Ubuntu
network-manager package

vpn connection handshake times out too soon

Bug #420411 reported by salva
94
This bug affects 17 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: network-manager-openvpn

NetworkManager only waits 40 seconds for the VPN to come up. This is too short when using a slow connection as for instance a 64kbps GPRS connection.

Calling openvpn manually also timeouts sometimes with the default timeout (60s?), but I am able to override it using the "connect-timeout" option in the configuration file and solve the problem.

ProblemType: Bug
Architecture: i386
Date: Fri Aug 28 10:55:21 2009
DistroRelease: Ubuntu 9.10
Package: network-manager-openvpn 0.7.1-0ubuntu2
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-7.27-generic
SourcePackage: network-manager-openvpn
Uname: Linux 2.6.31-7-generic i686

Revision history for this message
salva (sfandino) wrote :
Revision history for this message
salva (sfandino) wrote :

log:

Aug 28 11:00:30 melon NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Aug 28 11:00:30 melon NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 6578
Aug 28 11:00:30 melon NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Aug 28 11:00:31 melon NetworkManager: <info> VPN plugin state changed: 3
Aug 28 11:00:31 melon NetworkManager: <info> VPN connection 'Qindel VPN' (Connect) reply received.
Aug 28 11:00:31 melon nm-openvpn[6582]: OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jul 27 2009
Aug 28 11:00:31 melon nm-openvpn[6582]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Aug 28 11:00:31 melon nm-openvpn[6582]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 28 11:00:31 melon nm-openvpn[6582]: /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Aug 28 11:00:31 melon nm-openvpn[6582]: LZO compression initialized
Aug 28 11:00:31 melon nm-openvpn[6582]: Attempting to establish TCP connection with 80.26.83.26:1194 [nonblock]
Aug 28 11:00:33 melon nm-openvpn[6582]: TCP connection established with 80.26.83.26:1194
Aug 28 11:00:33 melon nm-openvpn[6582]: TCPv4_CLIENT link local: [undef]
Aug 28 11:00:33 melon nm-openvpn[6582]: TCPv4_CLIENT link remote: 80.26.83.26:1194
Aug 28 11:01:11 melon NetworkManager: <info> VPN connection 'Qindel VPN' (IP Config Get) timeout exceeded.
Aug 28 11:01:11 melon nm-openvpn[6582]: SIGTERM[hard,] received, process exiting
Aug 28 11:01:11 melon NetworkManager: <info> (ppp0): writing resolv.conf to /sbin/resolvconf
Aug 28 11:01:11 melon NetworkManager: <info> Policy set 'Movistar' (ppp0) as default for routing and DNS.
Aug 28 11:01:23 melon NetworkManager: <debug> [1251450083.002094] ensure_killed(): waiting for vpn service pid 6578 to exit
Aug 28 11:01:23 melon NetworkManager: <debug> [1251450083.002335] ensure_killed(): vpn service pid 6578 cleaned up

Revision history for this message
Johanna Hofinger (j-hofinger) wrote :

Hello,

Where did you increase the timeout? I would like to try an increase, as well. Tnx in advance,

Johanna

Revision history for this message
salva (sfandino) wrote :

I was unable to change NetworkManager timeout and had to switch to using openvpn from the command line where you can set the timeout using the "connect-timeout" entry on the config file.

Revision history for this message
RachaelB (8-launchpad-rlb-me) wrote :

Hi

I have no problem auto-connecting to a vpn services using openvpn on the command line - or autostarting openvpn at boot. But if I try to connect via network-manager then connection (apparently) "times out". This never happened on karmic.

Revision history for this message
analogue (analogue-yahoo) wrote :

Please add an option on the network manager open vpn configuration dialog to specify the 'connect-timeout'. The default is not sufficiently large enough for those of us vpn'ing over low bandwidth / high latency mobile networks.

Revision history for this message
Barni (bpe2004) wrote :

Similar issue connecting to Witopia VPN from China. Used to work but since about a month network manager fails in the majority of the attempts with a timeout. Openvpn from the command line just works fine. Seems a slightly longer response from the VPN make network manager unable to connect.

Launchpad Janitor (janitor)
Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
Revision history for this message
Fionn (fbe) wrote :

Being able to set the timeout is becoming increasingly important as more and more people start using nettops / mobile internet solutions which may run on GPRS or EDGE speed at any given time.

On my laptop, using NM to esablish an openVPN connection is almost only possible with an UMTS quality link. Anything slower migth or might not work, depending on your luck and other automated tasks that start as soon as NM flags a valid network connection (Dont try to do vpn while evolution is already syncing your mail via the unencrypted line, automatically...)

Using a GRPS link, openvpn via network-manager is currently completely impossible.

Revision history for this message
Sam Hanes (elemecca) wrote :

This is not an issue in network-manager-openvpn but rather in network-manager itself. It expects any VPN plugin to start IP configuration within 40 seconds of being launched. For reasons unknown that value is hardcoded.

I've created a patch that increases the timeout to 500 seconds and a PPA for it:
https://launchpad.net/~elemecca/+archive/ubuntu/nm-vpn

Currently it only covers Trusty, but I can add other series on request.

affects: network-manager-openvpn (Ubuntu) → network-manager (Ubuntu)
Revision history for this message
Franck (alci) wrote :

I just did send a message on NM list to raise this issue: https://mail.gnome.org/archives/networkmanager-list/2015-April/msg00007.html

Revision history for this message
dwmw2 (dwmw2) wrote :

This appears to still be broken in 16.04.

Revision history for this message
Delany (delany) wrote :

@elemecca could you patch for jammy jelly? Im not sure its the same package. I have to make an l2tp/ipsec connection.
https://github.com/nm-l2tp/NetworkManager-l2tp

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.