Ubuntu
network-manager-openvpn package

The VPN connection 'xxx' failed because of invalid VPN secrets

Bug #738849 reported by mhnd on 2011-03-20
40
This bug affects 9 people
Affects Status Importance Assigned to Milestone
network-manager-openvpn (Ubuntu)
Confirmed
Undecided
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

Binary package hint: network-manager-openvpn

when i try to connect to vpn service from NM-gui it's give error invalid VPN secrets and itry to connect fron CLI and give error : script failed: could not execute external program

the log from cli :
Sun Mar 20 21:27:50 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Mar 20 21:27:50 2011 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Mar 20 21:27:50 2011 LZO compression initialized
Sun Mar 20 21:27:50 2011 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Mar 20 21:27:51 2011 Data Channel MTU parms [ L:1578 D:1450 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Mar 20 21:27:51 2011 Fragmentation MTU parms [ L:1578 D:1300 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Sun Mar 20 21:27:51 2011 Local Options hash (VER=V4): '9a22532e'
Sun Mar 20 21:27:51 2011 Expected Remote Options hash (VER=V4): 'e2a912d8'
Sun Mar 20 21:27:51 2011 Socket Buffers: R=[112640->131072] S=[112640->131072]
Sun Mar 20 21:27:51 2011 UDPv4 link local: [undef]
Sun Mar 20 21:27:51 2011 UDPv4 link remote: [AF_INET]184.82.170.130:1194
Sun Mar 20 21:27:52 2011 TLS: Initial packet from [AF_INET]184.82.170.130:1194, sid=23f4fed1 e3d9c2d1
Sun Mar 20 21:27:58 2011 VERIFY OK: depth=1, /C=US/ST=CA/<email address hidden>
Sun Mar 20 21:27:58 2011 VERIFY OK: nsCertType=SERVER
Sun Mar 20 21:27:58 2011 VERIFY OK: depth=0, /C=<email address hidden>
Sun Mar 20 21:28:06 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 20 21:28:06 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 20 21:28:06 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 20 21:28:06 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 20 21:28:06 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar 20 21:28:06 2011 [server] Peer Connection Initiated with [AF_INET]184.82.170.130:1194
Sun Mar 20 21:28:08 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Mar 20 21:28:09 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.10.10.0 255.255.255.0 vpn_gateway,show-net-up,route-gateway 10.10.10.1,ping 10,ping-restart 60,ifconfig 10.10.10.3 255.255.255.0'
Sun Mar 20 21:28:09 2011 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: show-net-up (2.1.0)
Sun Mar 20 21:28:09 2011 OPTIONS IMPORT: timers and/or timeouts modified
Sun Mar 20 21:28:09 2011 OPTIONS IMPORT: --ifconfig/up options modified
Sun Mar 20 21:28:09 2011 OPTIONS IMPORT: route options modified
Sun Mar 20 21:28:09 2011 OPTIONS IMPORT: route-related options modified
Sun Mar 20 21:28:09 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Mar 20 21:28:09 2011 ROUTE default_gateway=192.168.0.1
Sun Mar 20 21:28:09 2011 TUN/TAP device tap0 opened
Sun Mar 20 21:28:09 2011 TUN/TAP TX queue length set to 100
Sun Mar 20 21:28:09 2011 /sbin/ifconfig tap0 10.10.10.3 netmask 255.255.255.0 mtu 1500 broadcast 10.10.10.255
Sun Mar 20 21:28:09 2011 /etc/openvpn/change_resolv_conf.sh up tap0 1500 1578 10.10.10.3 255.255.255.0 init
sh: /etc/openvpn/change_resolv_conf.sh: not found
Sun Mar 20 21:28:09 2011 script failed: could not execute external program
Sun Mar 20 21:28:09 2011 Exiting

