NetworkManager 1.2.4
NetworkManager-openvpn 1.2.6 and 1.2.8 (same problem in both)
$ nmcli --version
nmcli tool, version 1.2.4
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.10
Release: 16.10
Codename: yakkety
$ openvpn --version
OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH]
[IPv6] built on Jun 22 2016
library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sa...@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes
enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no
enable_dlopen=unknown enable_dlopen_self=unknown
enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes
enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes
enable_lzo=yes enable_lzo_stub=no enable_maintainer_mode=no
enable_management=yes enable_multi=yes enable_multihome=yes
enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes
enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes
enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes
enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no
enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes
enable_strict=no enable_strict_options=no enable_systemd=yes
enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix
with_crypto_library=openssl with_gnu_ld=yes wit
h_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_sysroot=no
$ tail -f /var/log/syslog
Feb 2 23:49:01 computer NetworkManager[1329]: <info> [1486108141.0702] audit:
op="connection-activate" uuid="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
name="example" pid=3136 uid=1000 result="success"
Feb 2 23:49:01 computer NetworkManager[1329]: <info> [1486108141.0741]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
Started the VPN service, PID 5074
Feb 2 23:49:01 computer NetworkManager[1329]: <info> [1486108141.0828]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
Saw the service appear; activating connection
Feb 2 23:49:01 computer nm-openvpn[5081]: OpenVPN 2.3.11 x86_64-pc-linux-gnu
[SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2016
Feb 2 23:49:01 computer nm-openvpn[5081]: library versions: OpenSSL 1.0.2g 1
Mar 2016, LZO 2.08
Feb 2 23:49:01 computer NetworkManager[1329]: nm-openvpn[5074] <info>
openvpn[5081] started
Feb 2 23:49:01 computer NetworkManager[1329]: <info> [1486108141.1490]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN plugin: state changed: starting (3)
Feb 2 23:49:01 computer NetworkManager[1329]: <info> [1486108141.1491]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN connection: (ConnectInteractive) reply received
Feb 2 23:49:01 computer nm-openvpn[5081]: NOTE: the current --script-security
setting may allow this configuration to call user-defined scripts
Feb 2 23:49:01 computer nm-openvpn[5081]: Control Channel Authentication:
using '/home/ubuntu/vpn/ovpn.example.net/networkmanager/example.ovpn.tls-auth'
as a OpenVPN static key file
Feb 2 23:49:01 computer nm-openvpn[5081]: NOTE: chroot will be delayed because
of --client, --pull, or --up-delay
Feb 2 23:49:01 computer nm-openvpn[5081]: NOTE: UID/GID downgrade will be
delayed because of --client, --pull, or --up-delay
Feb 2 23:49:01 computer nm-openvpn[5081]: UDPv4 link local: [undef]
Feb 2 23:49:01 computer nm-openvpn[5081]: UDPv4 link remote:
[AF_INET]10.10.10.10:1194
Feb 2 23:49:01 computer nm-openvpn[5081]: WARNING: 'link-mtu' is used
inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Feb 2 23:49:01 computer nm-openvpn[5081]: WARNING: 'comp-lzo' is present in
remote config but missing in local config, remote='comp-lzo'
