[Jammy] NetworkManager-openconnect 1.2.6 not compatible with openconnect 8.20
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager-openconnect |
Fix Released
|
Unknown
|
|||
Fedora |
Won't Fix
|
High
|
|||
network-manager-openconnect (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Jammy |
Won't Fix
|
Undecided
|
Unassigned | ||
openconnect (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
This bug only affects the specific combination of network-
openconnect 8.20 breaks compatibility with NetworkManager-
"As of openconnect 8.20, INTERNAL_
/0 and this causes network manager to fail with a bad IP configuration.
This happens because 0.0.0.0/0 is set as a split route, but rewritten to
be used as netmask instead.
If we detect this we force a /32 or /128 (IPv6) netmask prefix and avoid
setting the CONFIG_
This commit was reverted because the upstream devs intention is to always be backwards compatible. Later the feature was implemented again in another way.
So the best way forward for Jammy is to revert the openconnect commit.
Working on making an SRU from this...
[Impact]
Users with a common GlobalProtect serverside configuration will not be able to connect.
This is caused by an backwards incompatible change in openconnect between openconnect and network-
The debdiff fixes it by reverting this change.
[Test Plan]
A GlobalProtect server is needed to test it, so perhaps we can collect reports from affected users.
This follows upstream fixes only.
[Where problems could occur]
Other packages in the Ubuntu archive can depend on the feature, potentially causing regressions, or have other regressions due to the change. However, this is extremely unlikely as the feature was introduced in the Ubuntu archive on 21 February 2022, that is only 3 days before Debian Import Freeze for Ubuntu 22.04 (24 February 2022).
It is also possible that third-party software (outside of the Ubuntu archive) depends on the feature. However, the feature only affects GlobalProtect VPNs with the common server-side configuration mentioned above, where NetworkManager-
It is also possible that users have configured their systems in a way that depends on this feature. However, this is extremely unlikely.
Several users have commented on this bug that they can connect to GlobalProtect VPNs with this common server-side configuration using openconnect directly, and they are not relying on the feature. The only way that I see that a workaround could use the feature is to detect if the feature is present, to check if the workaround is needed.
[Other Info]
There is no Debian release with this combination of versions so we can't import the fix from there.
Changed in network-manager-openconnect: | |
status: | Unknown → Fix Released |
description: | updated |
description: | updated |
description: | updated |
Changed in openconnect (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in openconnect (Ubuntu): | |
status: | In Progress → New |
Changed in network-manager-openconnect (Ubuntu): | |
status: | Confirmed → Invalid |
status: | Invalid → Confirmed |
Changed in network-manager-openconnect (Ubuntu): | |
importance: | Undecided → High |
description: | updated |
description: | updated |
Changed in openconnect (Ubuntu Jammy): | |
status: | Incomplete → Confirmed |
Changed in openconnect (Ubuntu Jammy): | |
status: | Confirmed → In Progress |
Changed in network-manager-openconnect (Ubuntu Jammy): | |
status: | New → Confirmed |
Changed in fedora: | |
importance: | Unknown → High |
status: | Unknown → Won't Fix |
description: | updated |
Changed in openconnect (Ubuntu Jammy): | |
status: | Incomplete → Confirmed |
Changed in network-manager-openconnect (Ubuntu): | |
status: | Confirmed → Fix Released |
description: | updated |
Changed in openconnect (Ubuntu Jammy): | |
status: | Incomplete → Confirmed |
description: | updated |
Upstream has identified the bug and solved it in 1.2.9+:
https:/ /gitlab. gnome.org/ GNOME/NetworkMa nager-openconne ct/-/merge_ requests/ 31