03:51:26 EST
We have the exact same problem, although another openconnect VPN works fine:

This happens with the failing one:

Dec 18 09:45:58 golem NetworkManager[924]: <info> VPN plugin state changed: starting (3)
Dec 18 09:45:58 golem NetworkManager[924]: <info> VPN connection 'TU-Berlin' (Connect) reply received.
Dec 18 09:45:58 golem NetworkManager[924]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring...
Dec 18 09:45:58 golem openconnect[1375]: Attempting to connect to server 130.149.5.50:443
Dec 18 09:45:58 golem openconnect[1375]: SSL negotiation with vpn.tu-berlin.de
Dec 18 09:45:58 golem openconnect[1375]: Connected to HTTPS on vpn.tu-berlin.de
Dec 18 09:45:58 golem openconnect[1375]: Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized
Dec 18 09:45:58 golem avahi-daemon[792]: Withdrawing workstation service for vpn0.
Dec 18 09:45:59 golem NetworkManager[924]: <warn> VPN plugin failed: 0
Dec 18 09:45:59 golem NetworkManager[924]: <info> VPN plugin state changed: stopped (6)
Dec 18 09:45:59 golem NetworkManager[924]: <info> VPN plugin state change reason: 10
Dec 18 09:45:59 golem NetworkManager[924]: <info> Policy set 'Auto Fuchsbau25' (wlp3s0) as default for IPv4 routing and DNS.
Dec 18 09:45:59 golem NetworkManager[924]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Dec 18 09:45:59 golem nm-applet[1629]: (nm-applet:1629): nm-applet-WARNING **: Failed to show notification: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.Notifications was not provided by any .service files
Dec 18 09:45:59 golem NetworkManager[924]:    keyfile: updating /etc/NetworkManager/system-connections/TU-Berlin
Dec 18 09:46:04 golem NetworkManager[924]: <info> VPN service 'openconnect' disappeared

Manual connection works:

λ ~/ sudo openconnect vpn.tu-berlin.de 
POST https://vpn.tu-berlin.de/
Attempting to connect to server 130.149.5.50:443
SSL negotiation with vpn.tu-berlin.de
Connected to HTTPS on vpn.tu-berlin.de
Got HTTP response: HTTP/1.0 302 Temporary moved
POST https://asa-03.vpn.tu-berlin.de/
Attempting to connect to server 130.149.5.53:443
SSL negotiation with asa-03.vpn.tu-berlin.de
Connected to HTTPS on asa-03.vpn.tu-berlin.de
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn.tu-berlin.de/
SSL negotiation with vpn.tu-berlin.de
Connected to HTTPS on vpn.tu-berlin.de
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn.tu-berlin.de/+webvpn+/index.html
SSL negotiation with vpn.tu-berlin.de
Connected to HTTPS on vpn.tu-berlin.de
Please enter your username and password.
Username:<USER>
Password:<PASSWORD>
POST https://vpn.tu-berlin.de/+webvpn+/index.html
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected tun0 as <IP>, using SSL
Established DTLS connection (using GnuTLS)

This one also works from NetworkManager, it obviously uses a different protocol (XML POST):

λ ~/ sudo openconnect vpn.fu-berlin.de 
POST https://vpn.fu-berlin.de/
Attempting to connect to server 160.45.252.2:443
SSL negotiation with vpn.fu-berlin.de
Connected to HTTPS on vpn.fu-berlin.de
XML POST enabled
Please enter your username and password.
Username:<USER>
Password:<PASSWORD>
POST https://vpn.fu-berlin.de/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected tun0 as <IP>, using SSL
Established DTLS connection (using GnuTLS)
Comment 2 Fedora Update System 2014-01-01 19:32:25 EST
openconnect-5.02-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/openconnect-5.02-1.fc19
Comment 3 Fedora Update System 2014-01-01 19:32:26 EST
openconnect-5.02-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openconnect-5.02-1.fc20
Comment 4 Fedora Update System 2014-01-03 03:31:02 EST
openconnect-5.02-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2014-01-03 03:35:10 EST
openconnect-5.02-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.