Ubuntu
network-manager-openvpn package

The VPN connection 'xxx' failed because of invalid VPN secrets

Bug #738849 reported by mhnd
44
This bug affects 10 people
Affects Status Importance Assigned to Milestone
network-manager-openvpn (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: network-manager-openvpn

when i try to connect to vpn service from NM-gui it's give error invalid VPN secrets and itry to connect fron CLI and give error : script failed: could not execute external program

the log from cli :
Sun Mar 20 21:27:50 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Mar 20 21:27:50 2011 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Mar 20 21:27:50 2011 LZO compression initialized
Sun Mar 20 21:27:50 2011 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Mar 20 21:27:51 2011 Data Channel MTU parms [ L:1578 D:1450 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Mar 20 21:27:51 2011 Fragmentation MTU parms [ L:1578 D:1300 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Sun Mar 20 21:27:51 2011 Local Options hash (VER=V4): '9a22532e'
Sun Mar 20 21:27:51 2011 Expected Remote Options hash (VER=V4): 'e2a912d8'
Sun Mar 20 21:27:51 2011 Socket Buffers: R=[112640->131072] S=[112640->131072]
Sun Mar 20 21:27:51 2011 UDPv4 link local: [undef]
Sun Mar 20 21:27:51 2011 UDPv4 link remote: [AF_INET]184.82.170.130:1194
Sun Mar 20 21:27:52 2011 TLS: Initial packet from [AF_INET]184.82.170.130:1194, sid=23f4fed1 e3d9c2d1
Sun Mar 20 21:27:58 2011 VERIFY OK: depth=1, /C=US/ST=CA/<email address hidden>
Sun Mar 20 21:27:58 2011 VERIFY OK: nsCertType=SERVER
Sun Mar 20 21:27:58 2011 VERIFY OK: depth=0, /C=<email address hidden>
Sun Mar 20 21:28:06 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 20 21:28:06 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 20 21:28:06 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 20 21:28:06 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 20 21:28:06 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar 20 21:28:06 2011 [server] Peer Connection Initiated with [AF_INET]184.82.170.130:1194
Sun Mar 20 21:28:08 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Mar 20 21:28:09 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.10.10.0 255.255.255.0 vpn_gateway,show-net-up,route-gateway 10.10.10.1,ping 10,ping-restart 60,ifconfig 10.10.10.3 255.255.255.0'
Sun Mar 20 21:28:09 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: show-net-up (2.1.0)
Sun Mar 20 21:28:09 2011 OPTIONS IMPORT: timers and/or timeouts modified
Sun Mar 20 21:28:09 2011 OPTIONS IMPORT: --ifconfig/up options modified
Sun Mar 20 21:28:09 2011 OPTIONS IMPORT: route options modified
Sun Mar 20 21:28:09 2011 OPTIONS IMPORT: route-related options modified
Sun Mar 20 21:28:09 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Mar 20 21:28:09 2011 ROUTE default_gateway=192.168.0.1
Sun Mar 20 21:28:09 2011 TUN/TAP device tap0 opened
Sun Mar 20 21:28:09 2011 TUN/TAP TX queue length set to 100
Sun Mar 20 21:28:09 2011 /sbin/ifconfig tap0 10.10.10.3 netmask 255.255.255.0 mtu 1500 broadcast 10.10.10.255
Sun Mar 20 21:28:09 2011 /etc/openvpn/change_resolv_conf.sh up tap0 1500 1578 10.10.10.3 255.255.255.0 init
sh: /etc/openvpn/change_resolv_conf.sh: not found
Sun Mar 20 21:28:09 2011 script failed: could not execute external program
Sun Mar 20 21:28:09 2011 Exiting