from gui :
Mar 20 21:31:30 Lucid NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Mar 20 21:31:30 Lucid NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 1981
Mar 20 21:31:30 Lucid NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Mar 20 21:31:30 Lucid NetworkManager: <info> VPN plugin state changed: 1
Mar 20 21:31:30 Lucid NetworkManager: <info> VPN plugin state changed: 3
Mar 20 21:31:30 Lucid NetworkManager: <info> VPN connection '01 - ibVPN US1' (Connect) reply received.
Mar 20 21:31:30 Lucid nm-openvpn[1986]: OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Mar 20 21:31:31 Lucid nm-openvpn[1986]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mar 20 21:31:31 Lucid nm-openvpn[1986]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 20 21:31:31 Lucid nm-openvpn[1986]: LZO compression initialized
Mar 20 21:31:31 Lucid nm-openvpn[1986]: UDPv4 link local: [undef]
Mar 20 21:31:31 Lucid nm-openvpn[1986]: UDPv4 link remote: [AF_INET]204.152.214.234:1194
Mar 20 21:31:49 Lucid nm-openvpn[1986]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1578'
Mar 20 21:31:49 Lucid nm-openvpn[1986]: WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Mar 20 21:31:49 Lucid nm-openvpn[1986]: [server] Peer Connection Initiated with [AF_INET]204.152.214.234:1194
Mar 20 21:31:51 Lucid nm-openvpn[1986]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: show-net-up (2.1.0)
Mar 20 21:31:51 Lucid nm-openvpn[1986]: TUN/TAP device tap0 opened
Mar 20 21:31:51 Lucid nm-openvpn[1986]: /sbin/ifconfig tap0 10.10.10.2 netmask 255.255.255.0 mtu 1500 broadcast 10.10.10.255
Mar 20 21:31:51 Lucid NetworkManager: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
Mar 20 21:31:51 Lucid NetworkManager: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found.
Mar 20 21:31:51 Lucid NetworkManager: <WARN> device_creator(): /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
Mar 20 21:31:51 Lucid modem-manager: (net/tap0): could not get port's parent device
Mar 20 21:31:51 Lucid avahi-daemon[943]: Joining mDNS multicast group on interface tap0.IPv4 with address 10.10.10.2.
Mar 20 21:31:51 Lucid avahi-daemon[943]: New relevant interface tap0.IPv4 for mDNS.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Registering new address record for 10.10.10.2 on tap0.IPv4.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Withdrawing address record for 10.10.10.2 on tap0.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Leaving mDNS multicast group on interface tap0.IPv4 with address 10.10.10.2.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Interface tap0.IPv4 no longer relevant for mDNS.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Joining mDNS multicast group on interface tap0.IPv4 with address 10.10.10.2.
Mar 20 21:31:51 Lucid avahi-daemon[943]: New relevant interface tap0.IPv4 for mDNS.
Mar 20 21:31:51 Lucid avahi-daemon[943]: Registering new address record for 10.10.10.2 on tap0.IPv4.
Mar 20 21:31:51 Lucid nm-openvpn[1986]: /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper tap0 1500 1574 10.10.10.2 255.255.255.0 init
Mar 20 21:31:51 Lucid NetworkManager: <info> VPN connection '01 - ibVPN US1' (IP Config Get) reply received.
Mar 20 21:31:51 Lucid NetworkManager: <info> VPN Gateway: 204.152.214.234
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal Gateway: 10.10.10.1
Mar 20 21:31:51 Lucid NetworkManager: <info> Tunnel Device: tap0
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal IP4 Address: 10.10.10.2
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal IP4 Prefix: 24
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal IP4 Point-to-Point Address: 0.0.0.0
Mar 20 21:31:51 Lucid NetworkManager: <info> Maximum Segment Size (MSS): 0
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal IP4 DNS: 204.152.204.10
Mar 20 21:31:51 Lucid NetworkManager: <info> Internal IP4 DNS: 204.152.204.100
Mar 20 21:31:51 Lucid NetworkManager: <info> DNS Domain: '(none)'
Mar 20 21:31:51 Lucid NetworkManager: <info> Login Banner:
Mar 20 21:31:51 Lucid NetworkManager: <info> -----------------------------------------
Mar 20 21:31:51 Lucid NetworkManager: <info> (null)
Mar 20 21:31:51 Lucid NetworkManager: <info> -----------------------------------------
Mar 20 21:31:51 Lucid nm-openvpn[1986]: Initialization Sequence Completed
Mar 20 21:31:52 Lucid NetworkManager: <info> VPN connection '01 - ibVPN US1' (IP Config Get) complete.
Mar 20 21:31:52 Lucid NetworkManager: <info> Policy set '01 - ibVPN US1' (tap0) as default for routing and DNS.
Mar 20 21:31:52 Lucid NetworkManager: <info> VPN plugin state changed: 4
Mar 20 21:31:52 Lucid nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.
Mar 20 21:31:52 Lucid avahi-daemon[943]: Registering new address record for fe80::3c75:faff:fef9:92d3 on tap0.*.
Mar 20 21:32:01 Lucid nm-openvpn[1986]: Bad LZO decompression header byte: 0
Mar 20 21:32:01 Lucid kernel: [ 1774.872010] tap0: no IPv6 routers present
Mar 20 21:32:12 Lucid nm-openvpn[1986]: Bad LZO decompression header byte: 0
Mar 20 21:32:52 Lucid nm-openvpn[1986]: last message repeated 3 times
Mar 20 21:32:52 Lucid nm-openvpn[1986]: [server] Inactivity timeout (--ping-restart), restarting
Mar 20 21:32:52 Lucid nm-openvpn[1986]: SIGUSR1[soft,ping-restart] received, process restarting
Mar 20 21:32:54 Lucid nm-openvpn[1986]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mar 20 21:32:54 Lucid nm-openvpn[1986]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 20 21:32:54 Lucid nm-openvpn[1986]: Re-using SSL/TLS context
Mar 20 21:32:54 Lucid nm-openvpn[1986]: LZO compression initialized
Mar 20 21:32:54 Lucid nm-openvpn[1986]: UDPv4 link local: [undef]
Mar 20 21:32:54 Lucid nm-openvpn[1986]: UDPv4 link remote: [AF_INET]204.152.214.234:1194
Mar 20 21:33:00 Lucid nm-openvpn[1986]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1578'
Mar 20 21:33:00 Lucid nm-openvpn[1986]: WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Mar 20 21:33:00 Lucid nm-openvpn[1986]: [server] Peer Connection Initiated with [AF_INET]204.152.214.234:1194
Mar 20 21:33:03 Lucid nm-openvpn[1986]: AUTH: Received AUTH_FAILED control message
Mar 20 21:33:03 Lucid nm-openvpn[1986]: /sbin/ifconfig tap0 0.0.0.0
Mar 20 21:33:03 Lucid NetworkManager: <info> VPN plugin failed: 0
Mar 20 21:33:03 Lucid NetworkManager: <info> VPN plugin state changed: 6
Mar 20 21:33:03 Lucid NetworkManager: <info> VPN plugin state change reason: 10
Mar 20 21:33:03 Lucid NetworkManager: <WARN> connection_state_changed(): Could not process the request because no VPN connection was active.
Mar 20 21:33:03 Lucid avahi-daemon[943]: Interface tap0.IPv4 no longer relevant for mDNS.
Mar 20 21:33:03 Lucid avahi-daemon[943]: Leaving mDNS multicast group on interface tap0.IPv4 with address 10.10.10.2.
Mar 20 21:33:03 Lucid avahi-daemon[943]: Withdrawing address record for fe80::3c75:faff:fef9:92d3 on tap0.
Mar 20 21:33:03 Lucid avahi-daemon[943]: Withdrawing address record for 10.10.10.2 on tap0.
Mar 20 21:33:03 Lucid nm-openvpn[1986]: SIGTERM[soft,auth-failure] received, process exiting
Mar 20 21:33:04 Lucid NetworkManager: <info> Policy set 'Auto eth0' (eth0) as default for routing and DNS.
Mar 20 21:33:04 Lucid NetworkManager: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tap0, iface: tap0)
Mar 20 21:33:04 Lucid nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.
Mar 20 21:33:17 Lucid NetworkManager: <debug> [1300645997.001810] ensure_killed(): waiting for vpn service pid 1981 to exit
Mar 20 21:33:17 Lucid NetworkManager: <debug> [1300645997.001903] ensure_killed(): vpn service pid 1981 cleaned up

