Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1365926 - Unable to connect to the VPN via openconnect Gnome network-manager-applet
Summary: Unable to connect to the VPN via openconnect Gnome network-manager-applet
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: network-manager-applet
Version: 24
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-10 14:13 UTC by Milda
Modified: 2017-08-08 16:23 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-08 16:23:59 UTC


Attachments (Terms of Use)

Description Milda 2016-08-10 14:13:22 UTC
Description of problem:

Unable to connect to the VPN via openconnect Gnome network-manager-applet. Connection via CLI openconnect is possible and successfull.

Version-Release number of selected component (if applicable):

Fedora 24

network-manager-applet-1.2.0-1.fc24.x86_64
NetworkManager-openconnect-1.2.2-1.fc24.x86_64
openconnect-7.07-2.fc24.x86_64


How reproducible:

Steps to Reproduce:
1. Create a new Cisco AnyConnect Compatible VPN (openconnect) in Gnome NetworkManager Applet
2. Set gateway in the new AnyConnect Compatible VPN 



Actual results:

journalctl -u NetworkManager.service

srp 10 16:03:27 linux NetworkManager[1112]: <info>  [1470837807.1458] audit: op="connection-activate" uuid="4e43ac25-a0dd-4e17-a160-5072730720f3" name="Kopecek" pid=14381 uid=1000 result="success"
srp 10 16:03:27 linux NetworkManager[1112]: <info>  [1470837807.1510] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: Started the VPN service, PID 17532
srp 10 16:03:27 linux NetworkManager[1112]: <info>  [1470837807.1650] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: Saw the service appear; activating connection
srp 10 16:03:52 linux NetworkManager[1112]: <error> [1470837832.2665] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: Failed to request VPN secrets #3: No agents were available for this request.


Expected results:

If I run openconnect from command line it connects successfully!

[root@linux ~]# openconnect vpn2.xxx.com/ssl-technet
POST https://vpn2.xxx.com/ssl-technet
Připojen k xx.xx.49.150:443
Jednání SSL s vpn2.xxx.com
Spojeno s HTTPS na vpn2.xxx.com
XML POST povolen
Please enter your username and password.
Username:milda
PASSCODE:
POST https://vpn2.xxx.com/
Enter the next card code to complete authentication.
Token Code:
POST https://vpn2.xxx.com/
Obdržena odpověď SPOJENÍ : HTTP/1.1 200 OK
CSTP spojeno. DPD 30, (udržet naživu) Keepalive 20
Spojeno jako 192.168.75.30, pomocí SSL
DTLS spojení sestaveno (použito GnuTLS). Šifrování: (DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1)


Success

Additional info:


regards

Comment 1 Milda 2016-08-10 14:38:37 UTC
It seems that it relates with some timer 25 sec. 

this part of log appears immediatelly if I try to open connection via NM

srp 10 16:23:43 linux NetworkManager[1112]: <info>  [1470839023.6779] audit: op="connection-activate" uuid="4e43ac25-a0dd-4e17-a160-5072730720f3" name="Kopecek" pid=14381 uid=1000 result="success"
srp 10 16:23:43 linux NetworkManager[1112]: <info>  [1470839023.6847] vpn-connection[0x563d753083d0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: Started the VPN service, PID 18082
srp 10 16:23:43 linux NetworkManager[1112]: <info>  [1470839023.6953] vpn-connection[0x563d753083d0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: Saw the service appear; activating connection


after 25 sec appears this one

srp 10 16:24:08 linux NetworkManager[1112]: <error> [1470839048.8013] vpn-connection[0x563d753083d0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: Failed to request VPN secrets #3: No agents were available for this request.


If I get the authentication token via SMS quickly and catch to fulfil the form the connection is successfull.