from gui :
Mar 20 21:31:30 Lucid NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Mar 20 21:31:30 Lucid NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 1981
Mar 20 21:31:30 Lucid NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Mar 20 21:31:30 Lucid NetworkManager: <info> VPN plugin state changed: 1
Mar 20 21:31:30 Lucid NetworkManager: <info> VPN plugin state changed: 3
Mar 20 21:31:30 Lucid NetworkManager: <info> VPN connection '01 - ibVPN US1' (Connect) reply received.
Mar 20 21:31:30 Lucid nm-openvpn[1986]: OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Mar 20 21:31:31 Lucid nm-openvpn[1986]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mar 20 21:31:31 Lucid nm-openvpn[1986]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 20 21:31:31 Lucid nm-openvpn[1986]: LZO compression initialized
Mar 20 21:31:31 Lucid nm-openvpn[1986]: UDPv4 link local: [undef]
Mar 20 21:31:31 Lucid nm-openvpn[1986]: UDPv4 link remote: [AF_INET]204.152.214.234:1194
Mar 20 21:31:49 Lucid nm-openvpn[1986]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1578'
Mar 20 21:31:49 Lucid nm-openvpn[1986]: WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Mar 20 21:31:49 Lucid nm-openvpn[1986]: [server] Peer Connection Initiated with [AF_INET]204.152.214.234:1194
Mar 20 21:31:51 Lucid nm-openvpn[1986]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: show-net-up (2.1.0)
Mar 20 21:31:51 Lucid nm-openvpn[1986]: TUN/TAP device tap0 opened
Mar 20 21:31:51 Lucid nm-openvpn[1986]: /sbin/ifconfig tap0 10.10.10.2 netmask 255.255.255.0 mtu 1500 broadcast 10.10.10.255
Mar 20 21:31:51 Lucid NetworkManager: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
Mar 20 21:31:51 Lucid NetworkManager: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found.
Mar 20 21:31:51 Lucid NetworkManager: <WARN> device_creator(): /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
Mar 20 21:31:51 Lucid modem-manager: (net/tap0): could not get port's parent device
Mar 20 21:31:51 Lucid avahi-daemon[943]: Joining mDNS multicast group on interface tap0.IPv4 with address 10.10.10.2.
Mar 20 21:31:51 Lucid avahi-daemon[943]: New relevant interface tap0.IPv4 for mDNS.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Registering new address record for 10.10.10.2 on tap0.IPv4.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Withdrawing address record for 10.10.10.2 on tap0.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Leaving mDNS multicast group on interface tap0.IPv4 with address 10.10.10.2.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Interface tap0.IPv4 no longer relevant for mDNS.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Joining mDNS multicast group on interface tap0.IPv4 with address 10.10.10.2.
Mar 20 21:31:51 Lucid avahi-daemon[943]: New relevant interface tap0.IPv4 for mDNS.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Registering new address record for 10.10.10.2 on tap0.IPv4.
Mar 20 21:31:51 Lucid nm-openvpn[1986]: /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper tap0 1500 1574 10.10.10.2 255.255.255.0 init
Mar 20 21:31:51 Lucid NetworkManager: <info> VPN connection '01 - ibVPN US1' (IP Config Get) reply received.
Mar 20 21:31:51 Lucid NetworkManager: <info> VPN Gateway: 204.152.214.234
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal Gateway: 10.10.10.1
Mar 20 21:31:51 Lucid NetworkManager: <info> Tunnel Device: tap0
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal IP4 Address: 10.10.10.2
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal IP4 Prefix: 24
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal IP4 Point-to-Point Address: 0.0.0.0
Mar 20 21:31:51 Lucid NetworkManager: <info> Maximum Segment Size (MSS): 0
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal IP4 DNS: 204.152.204.10
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal IP4 DNS: 204.152.204.100
Mar 20 21:31:51 Lucid NetworkManager: <info> DNS Domain: '(none)'
Mar 20 21:31:51 Lucid NetworkManager: <info> Login Banner:
Mar 20 21:31:51 Lucid NetworkManager: <info> -----------------------------------------
Mar 20 21:31:51 Lucid NetworkManager: <info> (null)
Mar 20 21:31:51 Lucid NetworkManager: <info> -----------------------------------------
Mar 20 21:31:51 Lucid nm-openvpn[1986]: Initialization Sequence Completed
Mar 20 21:31:52 Lucid NetworkManager: <info> VPN connection '01 - ibVPN US1' (IP Config Get) complete.
Mar 20 21:31:52 Lucid NetworkManager: <info> Policy set '01 - ibVPN US1' (tap0) as default for routing and DNS.
Mar 20 21:31:52 Lucid NetworkManager: <info> VPN plugin state changed: 4
Mar 20 21:31:52 Lucid nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.
Mar 20 21:31:52 Lucid avahi-daemon[943]: Registering new address record for fe80::3c75:faff:fef9:92d3 on tap0.*.
Mar 20 21:32:01 Lucid nm-openvpn[1986]: Bad LZO decompression header byte: 0
Mar 20 21:32:01 Lucid kernel: [ 1774.872010] tap0: no IPv6 routers present
Mar 20 21:32:12 Lucid nm-openvpn[1986]: Bad LZO decompression header byte: 0
Mar 20 21:32:52 Lucid nm-openvpn[1986]: last message repeated 3 times
Mar 20 21:32:52 Lucid nm-openvpn[1986]: [server] Inactivity timeout (--ping-restart), restarting
Mar 20 21:32:52 Lucid nm-openvpn[1986]: SIGUSR1[soft,ping-restart] received, process restarting
Mar 20 21:32:54 Lucid nm-openvpn[1986]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mar 20 21:32:54 Lucid nm-openvpn[1986]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 20 21:32:54 Lucid nm-openvpn[1986]: Re-using SSL/TLS context
Mar 20 21:32:54 Lucid nm-openvpn[1986]: LZO compression initialized
Mar 20 21:32:54 Lucid nm-openvpn[1986]: UDPv4 link local: [undef]
Mar 20 21:32:54 Lucid nm-openvpn[1986]: UDPv4 link remote: [AF_INET]204.152.214.234:1194
Mar 20 21:33:00 Lucid nm-openvpn[1986]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1578'
Mar 20 21:33:00 Lucid nm-openvpn[1986]: WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Mar 20 21:33:00 Lucid nm-openvpn[1986]: [server] Peer Connection Initiated with [AF_INET]204.152.214.234:1194
Mar 20 21:33:03 Lucid nm-openvpn[1986]: AUTH: Received AUTH_FAILED control message
Mar 20 21:33:03 Lucid nm-openvpn[1986]: /sbin/ifconfig tap0 0.0.0.0
Mar 20 21:33:03 Lucid NetworkManager: <info> VPN plugin failed: 0
Mar 20 21:33:03 Lucid NetworkManager: <info> VPN plugin state changed: 6
Mar 20 21:33:03 Lucid NetworkManager: <info> VPN plugin state change reason: 10
Mar 20 21:33:03 Lucid NetworkManager: <WARN> connection_state_changed(): Could not process the request because no VPN connection was active.
Mar 20 21:33:03 Lucid avahi-daemon[943]: Interface tap0.IPv4 no longer relevant for mDNS.
Mar 20 21:33:03 Lucid avahi-daemon[943]: Leaving mDNS multicast group on interface tap0.IPv4 with address 10.10.10.2.
Mar 20 21:33:03 Lucid avahi-daemon[943]: Withdrawing address record for fe80::3c75:faff:fef9:92d3 on tap0.
Mar 20 21:33:03 Lucid avahi-daemon[943]: Withdrawing address record for 10.10.10.2 on tap0.
Mar 20 21:33:03 Lucid nm-openvpn[1986]: SIGTERM[soft,auth-failure] received, process exiting
Mar 20 21:33:04 Lucid NetworkManager: <info> Policy set 'Auto eth0' (eth0) as default for routing and DNS.
Mar 20 21:33:04 Lucid NetworkManager: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tap0, iface: tap0)
Mar 20 21:33:04 Lucid nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.
Mar 20 21:33:17 Lucid NetworkManager: <debug> [1300645997.001810] ensure_killed(): waiting for vpn service pid 1981 to exit
Mar 20 21:33:17 Lucid NetworkManager: <debug> [1300645997.001903] ensure_killed(): vpn service pid 1981 cleaned up

