2016-05-06 20:23:14 |
Pat McGowan |
bug |
|
|
added bug |
2016-05-09 15:15:10 |
Jim Hodapp |
bug |
|
|
added subscriber Jim Hodapp |
2016-05-09 16:02:55 |
Tony Espy |
summary |
VPN not working with NM 1.2 |
OpenVPN not working with NM 1.2 |
|
2016-05-09 16:17:06 |
Tony Espy |
description |
Restore the VPN functionality |
OpenVPN can be enabled, however when using to connect to the Canonical VPN, it fails.
This is a result of a failure to re-configure the device’s IP addresses and routing table as shown in the following extract from the device’s ( mako ) syslog:
14:32 vpn-connection[0x192f168,975b1a22-a63d-482c-beb7-5d7b5a64ca06,"<hostaname obfuscated>",28:(tun0)]: VPN plugin: state changed: started (4)
14:32 do-add-ip6-address[28: xxxx:xxx:xxxx:xxxx::xxx:425b]: failure 22 (Invalid argument)
14:32 do-add-ip6-route[28: xxxx:xx:xxxx::/44 50]: failure 113 (No route to host)
14:32 do-add-ip6-route[28: xxxx:xxx:xxxx::/47 50]: failure 113 (No route to host)
14:32 do-add-ip6-route[28: xxxx:xxx:xxxx::/47 50]: failure 113 (No route to host)
14:32 do-add-ip6-route[28: xxxx:xxx:xxxx::/48 50]: failure 113 (No route to host)
14:32 do-add-ip4-address[22: 192.168.1.18/24]: failure 17 (File exists)
14:32 do-add-ip4-route[22: xx.xxx.xx.xx/32 600]: failure 3 (No such process)
14:32 do-add-ip4-route[22: 0.0.0.0/0 600]: failure 3 (No such process)
14:32 default-route: failed to add default route 0.0.0.0/0 via 192.168.1.1 dev 22 metric 600 mss 0 src user with effective metric 600
14:32 do-add-ip6-address[22: xxxx::xxxx:xxxx:xxxx:xxxx]: failure 22 (Invalid argument)
14:32 vpn-connection[0x192f168,975b1a22-a63d-482c-beb7-5d7b5a64ca06,"<hostname obfuscated>",28:(tun0)]: VPN connection: (IP Config Get) complete
So, and add IPv6 IP address operation fails with EINVAL, and this causes a cascade of IPv6 route addition failures.
Next, and add IPv4 IP address operation fails with EEXISTS, and this also causes subsequent routing failures.
Finally, another add IPv6 address operation fails with EINVAL.
The first problem, the IPv6 EINVAL failure seems to be caused by the newer netlink logic in NM 1.2 including the peer_address instead of the base address in an IFA_ADDRESS attribute. Changing this code to use address causes the failures to disappear.
The second problem, the IPv5 EEXISTS failure looks like it was handled explicitly in the NM 0.9.10x code-base ( ie. if a netlink operation was nak'd due to EEXISTS, it was treated as SUCCESS ), but not in NM 1.2. The logic is in NM1.2 is a bit more involved, but I was able to patch the code to handle EEXISTS, and the IPv5 operations now succeed.
With this second patch in place, I'm to enable the Canonical VPN, the address and routing failures no longer occur, and I'm now able to access DNS and the internal network.
Note, there's a version (1.2.0-0ubuntu1~vivid1~awe5) of NM1.2 final in my PPA with the fixes mentioned applied:
https://launchpad.net/~awe/+archive/ubuntu/ppa/+packages
I now need to backport the fixes to the version of NM in the overlay PPA ( 1.1.93-0ubuntu1~vivid1 ). I also need to review the patches with upstream. |
|
2016-05-09 16:17:40 |
Tony Espy |
bug task added |
|
network-manager (Ubuntu RTM) |
|
2016-05-09 16:17:46 |
Tony Espy |
network-manager (Ubuntu RTM): status |
New |
Confirmed |
|
2016-05-09 16:17:49 |
Tony Espy |
network-manager (Ubuntu RTM): assignee |
|
Tony Espy (awe) |
|
2016-05-09 16:17:52 |
Tony Espy |
network-manager (Ubuntu RTM): importance |
Undecided |
Critical |
|
2016-05-09 19:43:30 |
Pat McGowan |
canonical-devices-system-image: status |
Confirmed |
In Progress |
|
2016-05-09 23:25:33 |
Tony Espy |
branch linked |
|
lp:~awe/network-manager/lp1579222-fix-openvpn |
|
2016-05-09 23:25:40 |
Tony Espy |
network-manager (Ubuntu RTM): status |
Confirmed |
In Progress |
|
2016-05-10 11:20:39 |
Launchpad Janitor |
branch linked |
|
lp:~phablet-team/indicator-network/wait-for-hotspot-ready-lp1579222 |
|
2016-05-11 11:04:17 |
Pete Woods |
branch unlinked |
lp:~phablet-team/indicator-network/wait-for-hotspot-ready-lp1579222 |
|
|
2016-05-12 12:43:27 |
Jean-Baptiste Lallement |
canonical-devices-system-image: status |
In Progress |
Fix Committed |
|
2016-05-12 18:08:58 |
Tony Espy |
network-manager (Ubuntu RTM): status |
In Progress |
Fix Released |
|
2016-06-02 12:12:46 |
Pat McGowan |
canonical-devices-system-image: status |
Fix Committed |
Fix Released |
|