Re: OpenVPN Problem

From: Dan Williams <dcbw redhat com>
To: rh <listen singsang at>
Cc: networkmanager-list gnome org
Subject: Re: OpenVPN Problem
Date: Tue, 16 Feb 2010 15:08:13 -0800
On Tue, 2010-02-16 at 14:46 +0100, rh wrote:
> 
> R.Hnat
> 
> 
> Dan Williams schrieb: 
> > On Sat, 2010-02-13 at 12:33 +0100, rh wrote:
> >   
> > > Dan Williams schrieb: 
> > >     
> > > > On Thu, 2010-02-11 at 15:40 +0100, rh wrote:
> > > >   
> > > >       
> > > > > R.Hnat
> > > > > 
> > > > > 
> > > > > Dan Williams schrieb: 
> > > > >     
> > > > >         
> > > > > > On Tue, 2010-02-09 at 07:03 +0100, rh wrote:
> > > > > >   
> > > > > >       
> > > > > >           
> > > > > > > Dan Williams schrieb: 
> > > > > > >     
> > > > > > >         
> > > > > > >             
> > > > > > > > On Sat, 2010-01-30 at 10:00 +0100, rh wrote:
> > > > > > > >   
> > > > > > > >       
> > > > > > > >           
> > > > > > > >               
> > > > > > > > > Dan Williams schrieb: 
> > > > > > > > >     
> > > > > > > > >         
> > > > > > > > >             
> > > > > > > > >                 
> > > > > > > > > > On Fri, 2010-01-29 at 15:12 +0100, rh wrote:
> > > > > > > > > >   
> > > > > > > > > >       
> > > > > > > > > >           
> > > > > > > > > >               
> > > > > > > > > >                   
> > > > > > > > > > > I try to connect to an OpenVPN Server (Located on an IPCop) from my
> > > > > > > > > > > Ubuntu Box. I have Configured Netmanager with all necessary parameters 
> > > > > > > > > > > Parameters following an IPCop Howto. But there happens nothing when i
> > > > > > > > > > > try to connect. There are not any Logmessages in /var/log/message, there
> > > > > > > > > > > is no error message, simply no reaction. I have installed
> > > > > > > > > > > Network-Manager and network-Manager-OpenVpn and the
> > > > > > > > > > > Network-Manager-Applet. What could that be?
> > > > > > > > > > >     
> > > > > > > > > > >         
> > > > > > > > > > >             
> > > > > > > > > > >                 
> > > > > > > > > > >                     
> > > > > > > > > > You'll need to reboot after installing a new VPN plugin package.  If you
> > > > > > > > > > do that, does anything different happen?
> > > > > > > > > > 
> > > > > > > > > > Dan
> > > > > > > > > >   
> > > > > > > > > >       
> > > > > > > > > >           
> > > > > > > > > >               
> > > > > > > > > >                   
> > > > > > > > > No this does not change anything. It is just like network-manager
> > > > > > > > > was'nt there. But i can see the process whith 'ps ax'. And i can start
> > > > > > > > > the VPN using the 'openvpn' command from the commandline.
> > > > > > > > >     
> > > > > > > > >         
> > > > > > > > >             
> > > > > > > > >                 
> > > > > > > > Have you configured the connection using nm-connection-editor in the VPN
> > > > > > > > tab?
> > > > > > > > 
> > > > > > > > Dan
> > > > > > > > 
> > > > > > > >   
> > > > > > > >       
> > > > > > > >           
> > > > > > > >               
> > > > > > > Of course I have configured with nm-connection-editor .
> > > > > > >     
> > > > > > >         
> > > > > > >             
> > > > > > Ok, and you're using the applet menu to start the openvpn connection?
> > > > > > If you do this, then choose your VPN from the applet, do you get any
> > > > > > messages?
> > > > > > 
> > > > > > killall -TERM nm-openvpn-service
> > > > > > OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service
> > > > > > 
> > > > > > If that doesn't work, can you attach your ~/.xsession-errors file so we
> > > > > > can see if it's a problem on the GUI side?
> > > > > > 
> > > > > > Dan
> > > > > > 
> > > > > >   
> > > > > >       
> > > > > >           
> > > > > No there is no reaction.
> > > > > 
> > > > > rh Ligeti:~$ killall -TERM nm-openvpn-service
> > > > > nm-openvpn-service: no process found
> > > > > rh Ligeti:~$ OPENVPN_DEBUG=1 /usr/libexec/nm-openvpn-service
> > > > > bash: /usr/libexec/nm-openvpn-service: No such file or directory
> > > > >     
> > > > >         
> > > > Oh sorry... Debian-based distros put it elsewhere.  Try this:
> > > > 
> > > > killall -TERM nm-openvpn-service
> > > > OPENVPN_DEBUG=1 /usr/lib/network-manager-openvpn/nm-openvpn-service
> > > > 
> > > > and then lets see what it prints out.  If it's not there, then
> > > > 
> > > > dpkg -L network-manager-openvpn | grep nm-openvpn-service
> > > > 
> > > > will tell you where the binary is located.
> > > > 
> > > > Dan
> > > > 
> > > >   
> > > >       
> > > OPENVPN_DEBUG=1 /usr/lib/network-manager-openvpn/nm-openvpn-service does nothing and has to be stopped with ^C.
> > >     
> > 
> > It won't print anything until it's told to make a VPN connection by
> > NetworkManager.  So just to confirm, you run this command, and then
> > you're choosing your VPN connection from the menu to start it, right?
> > And you get no output?
> > 
> > And you're running them as root, right?
> > 
> > Can you provide /var/log/daemon.log for me after this failure has
> > occurred?
> > 
> >   
> > > And here is what dpkg... says:
> > > rh Ligeti:~$ dpkg -L network-manager-openvpn |grep nm-openvpn-service
> > > /usr/lib/network-manager-openvpn/nm-openvpn-service
> > > /usr/lib/network-manager-openvpn/nm-openvpn-service-openvpn-helper
> > > /etc/dbus-1/system.d/nm-openvpn-service.conf
> > > /etc/NetworkManager/VPN/nm-openvpn-service.name
> > > 
> > > Might it be that the problem is that all these files are 'root-owned'
> > > and not executable from a simple user?
> > >     
> > 
> > No, they are supposed to be root owned since they are security sensitive
> > and must launch privileged processes (your VPN).  Normally they are
> > spawned automatically by NetworkManager when needed, so the only time
> > they are really run by a user is for debugging.
> > 
> > Hopefully we can get to the bottom of this...
> > 
> > Dan
> > 
> >   
> 
> OPENVPN_DEBUG=1 /usr/lib/network-manager-openvpn/nm-openvpn-service does not outpu anything even when i try to make a VPN-Connection with NetManager.
> I enclose /var/log/daemon.log. While looking at it it seems to me that Netmanager is dealing only with eth0. The interface i use for all network traffic is eth1. Could this be the problem? And if yes how to deal with?

