Ubuntu
network-manager-openvpn package

Network Manager OpenVPN fails to connect

Bug #390127 reported by rlogiacco
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager-openvpn (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: network-manager-openvpn

When I try to connect to my company vpn using openvpn the applet reports the connection is established but no packet is able to pass through the tunnel.

Here follows the excerpt from the syslog regarding the connection start:

Jun 21 05:04:55 smartnote NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Jun 21 05:04:55 smartnote NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 31975
Jun 21 05:04:55 smartnote NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Jun 21 05:04:55 smartnote NetworkManager: <info> VPN plugin state changed: 1
Jun 21 05:04:55 smartnote NetworkManager: <info> VPN plugin state changed: 3
Jun 21 05:04:55 smartnote NetworkManager: <info> VPN connection 'smartlab.net' (Connect) reply received.
Jun 21 05:04:55 smartnote nm-openvpn[31979]: OpenVPN 2.1_rc11 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 9 2009
Jun 21 05:04:55 smartnote nm-openvpn[31979]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jun 21 05:04:55 smartnote nm-openvpn[31979]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 21 05:04:55 smartnote nm-openvpn[31979]: WARNING: file '/home/rlogiacco/vpn/rlogiacco.key' is group or others accessible
Jun 21 05:04:55 smartnote nm-openvpn[31979]: /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Jun 21 05:04:55 smartnote nm-openvpn[31979]: WARNING: file '/home/rlogiacco/vpn/tls-auth.key' is group or others accessible
Jun 21 05:04:55 smartnote nm-openvpn[31979]: Control Channel Authentication: using '/home/rlogiacco/vpn/tls-auth.key' as a OpenVPN static key file
Jun 21 05:04:55 smartnote nm-openvpn[31979]: UDPv4 link local: [undef]
Jun 21 05:04:55 smartnote nm-openvpn[31979]: UDPv4 link remote: 87.24.149.179:1194
Jun 21 05:04:57 smartnote nm-openvpn[31979]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1589'
Jun 21 05:04:57 smartnote nm-openvpn[31979]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-128-CBC'
Jun 21 05:04:57 smartnote nm-openvpn[31979]: [www.smartlab.net] Peer Connection Initiated with 87.24.149.179:1194
Jun 21 05:04:58 smartnote nm-openvpn[31979]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:3: ip-win32 (2.1_rc11)
Jun 21 05:04:58 smartnote nm-openvpn[31979]: TUN/TAP device tap0 opened
Jun 21 05:04:58 smartnote nm-openvpn[31979]: /sbin/ifconfig tap0 192.168.254.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.254.255
Jun 21 05:04:58 smartnote avahi-daemon[3342]: Joining mDNS multicast group on interface tap0.IPv4 with address 192.168.254.2.
Jun 21 05:04:58 smartnote avahi-daemon[3342]: New relevant interface tap0.IPv4 for mDNS.
Jun 21 05:04:58 smartnote avahi-daemon[3342]: Registering new address record for 192.168.254.2 on tap0.IPv4.
Jun 21 05:04:58 smartnote nm-system-settings: SCPlugin-Ifupdown: device added (udi: /org/freedesktop/Hal/devices/net_0a_2c_1a_cc_63_6f, iface: tap0): not well known
Jun 21 05:04:58 smartnote nm-openvpn[31979]: /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper tap0 1500 1573 192.168.254.2 255.255.255.0 init