example of successfull connection


srp 10 16:33:21 linux NetworkManager[1112]: <info>  [1470839601.0755] audit: op="connection-activate" uuid="4e43ac25-a0dd-4e17-a160-5072730720f3" name="Kopecek" pid=14381 uid=1000 result="success"
srp 10 16:33:21 linux NetworkManager[1112]: <info>  [1470839601.0805] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: Started the VPN service, PID 18266
srp 10 16:33:21 linux NetworkManager[1112]: <info>  [1470839601.0931] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: Saw the service appear; activating connection
srp 10 16:33:35 linux NetworkManager[1112]: <info>  [1470839615.4399] keyfile: update /etc/NetworkManager/system-connections/Kopecek (4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek")
srp 10 16:33:35 linux NetworkManager[1112]: <info>  [1470839615.4465] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: VPN connection: (ConnectInteractive) reply received
srp 10 16:33:35 linux NetworkManager[1112]: ** (nm-openconnect-service:18266): WARNING **: property 'cookie-flags' unknown
srp 10 16:33:35 linux NetworkManager[1112]: ** (nm-openconnect-service:18266): WARNING **: property 'certsigs-flags' unknown
srp 10 16:33:35 linux NetworkManager[1112]: ** (nm-openconnect-service:18266): WARNING **: property 'lasthost-flags' unknown
srp 10 16:33:35 linux NetworkManager[1112]: ** (nm-openconnect-service:18266): WARNING **: property 'autoconnect-flags' unknown
srp 10 16:33:35 linux NetworkManager[1112]: ** (nm-openconnect-service:18266): WARNING **: property 'gateway-flags' unknown
srp 10 16:33:35 linux NetworkManager[1112]: ** (nm-openconnect-service:18266): WARNING **: property 'gwcert-flags' unknown
srp 10 16:33:35 linux NetworkManager[1112]: ** (nm-openconnect-service:18266): WARNING **: property 'xmlconfig-flags' unknown
srp 10 16:33:35 linux NetworkManager[1112]: ** (nm-openconnect-service:18266): WARNING **: property 'lasthost' unknown
srp 10 16:33:35 linux NetworkManager[1112]: ** (nm-openconnect-service:18266): WARNING **: Created tundev vpn0
srp 10 16:33:35 linux NetworkManager[1112]: ** Message: openconnect started with pid 18283
srp 10 16:33:35 linux NetworkManager[1112]: <info>  [1470839615.4516] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: VPN plugin: state changed: starting (3)
srp 10 16:33:35 linux openconnect[18283]: Připojen k xx.xx.49.150:443
srp 10 16:33:35 linux openconnect[18283]: Jednání SSL s xx.xx.49.150
srp 10 16:33:35 linux openconnect[18283]: Ověření osvědčení serveru se nezdařilo: podepisující nenalezen
srp 10 16:33:35 linux openconnect[18283]: Spojeno s HTTPS na xx.xx.49.150
srp 10 16:33:35 linux openconnect[18283]: Obdržena odpověď SPOJENÍ : HTTP/1.1 200 OK
srp 10 16:33:35 linux openconnect[18283]: CSTP spojeno. DPD 30, (udržet naživu) Keepalive 20
srp 10 16:33:35 linux openconnect[18283]: Spojeno jako 192.168.75.32, pomocí SSL
srp 10 16:33:35 linux openconnect[18283]: DTLS spojení sestaveno (použito GnuTLS). Šifrování: (DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1)
srp 10 16:33:40 linux openconnect[18283]: SIOCSIFMTU: Operation not permitted
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.6952] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",0]: VPN connection: (IP Config Get) reply received.
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.6993] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: VPN connection: (IP4 Config Get) reply received
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7005] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data: VPN Gateway: xx.xx.49.150
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7005] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data: Tunnel Device: vpn0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7005] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data: IPv4 configuration:
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7005] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Internal Address: 192.168.75.32
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7006] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Internal Prefix: 24
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7006] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Internal Point-to-Point Address: 192.168.75.32
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7006] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Maximum Segment Size (MSS): 0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7007] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: 172.21.120.9/32   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7007] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: 192.168.75.201/32   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7007] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: 192.168.75.200/32   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7007] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: 172.25.0.0/16   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7008] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: xx.xx.195.25/32   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7008] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: xx.xx.252.85/32   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7008] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: xx.xx.172.160/28   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7008] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: xx.xx.252.103/32   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7009] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: 10.0.0.0/8   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7009] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: 192.168.75.1/32   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7009] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: xx.xx.196.0/24   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7009] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: xx.xx.195.0/24   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7010] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Static Route: xx.xx.64.0/24   Next Hop: 0.0.0.0
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7010] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Forbid Default Route: yes
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7010] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Internal DNS: xx.xx.64.3
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7010] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   Internal DNS: xx.xx.64.2
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7011] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data:   DNS Domain: 'xxx.com'
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7011] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: Data: No IPv6 configuration
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7013] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: VPN plugin: state changed: started (4)
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7485] vpn-connection[0x563d753087b0,4e43ac25-a0dd-4e17-a160-5072730720f3,"Kopecek",5:(vpn0)]: VPN connection: (IP Config Get) complete
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7517] device (vpn0): state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7563] keyfile: add connection in-memory (bea8bdab-b97c-4ebd-9c6a-5999514820a0,"vpn0")
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7569] device (vpn0): state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7579] device (vpn0): Activation: starting connection 'vpn0' (bea8bdab-b97c-4ebd-9c6a-5999514820a0)
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7788] device (vpn0): state change: disconnected -> prepare (reason 'none') [30 40 0]
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7794] device (vpn0): state change: prepare -> config (reason 'none') [40 50 0]
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7798] device (vpn0): state change: config -> ip-config (reason 'none') [50 70 0]
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.7801] device (vpn0): state change: ip-config -> ip-check (reason 'none') [70 80 0]
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.8090] device (vpn0): state change: ip-check -> secondaries (reason 'none') [80 90 0]
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.8094] device (vpn0): state change: secondaries -> activated (reason 'none') [90 100 0]
srp 10 16:33:40 linux NetworkManager[1112]: <info>  [1470839620.8107] device (vpn0): Activation: successful, device activated.



regards Milda

Comment 2 Blueowl 2016-08-10 15:53:04 UTC
It seems to be the short timeout issue solved in bug 1337424.
Please consider upgrading to the latest version.

Comment 3 Milda 2016-08-11 10:46:41 UTC
Hi,
I have updated the NetworkManager-openconnect package from the fedora 25   (NetworkManager-openconnect-1.2.3-0.20160606git5009f9 rebuild the package from the source rpm) and without success. The problem hasn't been solved.

regards Milda

Comment 4 Blueowl 2016-08-11 11:35:47 UTC
The timeout fix is actually in NetworkManager itself. Have you upgraded it as well?
https://bugzilla.redhat.com/show_bug.cgi?id=1337424#c4

Comment 5 Milda 2016-08-11 13:16:22 UTC
Yes I have compiled and installed all Network-manager packages from source v. 1.4.0-0.4 With no change. 

regards Michal

Comment 6 Fedora End Of Life 2017-07-25 22:21:31 UTC
This message is a reminder that Fedora 24 is nearing its end of life.
Approximately 2 (two) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 24. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '24'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 24 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

Comment 7 Fedora End Of Life 2017-08-08 16:23:59 UTC
Fedora 24 changed to end-of-life (EOL) status on 2017-08-08. Fedora 24 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.