Bug 1186091 - openvpn stopped to work between and 2021-04-17 2021-05-12
openvpn stopped to work between and 2021-04-17 2021-05-12
Status: RESOLVED UPSTREAM
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: GNOME
Current
i686 openSUSE Tumbleweed
: P5 - None : Major (vote)
: ---
Assigned To: Jonathan Kang
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-05-15 18:24 UTC by Miguel Rozsas
Modified: 2021-07-28 12:49 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
songchuan.kang: needinfo? (miguel)


Attachments
NM Working on 2021-04-17 (3.54 KB, text/plain)
2021-05-15 19:45 UTC, Andreas Stieger
Details
NM Not working on 2021-05-12 (1.95 KB, text/plain)
2021-05-15 19:45 UTC, Andreas Stieger
Details
journalctl output (161.40 KB, text/plain)
2021-05-15 19:45 UTC, Andreas Stieger
Details
Firing a OPVPN connection without NM (3.57 KB, text/plain)
2021-05-15 19:46 UTC, Andreas Stieger
Details
Succesfull OpenVPN connection/IP created from above command (2.50 KB, text/plain)
2021-05-15 19:46 UTC, Andreas Stieger
Details
nm-openvpn-service output (3.69 KB, text/plain)
2021-06-10 11:18 UTC, Miguel Rozsas
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Miguel Rozsas 2021-05-15 18:24:47 UTC
NM was able to bring up a openVPN connection in 2021-04-17 but not in 2021-05-12. No modifications were made in related config file between 2021-04-17 and 2021-05-12.

Rolling the system back to 2021-04-17 re-enable NM/OVPN back.

Firing up the same openvpn connection without NM works too on  2021-05-12.

Check this:
NM Working on 2021-04-17: https://pastebin.com/tPWJA8Ct
NM Not working on 2021-05-12: https://pastebin.com/xSuE1yYm
journalctl output: https://pastebin.com/qnT7bc0G

openvpn config file: (note the date of config file, so it was working for about 3 years)
miguel $ ls -l Misc/openVPN/apice/1195/
total 8
-rw-r--r-- 1 miguel users 1769 out 27  2018 ca.crt
-rw-r--r-- 1 miguel users  172 nov 22  2018 client.ovpn

miguel $ \cat Misc/openVPN/apice/1195/client.ovpn   
client
dev tun
proto tcp
remote ip-addr-here 1195
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
verb 3
auth-user-pass
cipher AES-256-CBC

Firing a OPVPN connection without NM: https://pastebin.com/LVP3y4X0
Succesfull OpenVPN connection/IP created from above command: https://pastebin.com/AcJJpXCg
Comment 1 Andreas Stieger 2021-05-15 19:45:12 UTC
Created attachment 849363 [details]
NM Working on 2021-04-17
Comment 2 Andreas Stieger 2021-05-15 19:45:33 UTC
Created attachment 849364 [details]
NM Not working on 2021-05-12
Comment 3 Andreas Stieger 2021-05-15 19:45:54 UTC
Created attachment 849365 [details]
journalctl output
Comment 4 Andreas Stieger 2021-05-15 19:46:12 UTC
Created attachment 849366 [details]
Firing a OPVPN connection without NM
Comment 5 Andreas Stieger 2021-05-15 19:46:32 UTC
Created attachment 849367 [details]
Succesfull OpenVPN connection/IP created from above command
Comment 6 Andreas Stieger 2021-05-15 19:50:42 UTC
Adjust severity and move to GNOME NetworkManager-openvpn which had an update in the timeframe.
Comment 7 Yifan Jiang 2021-05-17 00:23:38 UTC
Jonathan, can you please help on the issue. Thanks.
Comment 8 Jonathan Kang 2021-06-10 07:47:01 UTC
@Miguel

Could you please collect some debugging outputs following the instructions
described here[0]?

*[0] https://wiki.gnome.org/Projects/NetworkManager/Debugging#Debugging_NetworkManager-openvpn
Comment 9 Miguel Rozsas 2021-06-10 11:16:40 UTC
@Jonathan Kang 
Sure ! there is an attachament with the output of nm-openvpn-service.
Please, tell me if you need something else.

I appreciate your help,
Comment 10 Miguel Rozsas 2021-06-10 11:18:43 UTC
Created attachment 850147 [details]
nm-openvpn-service output

kimera:~ # rpm -qa | grep -i network | grep -i manager
libKF5NetworkManagerQt6-5.82.0-1.1.x86_64
NetworkManager-openconnect-1.2.6-3.7.x86_64
NetworkManager-openvpn-1.8.14-1.1.x86_64
libproxy1-networkmanager-0.4.17-1.5.x86_64
NetworkManager-branding-openSUSE-42.1-3.9.noarch
NetworkManager-pptp-1.2.8-3.8.x86_64
NetworkManager-1.30.4-2.1.x86_64
kimera:~ # cp /usr/lib/NetworkManager/VPN/nm-openvpn-service.name /usr/lib/NetworkManager/VPN/nm-openvpn-service.name.original
kimera:~ # vi /usr/lib/NetworkManager/VPN/nm-openvpn-service.name
kimera:~ # grep supports-multiple-connections /usr/lib/NetworkManager/VPN/nm-openvpn-service.name
supports-multiple-connections=false
kimera:~ # killall -TERM nm-openvpn-service
nm-openvpn-service: no process found
kimera:~ # /usr/libexec/nm-openvpn-service --debug >  /tmp/nm-openvpn-service.debug 2>&1
Comment 11 Miguel Rozsas 2021-06-10 11:29:33 UTC
Comment on attachment 850147 [details]
nm-openvpn-service output