This could well be.  Note this line:

SCPluginIfupdown: management mode: unmanaged

That means that NetworkManager has been told to ignore any device that's
listed in /etc/network/interfaces.  If you change "managed" to "true"
in /etc/NetworkManager/nm-system-settings.conf, does this make stuff
work?  I believe that on Debian the managed=false value was chose to
make sure that NM didn't try to take over existing interfaces on upgrade
to an NM-enabled system (but of course applying the same configuration
from /etc/network/interfaces anyway so it wouldn't make a difference,
but...).

Since there are certain parameters that NM needs to know about the
device's IP configuration and routing to bring up and manage the VPN
connection, that can only be easily obtained when NM manages the
underlying network device, only managed devices can be used with
NM-enabled VPN connections.

So I think managed=true in /etc/NetworkManager/nm-system-settings in the
[ifupdown] block will do what you want.

Dan
Follow-Ups:
- Re: OpenVPN Problem
  - From: rh
- Re: OpenVPN Problem
  - From: rh
References:
- Re: OpenVPN Problem
  - From: Dan Williams
- Re: OpenVPN Problem
  - From: rh
- Re: OpenVPN Problem
  - From: Dan Williams
- Re: OpenVPN Problem
  - From: rh
- Re: OpenVPN Problem
  - From: Dan Williams
- Re: OpenVPN Problem
  - From: rh
- Re: OpenVPN Problem
  - From: Dan Williams
- Re: OpenVPN Problem
  - From: rh
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]