[Bug 163212] network-manager-openvpn (kubuntu knetworkmanager version) with password authentication not working
Claude Philipona
claude.philipona at camptocamp.com
Fri Nov 16 22:17:47 UTC 2007
Public bug reported:
There seems to be a bug in network-manager-openvpn when using
user/password authentication with the kubuntu version (knetwork
manager).
Settings:
Gateway: 192.168.1.1
Port: 1194
Connection Type: Passwrod Authentication
CA file: /path/to/file/ca.crt
Username: myusername
Options:
Use LZO compression : Yes
Use TAP device: No
Use TCP connection: No
Use Cipher : No
Use TLS auth Yes /pat/to/file/ta.key
Direction: 1
The VPN connection does not start due to a connection error. But the
exact same settings works perfectly from the same place with the gnome
version of networkmanager. After some investigation, it seems that the
openvpn module with the knetworkmanager systray does not give correctly
the password to the running openvpn (a window asks for the password but
it is then not correctly given to openvpn), so the openvpn doesn't even
try to connect to openvpn server, as an strace on openvpn reports "the
\'password\' command requires 2 parameters\r\n":
recv(11, "username \"Auth\" claude\npassword \"Auth\" \n", 256, MSG_NOSIGNAL) = 40 <-- password missing
time(NULL) = 1195245940
send(11, "SUCCESS: \'Auth\' username entered, but not yet verified\r\n", 56, MSG_NOSIGNAL) = 56
time(NULL) = 1195245940
send(11, "ERROR: the \'password\' command requires 2 parameters\r\n", 53, MSG_NOSIGNAL) = 53
poll([{fd=11, events=POLLIN|POLLPRI}], 1, 1000) = 0
Here some mor detailed information
dump in /var/log/syslog:
Nov 16 22:40:37 vanil NetworkManager: <info> Will activate VPN connection 'test'
, service 'org.freedesktop.NetworkManager.openvpn', user_name 'myusername', vpn_data
'connection-type / password / remote / 192.168.1.1 / port / 1194 / ca / /etc/u
buntu-c2c/ovpn/ca.crt / cert / / key / / comp-lzo / yes / shared-key / / user
name / claude / local-ip / / remote-ip / / dev / tun / proto / udp / ta / /etc
/ubuntu-c2c/ovpn/ta.key / ta-dir / 1', route '10.0.0.0/8 / 128.179.66.8/32 / 128
.179.66.29/32'.
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 1 of 4
(Connection Prepare) scheduled...
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 1 of 4
(Connection Prepare) ran VPN service daemon org.freedesktop.NetworkManager.openv
pn (PID 9358)
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 1 of 4
(Connection Prepare) complete.
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 2 of 4
(Connection Prepare Wait) scheduled...
Nov 16 22:40:37 vanil NetworkManager: <info> VPN service 'org.freedesktop.Netwo
rkManager.openvpn' signaled state change 1 -> 6.
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 2 of 4
(Connection Prepare Wait) waiting...
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 2 of 4
(Connection Prepare Wait) complete.
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 3 of 4
(Connect) scheduled...
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 3 of 4
(Connect) sending connect request.
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 3 of 4
(Connect) request sent, waiting for reply...
Nov 16 22:40:37 vanil nm-openvpn[9361]: OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [L
ZO] [EPOLL] built on May 21 2007
Nov 16 22:40:37 vanil NetworkManager: <info> VPN service 'org.freedesktop.Netwo rkManager.openvpn' signaled state change 6 -> 3.
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 3 of 4 (Connect) reply received.
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 4 of 4 (IP Config Get) timeout scheduled...
Nov 16 22:40:37 vanil NetworkManager: <info> VPN Activation (c2c) Stage 3 of 4 (Connect) complete, waiting for IP configuration...
Nov 16 22:40:52 vanil NetworkManager: <WARN> nm_vpn_service_process_signal(): V PN failed for service 'org.freedesktop.NetworkManager.openvpn', signal 'ConnectF ailed', with message 'The VPN login failed because the VPN program could not con nect to the VPN server.'.
Nov 16 22:40:52 vanil NetworkManager: <info> VPN service 'org.freedesktop.Netwo rkManager.openvpn' signaled state change 3 -> 5.
Nov 16 22:40:52 vanil NetworkManager: <info> VPN service 'org.freedesktop.Netwo rkManager.openvpn' signaled state change 5 -> 6.