Jun 21 05:04:58 smartnote nm-openvpn[31979]: Initialization Sequence Completed
Jun 21 05:04:58 smartnote NetworkManager: <info> VPN connection 'smartlab.net' (IP Config Get) reply received.
Jun 21 05:04:58 smartnote NetworkManager: <info> VPN Gateway: 87.24.149.179
Jun 21 05:04:58 smartnote NetworkManager: <info> Internal Gateway: 192.168.254.1
Jun 21 05:04:58 smartnote NetworkManager: <info> Tunnel Device: tap0
Jun 21 05:04:58 smartnote NetworkManager: <info> Internal IP4 Address: 192.168.254.2
Jun 21 05:04:58 smartnote NetworkManager: <info> Internal IP4 Prefix: 24
Jun 21 05:04:58 smartnote NetworkManager: <info> Internal IP4 Point-to-Point Address: 0.0.0.0
Jun 21 05:04:58 smartnote NetworkManager: <info> Maximum Segment Size (MSS): 0
Jun 21 05:04:58 smartnote NetworkManager: <info> Static Route: 192.168.3.0/24 Next Hop: 192.168.3.0
Jun 21 05:04:58 smartnote NetworkManager: <info> Static Route: 192.168.10.0/24 Next Hop: 192.168.10.0
Jun 21 05:04:58 smartnote NetworkManager: <info> Internal IP4 DNS: 192.168.3.1
Jun 21 05:04:58 smartnote NetworkManager: <info> DNS Domain: 'smartlab.net'
Jun 21 05:04:58 smartnote NetworkManager: <info> Login Banner:
Jun 21 05:04:58 smartnote NetworkManager: <info> -----------------------------------------
Jun 21 05:04:58 smartnote NetworkManager: <info> (null)
Jun 21 05:04:58 smartnote NetworkManager: <info> -----------------------------------------
Jun 21 05:04:58 smartnote avahi-daemon[3342]: Withdrawing address record for 192.168.254.2 on tap0.
Jun 21 05:04:58 smartnote avahi-daemon[3342]: Leaving mDNS multicast group on interface tap0.IPv4 with address 192.168.254.2.
Jun 21 05:04:58 smartnote avahi-daemon[3342]: Interface tap0.IPv4 no longer relevant for mDNS.
Jun 21 05:04:58 smartnote avahi-daemon[3342]: Joining mDNS multicast group on interface tap0.IPv4 with address 192.168.254.2.
Jun 21 05:04:58 smartnote avahi-daemon[3342]: New relevant interface tap0.IPv4 for mDNS.
Jun 21 05:04:58 smartnote avahi-daemon[3342]: Registering new address record for 192.168.254.2 on tap0.IPv4.
Jun 21 05:04:59 smartnote NetworkManager: <info> (tap0): writing resolv.conf to /sbin/resolvconf
Jun 21 05:04:59 smartnote NetworkManager: <info> VPN connection 'smartlab.net' (IP Config Get) complete.
Jun 21 05:04:59 smartnote NetworkManager: <info> (tap0): writing resolv.conf to /sbin/resolvconf
Jun 21 05:04:59 smartnote NetworkManager: <info> Policy set 'smartlab.net' (tap0) as default for routing and DNS.
Jun 21 05:04:59 smartnote NetworkManager: <info> VPN plugin state changed: 4
Jun 21 05:04:59 smartnote nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.
Jun 21 05:05:00 smartnote avahi-daemon[3342]: Registering new address record for fe80::82c:1aff:fecc:636f on tap0.*.
Jun 21 05:05:03 smartnote nm-system-settings: Added default wired connection 'Auto tap0' for /org/freedesktop/Hal/devices/net_0a_2c_1a_cc_63_6f
Jun 21 05:05:08 smartnote nm-openvpn[31979]: Authenticate/Decrypt packet error: cipher final failed
Jun 21 05:05:09 smartnote kernel: [52952.936146] tap0: no IPv6 routers present
Jun 21 05:05:18 smartnote nm-openvpn[31979]: Authenticate/Decrypt packet error: cipher final failed
Jun 21 05:05:48 smartnote last message repeated 3 times

When I stop the vpn connection this is what I get:

