Ubuntu
network-manager-openvpn package

Openvpn: Connection succesful only when using TAP device

Bug #610361 reported by Gionn
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
NetworkManager-OpenVPN
Fix Released
Medium
network-manager-openvpn (Ubuntu)
Fix Released
Medium
Unassigned
Maverick
Won't Fix
Medium
Unassigned

Bug Description

Binary package hint: network-manager-openvpn

SRU JUSTIFICATION:

This bug was fixed upstream in the attached upstream bug report and NetworkManager packages already closely follow the upstream GIT tree.

This appears to be a pretty recurrent theme (also noticeable in bug 655124) with a small, low-impact fix.

TEST CASE:

To reproduce the bug easily, one can connect to an OpenVPN-based VPN server with default settings; they should notice a form of race condition where openvpn itself applies IP address information to a TUN device whereas NetworkManager should be doing it itself (which it tries to do unsuccessfully after openvpn has already done the update).

Regression potential is low but crippling: if this patch causes a regression it will not allow a VPN connection to pass traffic since no IP will be set on the interface (because openvpn won't have set it, and the failure scenario would be for NM to not set the IP either)

----

Jul 27 10:06:06 antani-ubu NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Jul 27 10:06:06 antani-ubu NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 4825
Jul 27 10:06:06 antani-ubu NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Jul 27 10:06:06 antani-ubu NetworkManager: <info> VPN plugin state changed: 3
Jul 27 10:06:06 antani-ubu NetworkManager: <info> VPN connection 'vpn' (Connect) reply received.
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: LZO compression initialized
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: UDPv4 link local: [undef]
Jul 27 10:06:06 antani-ubu nm-openvpn[4831]: UDPv4 link remote: [AF_INET]ip:1194
Jul 27 10:06:07 antani-ubu nm-openvpn[4831]: WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
Jul 27 10:06:07 antani-ubu nm-openvpn[4831]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
Jul 27 10:06:07 antani-ubu nm-openvpn[4831]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Jul 27 10:06:07 antani-ubu nm-openvpn[4831]: [127.0.0.1] Peer Connection Initiated with [AF_INET]ip:1194
Jul 27 10:06:09 antani-ubu nm-openvpn[4831]: WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You a
re using something (255.255.240.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Jul 27 10:06:09 antani-ubu nm-openvpn[4831]: TUN/TAP device tun0 opened
Jul 27 10:06:09 antani-ubu nm-openvpn[4831]: /sbin/ifconfig tun0 192.168.14.8 pointopoint 255.255.240.0 mtu 1500
Jul 27 10:06:09 antani-ubu NetworkManager: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Jul 27 10:06:09 antani-ubu NetworkManager: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Jul 27 10:06:09 antani-ubu kernel: [ 2364.489445] tun0: Disabled Privacy Extensions
Jul 27 10:06:09 antani-ubu nm-openvpn[4831]: Linux ifconfig failed: external program exited with error status: 1
Jul 27 10:06:09 antani-ubu nm-openvpn[4831]: Exiting
Jul 27 10:06:09 antani-ubu NetworkManager: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)
Jul 27 10:06:09 antani-ubu NetworkManager: <info> VPN plugin failed: 1
Jul 27 10:06:09 antani-ubu NetworkManager: <info> VPN plugin state changed: 6
Jul 27 10:06:09 antani-ubu NetworkManager: <info> VPN plugin state change reason: 0
Jul 27 10:06:09 antani-ubu NetworkManager: <WARN> connection_state_changed(): Could not process the request because no VPN connection was active.
Jul 27 10:06:09 antani-ubu NetworkManager: <info> Policy set 'Auto eth0' (eth0) as default for routing and DNS.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: network-manager-openvpn-gnome 0.8-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-24.38-generic-pae 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic-pae i686
NonfreeKernelModules: wl nvidia
Architecture: i386
Date: Tue Jul 27 10:06:48 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
 LANG=it_IT.utf8
 SHELL=/bin/bash
SourcePackage: network-manager-openvpn

See original description
Revision history for this message
Gionn (giovanni.toraldo) wrote :
Revision history for this message
Frederik Möllers (fredfredfred) wrote :

I can confirm this bug, it has also been reported to the NetworkManager bugtracker:
https://bugzilla.gnome.org/show_bug.cgi?id=629807

The problem seems to be that NetworkManager and/or OpenVPN are unable to set up a tun interface with a subnet topology. The only working alternatives are a tun interface with a point-to-point topology and a tap device with a subnet topology. However, if the VPN configuration only allows a tun interface with a subnet topology, the network is unusable for NM users.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

This should be fixable with this commit: http://git.gnome.org/browse/network-manager-openvpn/commit/?h=NM_0_8&id=bfe5c793262837f3561a3cfbd9355bf00dd75793; not quite sure if it's really the same thing for Lucid, but I'll prepare packages for both Lucid and Maverick.

Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Mathieu Trudel (mathieu-tl)
Mathieu Trudel-Lapierre (cyphermox)
description: updated
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Frederick, can you test the packages I have uploaded here: http://people.ubuntu.com/~mathieu-tl/lp610361/

They are for maverick, though, so let me know if you need them to be rebuilt for Lucid.

Revision history for this message
Frederik Möllers (fredfredfred) wrote :

Sorry for taking so long, I didn't notice the activity here, since my e-mail notification rarely works.
I've installed the packages and can confirm that the VPN is now working correctly, thanks a lot!
There are still some error messages in /var/log/daemon.log:

nm-openvpn[5709]: WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.128) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
or
nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.

But in the end everything is working. I get a connection and I can use it to connect elsewhere. So I guess the errors are mostly irrelevant for me.

Thanks again for creating the packages!

Bug Watch Updater (bug-watch-updater)
Changed in network-manager-openvpn:
importance: Unknown → Medium
status: Unknown → Fix Released
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Frederick, cna you please confirm that you applied these packages on Maverick? I need to know for sure which release to have the package ready for SRU.

Revision history for this message
Frederik Möllers (fredfredfred) wrote :

I applied the packages on Maverick at a date before my last post here (beginning of december 2010).

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: testcase
Mathieu Trudel-Lapierre (cyphermox)
Changed in network-manager-openvpn (Ubuntu Maverick):
status: New → Confirmed
importance: Undecided → Medium
Changed in network-manager-openvpn (Ubuntu):
assignee: Mathieu Trudel-Lapierre (mathieu-tl) → nobody
status: Confirmed → Fix Released
Revision history for this message
Rolf Leggewie (r0lf) wrote :

maverick has seen the end of its life and is no longer receiving any updates. Marking the maverick task for this ticket as "Won't Fix".

Changed in network-manager-openvpn (Ubuntu Maverick):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.