Feb 2 23:49:01 computer nm-openvpn[5081]: [OpenVPN Server] Peer Connection
Initiated with [AF_INET]10.10.10.10:1194
Feb 2 23:49:04 computer nm-openvpn[5081]: AUTH: Received control message:
AUTH_FAILED
Feb 2 23:49:04 computer nm-openvpn[5081]: SIGUSR1[soft,auth-failure] received,
process restarting
Feb 2 23:49:04 computer NetworkManager[1329]: nm-openvpn[5074] <warn>
Password verification failed
Feb 2 23:49:06 computer NetworkManager[1329]: <info> [1486108146.0884]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN plugin: requested secrets; state connect (4)
Feb 2 23:49:06 computer nm-openvpn[5081]: NOTE: the current --script-security
setting may allow this configuration to call user-defined scripts
Feb 2 23:49:06 computer nm-openvpn[5081]: UDPv4 link local: [undef]
Feb 2 23:49:06 computer nm-openvpn[5081]: UDPv4 link remote:
[AF_INET]10.10.10.10:1194
Feb 2 23:49:06 computer nm-openvpn[5081]: WARNING: 'link-mtu' is used
inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Feb 2 23:49:06 computer nm-openvpn[5081]: WARNING: 'comp-lzo' is present in
remote config but missing in local config, remote='comp-lzo'
Feb 2 23:49:06 computer nm-openvpn[5081]: [OpenVPN Server] Peer Connection
Initiated with [AF_INET]10.10.10.10:1194
Feb 2 23:49:08 computer nm-openvpn[5081]: AUTH: Received control message:
AUTH_FAILED
Feb 2 23:49:08 computer nm-openvpn[5081]: SIGUSR1[soft,auth-failure] received,
process restarting
Feb 2 23:49:08 computer NetworkManager[1329]: nm-openvpn[5074] <warn>
Password verification failed
Feb 2 23:49:09 computer NetworkManager[1329]: <info> [1486108149.2841] audit:
op="connection-deactivate" uuid="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
name="example" pid=3136 uid=1000 result="success"
Feb 2 23:49:09 computer dbus[1315]: [system] Activating via systemd: service
name='org.freedesktop.nm_dispatcher'
unit='dbus-org.freedesktop.nm-dispatcher.service'
Feb 2 23:49:09 computer NetworkManager[1329]: nm-openvpn[5074] <info>
openvpn[5081]: send SIGTERM
Feb 2 23:49:09 computer NetworkManager[1329]: nm-openvpn[5074] <info> wait
for 1 openvpn processes to terminate...
Feb 2 23:49:09 computer nm-openvpn[5081]: SIGTERM[hard,init_instance]
received, process exiting
Feb 2 23:49:09 computer NetworkManager[1329]: nm-openvpn[5074] <info>
openvpn[5081] exited with success
Feb 2 23:49:09 computer NetworkManager[1329]: <warn> [1486108149.2918]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN plugin: failed: connect-failed (1)
Feb 2 23:49:09 computer NetworkManager[1329]: <info> [1486108149.2919]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN plugin: state changed: stopping (5)
Feb 2 23:49:09 computer dbus-daemon[2669]: Activating service
name='org.freedesktop.Notifications'
Feb 2 23:49:09 computer dbus-daemon[2669]: Successfully activated service
'org.freedesktop.Notifications'
Feb 2 23:49:09 computer NetworkManager[1329]: <info> [1486108149.2921]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN plugin: state changed: stopped (6)
Feb 2 23:49:09 computer systemd[1]: Starting Network Manager Script Dispatcher
Service...
Feb 2 23:49:09 computer dbus[1315]: [system] Successfully activated service
'org.freedesktop.nm_dispatcher'
Feb 2 23:49:09 computer systemd[1]: Started Network Manager Script Dispatcher
Service.
Feb 2 23:49:09 computer nm-dispatcher: req:1 'vpn-down' [eth0]: new request (1
scripts)
Feb 2 23:49:09 computer nm-dispatcher: req:1 'vpn-down' [eth0]: start running
ordered scripts...