Jun 21 05:06:58 smartnote nm-openvpn[31979]: Authenticate/Decrypt packet error: cipher final failed
Jun 21 05:06:58 smartnote nm-openvpn[31979]: [www.smartlab.net] Inactivity timeout (--ping-restart), restarting
Jun 21 05:06:58 smartnote nm-openvpn[31979]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 21 05:07:00 smartnote nm-openvpn[31979]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jun 21 05:07:00 smartnote nm-openvpn[31979]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 21 05:07:00 smartnote nm-openvpn[31979]: Re-using SSL/TLS context
Jun 21 05:07:11 smartnote NetworkManager: <info> (tap0): writing resolv.conf to /sbin/resolvconf
Jun 21 05:07:11 smartnote avahi-daemon[3342]: Interface tap0.IPv4 no longer relevant for mDNS.
Jun 21 05:07:11 smartnote avahi-daemon[3342]: Leaving mDNS multicast group on interface tap0.IPv4 with address 192.168.254.2.
Jun 21 05:07:11 smartnote avahi-daemon[3342]: Withdrawing address record for fe80::82c:1aff:fecc:636f on tap0.
Jun 21 05:07:11 smartnote avahi-daemon[3342]: Withdrawing address record for 192.168.254.2 on tap0.
Jun 21 05:07:11 smartnote avahi-daemon[3342]: Withdrawing address record for 192.168.0.75 on wlan0.
Jun 21 05:07:11 smartnote avahi-daemon[3342]: Leaving mDNS multicast group on interface wlan0.IPv4 with address 192.168.0.75.
Jun 21 05:07:11 smartnote avahi-daemon[3342]: Interface wlan0.IPv4 no longer relevant for mDNS.
Jun 21 05:07:11 smartnote avahi-daemon[3342]: Joining mDNS multicast group on interface wlan0.IPv4 with address 192.168.0.75.
Jun 21 05:07:11 smartnote avahi-daemon[3342]: New relevant interface wlan0.IPv4 for mDNS.
Jun 21 05:07:11 smartnote avahi-daemon[3342]: Registering new address record for 192.168.0.75 on wlan0.IPv4.
Jun 21 05:07:12 smartnote NetworkManager: <info> (wlan0): writing resolv.conf to /sbin/resolvconf
Jun 21 05:07:12 smartnote NetworkManager: <info> Policy set 'Auto home' (wlan0) as default for routing and DNS.
Jun 21 05:07:12 smartnote nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.
Jun 21 05:07:13 smartnote nm-system-settings: SCPlugin-Ifupdown: devices removed (udi: /org/freedesktop/Hal/devices/net_0a_2c_1a_cc_63_6f)
Jun 21 05:07:25 smartnote NetworkManager: <debug> [1245553645.002316] ensure_killed(): waiting for vpn service pid 31975 to exit
Jun 21 05:07:25 smartnote NetworkManager: <debug> [1245553645.002454] ensure_killed(): vpn service pid 31975 cleaned up
Jun 21 05:10:01 smartnote /USR/SBIN/CRON[32191]: (root) CMD ([ -x /usr/sbin/update-motd ] && /usr/sbin/update-motd 2>/dev/null)

###

Description: Ubuntu 9.04
Release: 9.04

network-manager-openvpn:
  Installed: 0.7.1~rc4.1.20090323+bzr27-0ubuntu2
  Candidate: 0.7.1~rc4.1.20090323+bzr27-0ubuntu2
  Version table:
 *** 0.7.1~rc4.1.20090323+bzr27-0ubuntu2 0
        500 http://it.archive.ubuntu.com jaunty/universe Packages
        100 /var/lib/dpkg/status

Revision history for this message
rlogiacco (rlogiacco) wrote :

Forget it, I resolved just after committing the bug.... it was clearly a problem regarding the cipher.

Sorry.

Joseph Smidt (jsmidt)
Changed in network-manager-openvpn (Ubuntu):
status: New → Invalid
Revision history for this message
Joseph Smidt (jsmidt) wrote :

Thanks for the bug report. I'm glad to hear this is no longer an issue.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.