Bug 502595

Summary: vpnc (vpn cisco) unable to access gnome keyring rendering it useless
Product: [openSUSE] openSUSE 11.2 Reporter: Greg Riedesel <greg>
Component: GNOMEAssignee: Tambet Ingo <tambet>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P2 - High CC: forgotten_wbt-beX79k, vuntz
Version: Milestone 1Flags: coolo: SHIP_STOPPER-
Target Milestone: ---   
Hardware: 32bit   
OS: Other   
Whiteboard:
Found By: Beta-Customer Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Greg Riedesel 2009-05-11 03:59:56 UTC 
It seems that NetworkManager-vpnc can't access the gnome keyring. Since that's where the passwords are stored, this renders this component completely broken. When it fails, /var/log/messages has the following log-lines:

May 10 20:45:26 linux-royi dbus-daemon: Rejected send message, 1 matched rules; 
type="method_call", sender=":1.8" (uid=0 pid=2903 comm="/usr/sbin/NetworkManager
 ") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" e
rror name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManage
r.vpnc" (uid=0 pid=29055 comm="/usr/lib/nm-vpnc-service "))
May 10 20:45:26 linux-royi dbus-daemon: Rejected send message, 1 matched rules; 
type="method_call", sender=":1.8" (uid=0 pid=2903 comm="/usr/sbin/NetworkManager
 ") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" er
ror name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager
.vpnc" (uid=0 pid=29055 comm="/usr/lib/nm-vpnc-service "))

/var/log/NetworkManager throws these lines:

May 10 20:45:25 linux-royi NetworkManager: <info>  Starting VPN service 'org.fre
edesktop.NetworkManager.vpnc'...
May 10 20:45:26 linux-royi NetworkManager: <info>  VPN service 'org.freedesktop.
NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 29055
May 10 20:45:26 linux-royi NetworkManager: <info>  VPN service 'org.freedesktop.
NetworkManager.vpnc' just appeared, activating connections
May 10 20:45:26 linux-royi NetworkManager: nm-vpn-connection.c.900: NeedSecrets 
failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="meth
od_call", sender=":1.8" (uid=0 pid=2903 comm="/usr/sbin/NetworkManager ") interf
ace="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name=
"(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.vpnc" (u
id=0 pid=29055 comm="/usr/lib/nm-vpnc-service "))
May 10 20:45:26 linux-royi NetworkManager: <WARN>  connection_state_changed(): R
ejected send message, 1 matched rules; type="method_call", sender=":1.8" (uid=0 
pid=2903 comm="/usr/sbin/NetworkManager ") interface="org.freedesktop.NetworkMan
ager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 dest
ination="org.freedesktop.NetworkManager.vpnc" (uid=0 pid=29055 comm="/usr/lib/nm
-vpnc-service "))

The dbus modules are the same as on the Milestone 1 release.
Comment 1 Greg Riedesel 2009-05-11 04:43:26 UTC 
The same seems to happen with the NetworkManager-pptp support. Similar log-lines:

Messages:
May 10 21:39:30 linux-royi dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.8" (uid=0 pid=2903 comm="/usr/sbin/NetworkManager ") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=31705 comm="/usr/lib/nm-pptp-service "))
May 10 21:39:30 linux-royi dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.8" (uid=0 pid=2903 comm="/usr/sbin/NetworkManager ") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=31705 comm="/usr/lib/nm-pptp-service "))

NetworkManager:
May 10 21:39:30 linux-royi NetworkManager: <info>  Starting VPN service 'org.fre
edesktop.NetworkManager.pptp'...
May 10 21:39:30 linux-royi NetworkManager: <info>  VPN service 'org.freedesktop.
NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 31705
May 10 21:39:30 linux-royi NetworkManager: <info>  VPN service 'org.freedesktop.
NetworkManager.pptp' just appeared, activating connections
May 10 21:39:30 linux-royi NetworkManager: nm-vpn-connection.c.900: NeedSecrets 
failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="meth
od_call", sender=":1.8" (uid=0 pid=2903 comm="/usr/sbin/NetworkManager ") interf
ace="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name=
"(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.pptp" (u
id=0 pid=31705 comm="/usr/lib/nm-pptp-service "))
May 10 21:39:30 linux-royi NetworkManager: <WARN>  connection_state_changed(): R
ejected send message, 1 matched rules; type="method_call", sender=":1.8" (uid=0 
pid=2903 comm="/usr/sbin/NetworkManager ") interface="org.freedesktop.NetworkMan
ager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 dest
ination="org.freedesktop.NetworkManager.pptp" (uid=0 pid=31705 comm="/usr/lib/nm
-pptp-service "))
May 10 21:39:30 linux-royi NetworkManager: <debug> [1242016770.596492] run_netco
nfig(): Spawning '/sbin/netconfig modify --service NetworkManager'