$ journalctl -u NetworkManager
Feb 02 23:49:01 computer NetworkManager[1329]: <info> [1486108141.0702] audit:
op="connection-activate" uuid="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
name="example" pid=3136 uid=1000 result="success"
Feb 02 23:49:01 computer NetworkManager[1329]: <info> [1486108141.0741]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
Started the VPN service, PID 5074
Feb 02 23:49:01 computer NetworkManager[1329]: <info> [1486108141.0828]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
Saw the service appear; activating connection
Feb 02 23:49:01 computer nm-openvpn[5081]: OpenVPN 2.3.11 x86_64-pc-linux-gnu
[SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2016
Feb 02 23:49:01 computer nm-openvpn[5081]: library versions: OpenSSL 1.0.2g 1
Mar 2016, LZO 2.08
Feb 02 23:49:01 computer NetworkManager[1329]: nm-openvpn[5074] <info>
openvpn[5081] started
Feb 02 23:49:01 computer NetworkManager[1329]: <info> [1486108141.1490]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN plugin: state changed: starting (3)
Feb 02 23:49:01 computer NetworkManager[1329]: <info> [1486108141.1491]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN connection: (ConnectInteractive) reply received
Feb 02 23:49:01 computer nm-openvpn[5081]: NOTE: the current --script-security
setting may allow this configuration to call user-defined scripts
Feb 02 23:49:01 computer nm-openvpn[5081]: Control Channel Authentication:
using '/home/ubuntu/vpn/ovpn.example.net/networkmanager/example.ovpn.tls-auth'
as a OpenVPN static key file
Feb 02 23:49:01 computer nm-openvpn[5081]: NOTE: chroot will be delayed because
of --client, --pull, or --up-delay
Feb 02 23:49:01 computer nm-openvpn[5081]: NOTE: UID/GID downgrade will be
delayed because of --client, --pull, or --up-delay
Feb 02 23:49:01 computer nm-openvpn[5081]: UDPv4 link local: [undef]
Feb 02 23:49:01 computer nm-openvpn[5081]: UDPv4 link remote:
[AF_INET]10.10.10.10:1194
Feb 02 23:49:01 computer nm-openvpn[5081]: WARNING: 'link-mtu' is used
inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Feb 02 23:49:01 computer nm-openvpn[5081]: WARNING: 'comp-lzo' is present in
remote config but missing in local config, remote='comp-lzo'
Feb 02 23:49:01 computer nm-openvpn[5081]: [OpenVPN Server] Peer Connection
Initiated with [AF_INET]10.10.10.10:1194
Feb 02 23:49:04 computer nm-openvpn[5081]: AUTH: Received control message:
AUTH_FAILED
Feb 02 23:49:04 computer nm-openvpn[5081]: SIGUSR1[soft,auth-failure] received,
process restarting
Feb 02 23:49:04 computer NetworkManager[1329]: nm-openvpn[5074] <warn>
Password verification failed
Feb 02 23:49:06 computer NetworkManager[1329]: <info> [1486108146.0884]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN plugin: requested secrets; state connect (4)
Feb 02 23:49:06 computer nm-openvpn[5081]: NOTE: the current --script-security
setting may allow this configuration to call user-defined scripts
Feb 02 23:49:06 computer nm-openvpn[5081]: UDPv4 link local: [undef]
Feb 02 23:49:06 computer nm-openvpn[5081]: UDPv4 link remote:
[AF_INET]10.10.10.10:1194
Feb 02 23:49:06 computer nm-openvpn[5081]: WARNING: 'link-mtu' is used
inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Feb 02 23:49:06 computer nm-openvpn[5081]: WARNING: 'comp-lzo' is present in
remote config but missing in local config, remote='comp-lzo'
Feb 02 23:49:06 computer nm-openvpn[5081]: [OpenVPN Server] Peer Connection
Initiated with [AF_INET]10.10.10.10:1194
Feb 02 23:49:08 computer nm-openvpn[5081]: AUTH: Received control message:
AUTH_FAILED
Feb 02 23:49:08 computer nm-openvpn[5081]: SIGUSR1[soft,auth-failure] received,
process restarting
Feb 02 23:49:08 computer NetworkManager[1329]: nm-openvpn[5074] <warn>
Password verification failed
Feb 02 23:49:09 computer NetworkManager[1329]: <info> [1486108149.2841] audit:
op="connection-deactivate" uuid="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
name="example" pid=3136 uid=1000 result="success"
Feb 02 23:49:09 computer NetworkManager[1329]: nm-openvpn[5074] <info>
openvpn[5081]: send SIGTERM
Feb 02 23:49:09 computer NetworkManager[1329]: nm-openvpn[5074] <info> wait
for 1 openvpn processes to terminate...
Feb 02 23:49:09 computer NetworkManager[1329]: nm-openvpn[5074] <info>
openvpn[5081] exited with success
Feb 02 23:49:09 computer NetworkManager[1329]: <warn> [1486108149.2918]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN plugin: failed: connect-failed (1)
Feb 02 23:49:09 computer NetworkManager[1329]: <info> [1486108149.2919]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN plugin: state changed: stopping (5)
Feb 02 23:49:09 computer NetworkManager[1329]: <info> [1486108149.2921]
vpn-connection[0x557d295f73c0,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,"example",0]:
VPN plugin: state changed: stopped (6)
$ nmcli con s example
connection.id: example
connection.uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
connection.interface-name: --
connection.type: vpn
connection.autoconnect: yes
connection.autoconnect-priority: 0
connection.timestamp: 0
connection.read-only: no
connection.permissions: user:ubuntu
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries:
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: -1 (default)
ipv4.method: auto
ipv4.dns:
ipv4.dns-search:
ipv4.dns-options: (default)
ipv4.dns-priority: 0
ipv4.addresses:
ipv4.gateway: --
ipv4.routes:
ipv4.route-metric: -1
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-timeout: 0
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.dad-timeout: -1 (default)
ipv6.method: auto
ipv6.dns:
ipv6.dns-search:
ipv6.dns-options: (default)
ipv6.dns-priority: 0
ipv6.addresses:
ipv6.gateway: --
ipv6.routes:
ipv6.route-metric: -1
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: 0 (disabled)
ipv6.addr-gen-mode: stable-privacy
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
vpn.service-type: org.freedesktop.NetworkManager.openvpn
vpn.user-name: --
vpn.data: key =
/home/ubuntu/vpn/ovpn.example.net/networkmanager/example.ovpn.key,
verify-x509-name = subject:CN=OpenVPN Server, dev = tun, ca =
/home/ubuntu/vpn/ovpn.example.net/networkmanager/example.ovpn.ca.crt, cert =
/home/ubuntu/vpn/ovpn.example.net/networkmanager/example.ovpn.user.crt,
username = myusername, dev-type = tun, ns-cert-type = server, reneg-seconds =
604800, cert-pass-flags = 0, cipher = AES-128-CBC, remote =
10.10.10.10:1194:udp, password-flags = 1, connection-type = password-tls,
ta-dir = 1, ta =
/home/ubuntu/vpn/ovpn.example.net/networkmanager/example.ovpn.tls-auth
vpn.secrets: <hidden>
vpn.persistent: no
vpn.timeout: 0
** Bug watch added: GNOME Bug Tracker #778123
https://bugzilla.gnome.org/show_bug.cgi?id=778123
** Also affects: network-manager-openvpn via
https://bugzilla.gnome.org/show_bug.cgi?id=778123
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager-openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1661098
Title:
auth_failed when attempting openvpn via networkmanager
Status in NetworkManager-OpenVPN:
Unknown
Status in network-manager-openvpn package in Ubuntu:
New
Bug description:
Attempting to establish an OpenVPN session via network-manager-openvpn
fails with a password authentication error, even though the username
and password I entered are correct. The following messages in syslog:
Feb 1 12:44:54 computer nm-openvpn[21582]: NOTE: the current
--script-security setting may allow this configuration to call user-defined
scripts
Feb 1 12:44:54 computer nm-openvpn[21582]: UDPv4 link local: [undef]
Feb 1 12:44:54 computer nm-openvpn[21582]: UDPv4 link remote:
[AF_INET]209.148.113.36:1194
Feb 1 12:44:54 computer nm-openvpn[21582]: WARNING: 'link-mtu' is used
inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Feb 1 12:44:54 computer nm-openvpn[21582]: WARNING: 'comp-lzo' is
present in remote config but missing in local config, remote='comp-lzo'
Feb 1 12:44:54 computer nm-openvpn[21582]: [OpenVPN Server] Peer
Connection Initiated with [AF_INET]209.148.113.36:1194
Feb 1 12:44:56 computer nm-openvpn[21582]: AUTH: Received control
message: AUTH_FAILED
Feb 1 12:44:56 computer nm-openvpn[21582]: SIGUSR1[soft,auth-failure]
received, process restarting
Feb 1 12:44:56 computer NetworkManager[1322]: nm-openvpn[21574] <warn>
Password verification failed
I am able to establish the session by manually running openvpn from
the command line, using the same username, password, and the ovpn file
from which NetworkManager imported the setttings.
I'm running Xubuntu 16.10 (yakkety).
I did not have this problem in Ubuntu 16.04 (xenial).
To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager-openvpn/+bug/1661098/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
