Openvpn: Connection succesful only when using TAP device
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NetworkManager-OpenVPN |
Fix Released
|
Medium
|
|||
network-manager-openvpn (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Binary package hint: network-
SRU JUSTIFICATION:
This bug was fixed upstream in the attached upstream bug report and NetworkManager packages already closely follow the upstream GIT tree.
This appears to be a pretty recurrent theme (also noticeable in bug 655124) with a small, low-impact fix.
TEST CASE:
To reproduce the bug easily, one can connect to an OpenVPN-based VPN server with default settings; they should notice a form of race condition where openvpn itself applies IP address information to a TUN device whereas NetworkManager should be doing it itself (which it tries to do unsuccessfully after openvpn has already done the update).
Regression potential is low but crippling: if this patch causes a regression it will not allow a VPN connection to pass traffic since no IP will be set on the interface (because openvpn won't have set it, and the failure scenario would be for NM to not set the IP either)
----
Jul 27 10:06:06 antani-ubu NetworkManager: <info> Starting VPN service 'org.freedeskto
Jul 27 10:06:06 antani-ubu NetworkManager: <info> VPN service 'org.freedeskto
Jul 27 10:06:06 antani-ubu NetworkManager: <info> VPN service 'org.freedeskto
Jul 27 10:06:06 antani-ubu NetworkManager: <info> VPN plugin state changed: 3
Jul 27 10:06:06 antani-ubu NetworkManager: <info> VPN connection 'vpn' (Connect) reply received.
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: WARNING: No server certificate verification method has been enabled. See http://
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: LZO compression initialized
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: UDPv4 link local: [undef]
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: UDPv4 link remote: [AF_INET]ip:1194
Jul 27 10:06:07 antani-ubu nm-openvpn[4831]: WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
Jul 27 10:06:07 antani-ubu nm-openvpn[4831]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
Jul 27 10:06:07 antani-ubu nm-openvpn[4831]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Jul 27 10:06:07 antani-ubu nm-openvpn[4831]: [127.0.0.1] Peer Connection Initiated with [AF_INET]ip:1194
Jul 27 10:06:09 antani-ubu nm-openvpn[4831]: WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You a
re using something (255.255.240.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Jul 27 10:06:09 antani-ubu nm-openvpn[4831]: TUN/TAP device tun0 opened
Jul 27 10:06:09 antani-ubu nm-openvpn[4831]: /sbin/ifconfig tun0 192.168.14.8 pointopoint 255.255.240.0 mtu 1500
Jul 27 10:06:09 antani-ubu NetworkManager: SCPlugin-Ifupdown: devices added (path: /sys/devices/
Jul 27 10:06:09 antani-ubu NetworkManager: SCPlugin-Ifupdown: device added (path: /sys/devices/
Jul 27 10:06:09 antani-ubu kernel: [ 2364.489445] tun0: Disabled Privacy Extensions
Jul 27 10:06:09 antani-ubu nm-openvpn[4831]: Linux ifconfig failed: external program exited with error status: 1
Jul 27 10:06:09 antani-ubu nm-openvpn[4831]: Exiting
Jul 27 10:06:09 antani-ubu NetworkManager: SCPlugin-Ifupdown: devices removed (path: /sys/devices/
Jul 27 10:06:09 antani-ubu NetworkManager: <info> VPN plugin failed: 1
Jul 27 10:06:09 antani-ubu NetworkManager: <info> VPN plugin state changed: 6
Jul 27 10:06:09 antani-ubu NetworkManager: <info> VPN plugin state change reason: 0
Jul 27 10:06:09 antani-ubu NetworkManager: <WARN> connection_
Jul 27 10:06:09 antani-ubu NetworkManager: <info> Policy set 'Auto eth0' (eth0) as default for routing and DNS.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: network-
ProcVersionSign
Uname: Linux 2.6.32-
NonfreeKernelMo
Architecture: i386
Date: Tue Jul 27 10:06:48 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
LANG=it_IT.utf8
SHELL=/bin/bash
SourcePackage: network-
description: | updated |
Changed in network-manager-openvpn: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
tags: | added: testcase |
Changed in network-manager-openvpn (Ubuntu Maverick): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in network-manager-openvpn (Ubuntu): | |
assignee: | Mathieu Trudel-Lapierre (mathieu-tl) → nobody |
status: | Confirmed → Fix Released |
I can confirm this bug, it has also been reported to the NetworkManager bugtracker: /bugzilla. gnome.org/ show_bug. cgi?id= 629807
https:/
The problem seems to be that NetworkManager and/or OpenVPN are unable to set up a tun interface with a subnet topology. The only working alternatives are a tun interface with a point-to-point topology and a tap device with a subnet topology. However, if the VPN configuration only allows a tun interface with a subnet topology, the network is unusable for NM users.