nm-openvpn[4488] <debug> nm-openvpn-service (version 1.8.14) starting...
nm-openvpn[4488] <debug> connection -------------------------------------
proxy

ipv4
        address-data : []
        dns : [3550521536, 3365972160]
        dns-search : ['apice.local']
        ignore-auto-dns : true
        ignore-auto-routes : true
        may-fail : false
        method : 'auto'
        never-default : true
        route-data : [{'dest': <'10.10.12.0'>, 'prefix': <uint32 24>, 'next-hop': <'10.10.12.25'>, 'metric': <uint32 50>}, {'dest': <'192.168.160.0'>, 'prefix': <uint32 24>, 'next-hop': <'10.10.12.25'>, 'metric': <uint32 50>}]

ipv6
        address-data : []
        dns : []
        dns-search : []
        method : 'ignore'
        route-data : []

connection
        id : 'VPN Apice'
        permissions : ['user:obfuscate_user:']
        type : 'vpn'
        uuid : '97c98842-15ec-4d2a-b9c0-8b2521476282'

vpn
        data : {'ca': '/home/obfuscate_user/Misc/openVPN/apice/1195/ca.crt', 'cert': '', 'cert-pass-flags': '1', 'connection-type': 'password-tls', 'float': 'no', 'key': '', 'mssfix': 'no', 'password-flags': '1', 'port': '1195', 'proto-tcp': 'yes', 'remote': 'obfuscate.address.com', 'remote-random': 'no', 'tun-ipv6': 'no', 'username': 'obfuscate_user'}
        secrets : {}
        service-type : 'org.freedesktop.NetworkManager.openvpn'

nm-openvpn[4488] <debug> connection -------------------------------------
proxy

ipv4
        address-data : []
        dns : [3550521536, 3365972160]
        dns-search : ['apice.local']
        ignore-auto-dns : true
        ignore-auto-routes : true
        may-fail : false
        method : 'auto'
        never-default : true
        route-data : [{'dest': <'10.10.12.0'>, 'prefix': <uint32 24>, 'next-hop': <'10.10.12.25'>, 'metric': <uint32 50>}, {'dest': <'192.168.160.0'>, 'prefix': <uint32 24>, 'next-hop': <'10.10.12.25'>, 'metric': <uint32 50>}]

ipv6
        address-data : []
        dns : []
        dns-search : []
        method : 'ignore'
        route-data : []

connection
        id : 'VPN Apice'
        permissions : ['user:obfuscate_user:']
        type : 'vpn'
        uuid : '97c98842-15ec-4d2a-b9c0-8b2521476282'

vpn
        data : {'ca': '/home/obfuscate_user/Misc/openVPN/apice/1195/ca.crt', 'cert': '', 'cert-pass-flags': '1', 'connection-type': 'password-tls', 'float': 'no', 'key': '', 'mssfix': 'no', 'password-flags': '1', 'port': '1195', 'proto-tcp': 'yes', 'remote': 'obfuscate.address.com', 'remote-random': 'no', 'tun-ipv6': 'no', 'username': 'obfuscate_user'}
        secrets : {'password': 'obfuscate-password'}
        service-type : 'org.freedesktop.NetworkManager.openvpn'
        user-name : 'obfuscate_user'

nm-openvpn[4488] <debug> connect (interactive=1)
nm-openvpn[4488] <warn>  Directory '/var/lib/openvpn/chroot' not usable for chroot by 'nm-openvpn', openvpn will not be chrooted.
nm-openvpn[4488] <debug> EXEC: '/usr/sbin/openvpn --remote obfuscate.address.com 1195 tcp-client --nobind --dev tun --auth-nocache --reneg-sec 0 --verb 10 --script-security 2 --up /usr/libexec/nm-openvpn-service-openvpn-helper --debug 6 4488 --bus-name org.freedesktop.NetworkManager.openvpn --tun -- --up-restart --persist-key --persist-tun --management /var/run/NetworkManager/nm-openvpn-97c98842-15ec-4d2a-b9c0-8b2521476282 unix --management-client-user root --management-client-group root --management-query-passwords --auth-retry interact --route-noexec --ifconfig-noexec --client --ca /home/obfuscate_user/Misc/openVPN/apice/1195/ca.crt --cert  --key  --auth-user-pass --user nm-openvpn --group nm-openvpn'
nm-openvpn[4488] <info>  openvpn[4508] started
Options error: --cert fails with '': No such file or directory (errno=2)
Thu Jun 10 08:13:11 2021 us=964763 WARNING: cannot stat file '': No such file or directory (errno=2)
Options error: --key fails with '': No such file or directory (errno=2)
Options error: Please correct these errors.
Use --help for more information.
nm-openvpn[4488] <warn>  openvpn[4508] exited with error code 1

(nm-openvpn-service:4488): GLib-CRITICAL **: 08:13:19.405: Source ID 3 was not found when attempting to remove it
Comment 12 Jonathan Kang 2021-06-15 08:50:37 UTC
@Miguel

Thanks for those logs which are very useful!

Can you try NetworkManager-openvpn in this repo[0] and see if it fixes
this issue?

*[0] https://download.opensuse.org/repositories/home:/JonathanKang:/branches:/GNOME:/Factory/openSUSE_Factory/
Comment 13 Miguel Rozsas 2021-06-15 11:36:28 UTC
@Jonathan

Yes !
The NetworkManager-openvpn-1.8.14-134.1.x86_64.rpm fixed the issue.
I am able to connnect/disconnect from openVPN using the NetworkManager applet again.
Thank you very much,
Comment 14 OBSbugzilla Bot 2021-06-16 19:30:21 UTC
This is an autogenerated message for OBS integration:
This bug (1186091) was mentioned in
https://build.opensuse.org/request/show/900448 Factory / NetworkManager-openvpn