Nov 16 22:40:52 vanil NetworkManager: <WARN> nm_vpn_service_stop_connection(): (VPN Service org.freedesktop.NetworkManager.openvpn): could not stop connection 'c2c' because service was 6.
strace of the running openvpn that is launched by networkmanager:
strace -f -s 64 /usr/sbin/openvpn --remote 192.168.1.1 --ns-cert-type server --comp-lzo --nobind --dev tun --proto udp --port 1194 --tls-auth /etc/ubuntu-c2c/ovpn/ta.key 1 --syslog nm-openvpn --up /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper --up-restart --persist-key --persist-tun --management 127.0.0.1 1194 --management-query-passwords --client --auth-user-pass --ca /etc/ubuntu-c2c/ovpn/ca.crt
execve("/usr/sbin/openvpn", ["/usr/sbin/openvpn", "--remote", "192.168.1.1", "--ns-cert-type", "server", "--comp-lzo", "--nobind", "--dev", "tun", "--proto", "udp", "--port", "1194", "--tls-auth", "/etc/ubuntu-c2c/ovpn/ta.key", "1", "--syslog", "nm-openvpn", "--up", "/usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-help"..., "--up-restart", "--persist-key", "--persist-tun", "--management", "127.0.0.1", "1194", "--management-query-passwords", "--client", "--auth-user-pass", "--ca", "/etc/ubuntu-c2c/ovpn/ca.crt"], [/* 33 vars */]) = 0
brk(0) = 0x80a4000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fa9000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=68828, ...}) = 0
mmap2(NULL, 68828, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f98000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i686/cmov/libssl.so.0.9.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \300\0\0004\0\0\0\364\370\3\0\0\0\0\0004\0 \0\4\0(\0\33\0\32\0\1\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=261420, ...}) = 0
mmap2(NULL, 264340, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f57000
mmap2(0xb7f94000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3c) = 0xb7f94000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/i686/cmov/libcrypto.so.0.9.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\301\3\0004\0\0\0\304\346\23\0\0\0\0\0004\0 \0\5\0(\0\34\0\33\0\1\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1305380, ...}) = 0
mmap2(NULL, 1321816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e14000
mmap2(0xb7f3f000, 86016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12a) = 0xb7f3f000
mmap2(0xb7f54000, 11096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f54000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/liblzo2.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20$\0\0004\0\0\0\34\347\1\0\0\0\0\0004\0 \0\4\0(\0\32\0\31\0\1\0\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=125740, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e13000
mmap2(NULL, 128580, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7df3000
mmap2(0xb7e12000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e) = 0xb7e12000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/cmov/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\n\0\0004\0\0\0L!\0\0\0\0\0\0004\0 \0\10\0(\0\35\0\34\0\6\0\0\0004\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=9684, ...}) = 0
mmap2(NULL, 12412, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7def000
mmap2(0xb7df1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7df1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/cmov/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 H\0\0004\0\0\0\330C\1\0\0\0\0\0004\0 \0\t\0(\0$\0!\0\6\0\0\0004\0\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=112423, ...}) = 0
mmap2(NULL, 94688, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7dd7000
mmap2(0xb7deb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0xb7deb000
mmap2(0xb7ded000, 4576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ded000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260a\1\0004\0\0\0\10g\24\0\0\0\0\0004\0 \0\n\0(\0D\0C\0\6\0\0\0004\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1339816, ...}) = 0
mmap2(NULL, 1349136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7c8d000
mmap2(0xb7dd1000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x143) = 0xb7dd1000
mmap2(0xb7dd4000, 9744, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7dd4000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\31\0\0004\0\0\0\0306\1\0\0\0\0\0004\0 \0\5\0(\0\34\0\33\0\1\0\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=80504, ...}) = 0
mmap2(NULL, 83232, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7c78000
mmap2(0xb7c8c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0xb7c8c000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7c77000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7c76000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7c766b0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7dd1000, 4096, PROT_READ) = 0
munmap(0xb7f98000, 68828) = 0
set_tid_address(0xb7c766f8) = 9181
set_robust_list(0xb7c76700, 0xc) = 0
rt_sigaction(SIGRTMIN, {0xb7ddb300, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xb7ddb380, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="vanil", ...}) = 0
gettimeofday({1195245935, 113631}, NULL) = 0
time(NULL) = 1195245935
brk(0) = 0x80a4000
brk(0x80c5000) = 0x80c5000
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3
fstat64(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 10) = 1
read(3, "\323\234P\276#\231\210!fOH\337#\5w\34\262\221\354\237\203j\0261\263=\367\f\207ay\352", 32) = 32
close(3) = 0
getuid32() = 1000
time(NULL) = 1195245935
time(NULL) = 1195245935
time(NULL) = 1195245935
open("/etc/localtime", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1920, ...}) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1920, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fa8000
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0\0\0\0x\0\0\0\4\0\0\0\t\311$\307\360\311r\202`\312\26&\220\312"..., 4096) = 1920
close(3) = 0
munmap(0xb7fa8000, 4096) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1920, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1920, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1920, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
send(3, "<29>Nov 16 21:45:35 nm-openvpn[9181]: OpenVPN 2.0.9 i486-pc-linu"..., 110, MSG_NOSIGNAL) = 110
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 10
setsockopt(10, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(10, {sa_family=AF_INET, sin_port=htons(1194), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
listen(10, 1) = 0
fcntl64(10, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
fcntl64(10, F_SETFD, FD_CLOEXEC) = 0
time(NULL) = 1195245935
poll([{fd=10, events=POLLIN|POLLPRI}], 1, 1000) = 0
time(NULL) = 1195245936
poll([{fd=10, events=POLLIN|POLLPRI}], 1, 1000) = 0
time(NULL) = 1195245937
poll([{fd=10, events=POLLIN|POLLPRI}], 1, 1000) = 0
time(NULL) = 1195245938
poll([{fd=10, events=POLLIN|POLLPRI}], 1, 1000) = 0
time(NULL) = 1195245939
poll([{fd=10, events=POLLIN|POLLPRI}], 1, 1000) = 0
time(NULL) = 1195245940
poll([{fd=10, events=POLLIN|POLLPRI, revents=POLLIN}], 1, 1000) = 1
time(NULL) = 1195245940
accept(10, {sa_family=AF_INET, sin_port=htons(59362), sin_addr=inet_addr("127.0.0.1")}, [16]) = 11
fcntl64(11, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
fcntl64(11, F_SETFD, FD_CLOEXEC) = 0
time(NULL) = 1195245940
send(11, ">INFO:OpenVPN Management Interface Version 1 -- type \'help\' for "..., 75, MSG_NOSIGNAL) = 75
time(NULL) = 1195245940
send(11, ">PASSWORD:Need \'Auth\' username/password\r\n", 41, MSG_NOSIGNAL) = 41 <---- PASSWORD was asked but IS NOT given to openvpn
poll([{fd=11, events=POLLIN|POLLPRI, revents=POLLIN}], 1, 1000) = 1
time(NULL) = 1195245940
recv(11, "username \"Auth\" claude\npassword \"Auth\" \n", 256, MSG_NOSIGNAL) = 40
time(NULL) = 1195245940
send(11, "SUCCESS: \'Auth\' username entered, but not yet verified\r\n", 56, MSG_NOSIGNAL) = 56
time(NULL) = 1195245940
send(11, "ERROR: the \'password\' command requires 2 parameters\r\n", 53, MSG_NOSIGNAL) = 53
poll([{fd=11, events=POLLIN|POLLPRI}], 1, 1000) = 0
time(NULL) = 1195245941
poll([{fd=11, events=POLLIN|POLLPRI}], 1, 1000) = 0
time(NULL) = 1195245942
poll([{fd=11, events=POLLIN|POLLPRI}], 1, 1000) = 0
But with a working networkmanager-openvpn (gnome) the asked password is correcly asked and passed:
send(11, ">INFO:OpenVPN Management Interface Version 1 -- type \'help\' for "..., 75, MSG_NOSIGNAL) = 75
time(NULL) = 1195247020
send(11, ">PASSWORD:Need \'Auth\' username/password\r\n", 41, MSG_NOSIGNAL) = 41
poll([{fd=11, events=POLLIN|POLLPRI, revents=POLLIN}], 1, 1000) = 1
time(NULL) = 1195247020
recv(11, "username \"Auth\" claude\npassword \"Auth\" mypassword\n", 256, MSG_NOSIGNAL) = 48 <---- PASSWORD was asked and is given to openvpn
time(NULL) = 1195247020
send(11, "SUCCESS: \'Auth\' username entered, but not yet verified\r\n", 56, MSG_NOSIGNAL) = 56
time(NULL) = 1195247020
send(11, "SUCCESS: \'Auth\' password entered, but not yet verified\r\n", 56, MSG_NOSIGNAL) = 56
rt_sigaction(SIGINT, {0x8080260, [INT], SA_RESTART}, {SIG_DFL}, 8) = 0
** Affects: knetworkmanager (Ubuntu)
Importance: Undecided
Status: New
** Affects: network-manager-openvpn (Ubuntu)
Importance: Undecided
Status: New
** Also affects: knetworkmanager (Ubuntu)
Importance: Undecided
Status: New
--
network-manager-openvpn (kubuntu knetworkmanager version) with password authentication not working
https://bugs.launchpad.net/bugs/163212
You received this bug notification because you are a member of Kubuntu
Team, which is a bug contact for knetworkmanager in ubuntu.
More information about the kubuntu-bugs
mailing list