i use debian squeeze also it's work just fine but in lucid no luck even when add policy at_console in dbus_1/system.d/nm-openvpn.conf no luck
ubuntu 10.04 LTS

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: network-manager-openvpn 0.8-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-30.59-generic 2.6.32.29+drm33.13
Uname: Linux 2.6.32-30-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Sun Mar 20 21:23:09 2011
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: network-manager-openvpn

Revision history for this message
mhnd (me8-mis) wrote :
Revision history for this message
mhnd (me8-mis) wrote :

i tried many way to make it work but it doesn't work
if you want me to try any command just tell me
thanks

Revision history for this message
mhnd (me8-mis) wrote :

still no luck is can someone anyone respond please

Revision history for this message
Matthias Niess (mniess) wrote :

Try this:
Edit the file /etc/dbus-1/system.d/nm-openvpn-service.conf and ass a policy for user="at_console" with the same contents as user="root". See the attachment for details.

Launchpad Janitor (janitor)
Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
Revision history for this message
Greg Knapp (virtual-greg) wrote :

I had this issue and it turned out my RSA SecureID token was slightly out of sync with the RSA server. Apparently this can happen if you don't VPN in for a while (months?).

When starting vpnc via the command line I was prompted for a password and passcode. The passcode is the next code to appear on your RSA SecureID token. This should re-sync the server with your token again.

Then try establishing a connection again, like me it might work for you. I described the issue here as well:

http://forums.linuxmint.com/viewtopic.php?f=157&t=80319#p887986

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.