Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#44875 - [networkmanager-openvpn] Broken since upgrade to 1.0.2-1

Attached to Project: Arch Linux
Opened by David Rosenstrauch (darose) - Wednesday, 06 May 2015, 15:23 GMT
Last edited by Jan Alexander Steffens (heftig) - Sunday, 12 July 2015, 16:58 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Ionut Biru (wonder)
Jan Alexander Steffens (heftig)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Looks like the openvpn plugin broke with the most recent upgrade. The nm-applet can no longer successfully initiate a VPN connection. (It had been working reliably for months prior to that.)

Messages log shows the following:

May 6 11:00:52 daroseneo NetworkManager[512]: <info> Starting VPN service 'openvpn'...
May 6 11:00:52 daroseneo NetworkManager[512]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 2168
May 6 11:00:52 daroseneo NetworkManager[512]: <info> VPN service 'openvpn' appeared; activating connections
May 6 11:00:52 daroseneo NetworkManager[512]: <info> VPN plugin state changed: starting (3)
May 6 11:00:52 daroseneo NetworkManager[512]: nm-openvpn-Message: openvpn started with pid 2171
May 6 11:00:52 daroseneo nm-openvpn[2171]: Use --help for more information.
May 6 11:00:52 daroseneo NetworkManager[512]: <info> VPN connection 'darsys' (ConnectInteractive) reply received.
May 6 11:00:52 daroseneo NetworkManager[512]: (nm-openvpn-service:2168): nm-openvpn-WARNING **: openvpn exited with error code 1
May 6 11:00:52 daroseneo NetworkManager[512]: <warn> VPN plugin failed: connect-failed (1)
May 6 11:00:52 daroseneo NetworkManager[512]: <info> VPN plugin state changed: stopped (6)
May 6 11:00:52 daroseneo NetworkManager[512]: <info> VPN plugin state change reason: unknown (0)
May 6 11:00:52 daroseneo NetworkManager[512]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
May 6 11:01:12 daroseneo NetworkManager[512]: <info> VPN service 'openvpn' disappeared

This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Sunday, 12 July 2015, 16:58 GMT
Reason for closing:  Fixed
Additional comments about closing:  1.0.2-2
Comment by Jan Alexander Steffens (heftig) - Wednesday, 06 May 2015, 15:57 GMT
All my OpenVPN connections still work fine.
Comment by David Rosenstrauch (darose) - Wednesday, 06 May 2015, 16:30 GMT
You are using network-manager / nm-applet?
Comment by David Rosenstrauch (darose) - Wednesday, 06 May 2015, 16:45 GMT
Also, is there any way for me to better debug this? (I.e., to get more detailed info on the actual failure than "openvpn exited with error code 1".
Comment by David Rosenstrauch (darose) - Thursday, 07 May 2015, 01:52 GMT
Hmmm ...

When I looked in journalctl I also saw this:

May 06 21:44:22 daroseneo nm-openvpn[1812]: Options error: Parameter renegotiate_seconds can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.

Have no idea what this is talking about. (And googling on that error msg didn't turn up anything either.)

Only possible clue I can see here is that when I click on the "Advanced" button in the nm-applet's configuration for my VPN, I see an option called "Use custom renegotiation interval". However, I have this option turned off, so I'm not sure why that would be getting used.
Comment by Jan Alexander Steffens (heftig) - Thursday, 07 May 2015, 01:57 GMT
I guess make an upstream bug report that --reneg-sec must only be added when the authentication mode includes TLS.
Comment by Jan Alexander Steffens (heftig) - Thursday, 07 May 2015, 02:01 GMT Comment by David Rosenstrauch (darose) - Thursday, 07 May 2015, 02:06 GMT
Tnx! I'll add myself onto cc for that bug.
Comment by James Crompton (DonJaime) - Sunday, 12 July 2015, 16:52 GMT
Upstream bug was closed fixed on May 28th. Arch is still on the broken 1.0.2-1 package. I have a new installation and can't downgrade. Is there any hope?

Loading...