Bug 501829 suggests the same thing is happening with OpenVPN. I don't know if this is a NetworkManager problem, or a Gnome problem.
Comment 2 Greg Riedesel 2009-05-12 03:40:18 UTC 
As it happens, I had a problem with 11.1 where NetworkManager wasn't able to access the keyring for the WPA key, which forced me to "connect to hidden network" every time I wanted to get on my home network. Once I was on, it also threw the above errors when connecting to VPN. 

11.2.m1 DOES read the WPA key from the keyring, but still doesn't allow VPN.
Comment 3 Vincent Untz 2009-06-09 10:30:51 UTC 
It seems the dbus config needs to be fixed.
Comment 4 Tambet Ingo 2009-06-09 12:28:24 UTC 
Fixed.
Comment 5 Forgotten User wbt-beX79k 2009-09-15 20:57:56 UTC 
It looks like this is still a problem in milestone 7.  I just did a clean install (but with my homedir from SLED 11) and am getting the same problem:

Sep 15 13:56:18 delder NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.vpnc'...
Sep 15 13:56:18 delder NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 31937
Sep 15 13:56:18 delder NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.vpnc' just appeared, activating connections
Sep 15 13:56:18 delder NetworkManager: nm-vpn-connection.c.900: NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.25" (uid=0 pid=5482 comm="/usr/sbin/NetworkManager) interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.vpnc" (uid=0 pid=31937 comm="/usr/lib/nm-vpnc-service))
Sep 15 13:56:18 delder NetworkManager: <WARN>  connection_state_changed(): Rejected send message, 1 matched rules; type="method_call", sender=":1.25" (uid=0 pid=5482 comm="/usr/sbin/NetworkManager) interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.vpnc" (uid=0 pid=31937 comm="/usr/lib/nm-vpnc-service))
Comment 6 Forgotten User wbt-beX79k 2009-09-17 18:02:57 UTC 
Oddly enough, after several days and reboots nm-applet is connecting to vpnc networks just fine.  OpenVPN connections are still failing but it doesn't appear to be a dbus error at least.  In the logs I see:

Sep 17 11:00:47 delder NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Sep 17 11:00:47 delder NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 16399
Sep 17 11:00:47 delder NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Sep 17 11:00:47 delder NetworkManager: <info>  VPN plugin state changed: 1
Sep 17 11:00:47 delder NetworkManager: <info>  VPN plugin state changed: 3
Sep 17 11:00:47 delder NetworkManager: <info>  VPN connection 'Guthy-Renker' (Connect) reply received.
Sep 17 11:00:47 delder NetworkManager: <WARN>  nm_vpn_connection_connect_cb(): VPN connection 'Guthy-Renker' failed to connect: 'No VPN secrets!'.
Sep 17 11:00:47 delder NetworkManager: <WARN>  connection_state_changed(): Could not process the request because no VPN connection was active.
Sep 17 11:00:47 delder NetworkManager: <debug> [1253210447.417080] run_netconfig(): Spawning '/sbin/netconfig modify --service NetworkManager'
Sep 17 11:00:47 delder NetworkManager: <debug> [1253210447.434700] write_to_netconfig(): Writing to netconfig: DNSSEARCH='theelderfamily.org theelderfamily.org'#012
Sep 17 11:00:47 delder NetworkManager: <debug> [1253210447.434786] write_to_netconfig(): Writing to netconfig: DNSSERVERS='172.16.99.1'#012
Sep 17 11:00:47 delder NetworkManager: <info>  Clearing nscd hosts cache.
Sep 17 11:00:47 delder NetworkManager: <info>  Policy set 'System eth0' (eth0) as default for routing and DNS.
Sep 17 11:01:00 delder NetworkManager: <debug> [1253210460.002519] ensure_killed(): waiting for vpn service pid 16399 to exit
Sep 17 11:01:00 delder NetworkManager: <debug> [1253210460.002613] ensure_killed(): vpn service pid 16399 cleaned up

I don't know why it wants vpn secrets, the connection is only certificate based (no password).  I'll keep tinkering.
Comment 7 Bin Li 2009-10-14 09:48:34 UTC 
Dan,

 It's another issue, not the original one, let close this bug and focus the new issue in Bug#501829.

 Thanks!