i use debian squeeze also it's work just fine but in lucid no luck even when add policy at_console in dbus_1/system.d/nm-openvpn.conf no luck
ubuntu 10.04 LTS

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: network-manager-openvpn 0.8-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-30.59-generic 2.6.32.29+drm33.13
Uname: Linux 2.6.32-30-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Sun Mar 20 21:23:09 2011
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: network-manager-openvpn

mhnd (me8-mis) wrote :
mhnd (me8-mis) wrote :

i tried many way to make it work but it doesn't work
if you want me to try any command just tell me
thanks

mhnd (me8-mis) wrote :

still no luck is can someone anyone respond please

Matthias Niess (mniess) wrote :

Try this:
Edit the file /etc/dbus-1/system.d/nm-openvpn-service.conf and ass a policy for user="at_console" with the same contents as user="root". See the attachment for details.

Launchpad Janitor (janitor) on 2011-08-10
Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
Greg Knapp (virtual-greg) wrote :

I had this issue and it turned out my RSA SecureID token was slightly out of sync with the RSA server. Apparently this can happen if you don't VPN in for a while (months?).

When starting vpnc via the command line I was prompted for a password and passcode. The passcode is the next code to appear on your RSA SecureID token. This should re-sync the server with your token again.

Then try establishing a connection again, like me it might work for you. I described the issue here as well:

http://forums.linuxmint.com/viewtopic.php?f=157&t=80319#p887986

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers