Ubuntu
network-manager-openvpn package

NM0.7/Intrepid regression: No longer possible to configure LZO compression

Bug #259562 reported by Tore Anderson on 2008-08-19

This bug report is a duplicate of: Bug #260291: Network Manager 0.7, openvpn, VPN Connection Failed. Edit Remove

Affects		Status	Importance	Assigned to	Milestone
	network-manager-openvpn (Ubuntu)	Incomplete	Undecided	Unassigned

Bug Description

Binary package hint: network-manager-openvpn

With NM0.6 it was possible to check a box called something like «Use LZO compression» when editing the settings for a OpenVPN connection. After updating to the latest NM in Intrepid (network-manager-openvpn 0.7~~svn20080818t061112-0ubuntu1, to be precise), this is no longer possible, and I can therefore not connect to my employer's OpenVPN service. (I only tried through network-manager-gnome since the KDE applet is completely broken for me at the moment, cf. bug 259278.)

It is a bit silly that this setting isn't autodetected and set if necessary, by the way. It should be possible - at least I see the following message appearing in /var/log/syslog when attempting to start the VPN connection (actually the connection is seemingly established OK, but no packets makes it through):

«nm-openvpn[14314]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'»

Another thing worth noting is that my current VPN connection disappeared when I updated to NM0.7 and I had to recreate it. Bad. Isn't it supposed to preserve configuration across upgrades?

Tore

Revision history for this message

Tore Anderson (toreanderson) wrote on 2008-08-19:

Alexander, I subscribed you since you apparantly is the NM0.7 guru, so I figured you'd be interested in this bug report.

Forgive me if I'm mistaken.

Tore

Revision history for this message

Alexander Sack (asac) wrote on 2008-08-23:

please attach your complete syslog taken after reproducing this.

Thanks!

Changed in network-manager-openvpn:
status:	New → Incomplete

Revision history for this message

Tore Anderson (toreanderson) wrote on 2008-08-24:

Log from when it fails completely (like it is today) Edit (2.7 KiB, text/plain)

It seems I can't reproduce it any longer, now it fails with «The VPN connection 'My VPN Connection' failed because the VPN service stopped unexpectedly» (that's a balloon popup shown by nm-applet).

I'm attaching logs from both when it seemingly was established OK but no traffic made it through (due to the missing LZO setting, most likely), and from when it fails completely. I've anonymised some IP addresses and such, but other than that they should be complete.

Tore

Revision history for this message

Tore Anderson (toreanderson) wrote on 2008-08-24:

Log from when it works but LZO is missing (like it was when I submitted the bug in the first plaace) Edit (6.1 KiB, text/plain)

Revision history for this message

Alexander Sack (asac) wrote on 2008-08-24: Re: [Bug 259562] Re: NM0.7/Intrepid regression: No longer possible to configure LZO compression

On Sun, Aug 24, 2008 at 09:39:01AM -0000, Tore Anderson wrote:
>
> ** Attachment added: "Log from when it works but LZO is missing (like it was when I submitted the bug in the first plaace)"
> http://launchpadlibrarian.net/17044074/syslog-missinglzo
>

For this: You can still enable LZO compression the "Advanced ..."
setting dialog in connection editor.

- Alexander

Revision history for this message

Alexander Sack (asac) wrote on 2008-08-24:

On Sun, Aug 24, 2008 at 09:38:13AM -0000, Tore Anderson wrote:
>
> ** Attachment added: "Log from when it fails completely (like it is today)"
> http://launchpadlibrarian.net/17044068/syslog-completefailure
>

Aug 24 11:24:36 envy nm-openvpn[7084]: /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper tun0 1500 1541 10.8.0.6 10.8.0.5 init
Aug 24 11:24:36 envy nm-openvpn[7084]: openvpn_execve: external program may not be called due to setting of --script-security level
Aug 24 11:24:36 envy nm-openvpn[7084]: script failed: external program fork failed

Its wierd that this worked for you before. where there any other packages upgraded? maybe its a race
and if you try multiple times it works? Or it works when you try for the first time after startup or
something?

- Alexander

Revision history for this message

Tore Anderson (toreanderson) wrote on 2008-08-24:

I try to keep my Intrepid up-to-date, so I have most certainly updated packages between the time I submitted this bug and when I tried to reproduce it. I see from the logs I posted that when it failed completely I was running OpenVPN 2.1-rc9, while when it worked (disregarding LZO troubles) I was running 2.1-rc8. Most likely that's why the behaviour differs, I'll be able to confirm tormorrow. The failure is not intermittent - it fails with the openvpn_execve error every time now.

When it comes to enabling LZO compression... Jeez! I was looking for an "Advanced" tab all along, which was there under NM 0.6, but not there anymore under NM 0.7. The "Advanced..." button I completely overlooked (just noticed it now when I prepared to take a screenshot to prove to you it was not there). Embarrassing indeed... So at least this part of the bug report can be considered invalid; apologies for wasting your time.

I'll try to downgrade OpenVPN and get back to you tomorrow about the openvpn_execve error.

Tore

Revision history for this message

Tore Anderson (toreanderson) wrote on 2008-08-25:

Downgraded to openvpn 2.1~rc7-1ubuntu3, and it is again possible to connect to the VPN (and with LZO enabled, I can actually use the tunnel as well). However, the default route is _not_ redirected to go over the VPN tunnel like it was in NM 0.6 (my IPv4 settings method is "Automatic (VPN)"), I need to manually fix it in order for the VPN tunnel to be used.

The last line that is printed to syslog after activating the connection might give a clue why:

Aug 20 00:00:17 envy nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.

However, this bug might very well be fixed by openvpn 2.1~rc8, so we can put it on hold for a while. When I upgrade to 2.1~rc8 again, I get the same error message as before, and the connection fails completely:

Aug 20 00:08:34 envy nm-openvpn[22284]: /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper tun0 1500 1542 10.8.0.6 10.8.0.5 init
Aug 20 00:08:34 envy nm-openvpn[22284]: openvpn_execve: external program may not be called due to setting of --script-security level
Aug 20 00:08:34 envy nm-openvpn[22284]: script failed: external program fork failed
Aug 20 00:08:34 envy nm-openvpn[22284]: Exiting

I'll update the title of this bug to indicate that this is the problem at the moment.

Tore

Revision history for this message

Andreas Schildbach (schildbach) wrote on 2008-09-06:

I've got the same problem ("openvpn_execve: external program may not be called due to setting of --script-security level") when connecting to my employers VPN.