Bug#1035485: network-manager-l2tp-gnome: No diagnostics
Hi Mark, > When attempting to enable a L2TP VPN connection via Network > Manager if the connection fails then an error message is popped > up briefly saying "Activation of network connection failed" but > no diagnostics are made available indicating what the problem > might be, either immediately or for example in the settings app. This is a limitation of all NetworkManager VPN plugins when it comes to debugging. The NetworkManager-l2tp README.md file has info on how to debug, see: https://github.com/nm-l2tp/NetworkManager-l2tp In particular, do the following: sudo journalctl --no-hostname _SYSTEMD_UNIT=NetworkManager.service + SYSLOG_IDENTIFIER=pppd -e Cheers, Doug
Bug#968040: Patch pppd to handle Windows Server 2019 non-compliant success packets
Package: ppp Version: 2.4.8-1+1~exp1 According to RFC2759, the format of PPP success packets is : "S= M=" Recently Windows Server 2019 has started producing non-complaint PPP success packets which have a space missing before the M= characters. The following upstream patch handles the non-compliant, missing-space before M= : https://github.com/paulusmack/ppp/commit/3cd95baf3f1de1d5a9bc89be0f4c3215ceb5aefe.patch If that upstream patch can be applied to the existing package, that would be great.
Bug#968040: Patch pppd to handle Windows Server 2019 non-compliant success packets
macOS already handles the missing space before M= with code that does similar
to the upstream ppp patch, extract from :
https://opensource.apple.com/source/ppp/ppp-862.120.2/Helpers/pppd/chap_ms.c.auto.html
//we'll allow the missing-space case from the server, even though
//it's non-conforming to spec!
dbglog("Rcvd non-conforming MSCHAPv2 Success packet, len=%d", len);
if(len >= 2 && !strncmp((char*)msg, "M=", 2))
msg += 2;
else
{
error("MS-CHAPv2 Success packet is badly formed.");
return 0;
}
Bug#1009102: network-manager-l2tp-gnome: GTK 4 version needed for gnome-control-center 42
Hi smcv, No worries, I'll was planning on working on it this weekend, with floods and my father passing away last month, I hadn't so far gotten back to looking at it yet. Cheers, Doug -Original Message- From: Simon McVittie Sent: Thursday, 7 April 2022 7:17 PM To: Debian Bug Tracking System Subject: Bug#1009102: network-manager-l2tp-gnome: GTK 4 version needed for gnome-control-center 42 Package: network-manager-l2tp-gnome Version: 1.20.0-1 Severity: important Tags: upstream sid bookworm Forwarded: https://github.com/nm-l2tp/NetworkManager-l2tp/pull/179 Control: affects -1 + gnome-control-center GNOME Control Center version 42 has moved from GTK 3 to GTK 4, which means it can't load VPN configuration plugins that don't have a GTK 4 version. The approach used in the plugins that have been ported so far, such as network-manager-openvpn-gnome, was to build both a GTK 3 version (for network-manager-gnome) and a GTK 4 version (for gnome-control-center), resulting in a binary package that depends on both GTK 3 and GTK 4. The GNOME team would like to get GNOME Control Center 42 into unstable, because it's one of the last GNOME 41 components we're using, and upstream does not really support mixing components of GNOME 41 with components of GNOME 42. Please could you look into providing a GTK 4 version? Related: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007242 https://bugzilla.redhat.com/show_bug.cgi?id=2057719 Thanks, smcv
Bug#1007901: Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
Hi Marcel , I was about to close this still open bug (which was cloned from a bug that was closed), but decided to check the forum link you posted first : https://debianforum.de/forum/viewtopic.php?t=183809 and noticed you said there you were still having an issue with network-manager-l2tp and network-manager 1.36.4-2. Sorry to hear that network-manager 1.36.4-2 didn't solve your issue and wish I heard it here earlier. Unfortunately I'm not able to reproduce the bug with Debian Sid, but happy to look into it. I suspect it is an issue with strongswan, do you have the issue if you switch to libreswan? e.g. : sudo apt install libreswan To revert back to strongswan, issue: sudo apt install strongswan If it works with libreswan, I suspect the strongswan issue with network-manager version 1.36 is with one of its modules. Cheers, Doug
Bug#1007901: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1))
Hi Marcel , Actually you might be having an issue with your existing VPN network connection still having ipv4.ignore-auto-routes enabled, see: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/946#note_1350911 my previous suggestion of switching from strongswan to libreswan, may or may not help. I wasn't able to see the strongswan issues with network-manager >= 1.36 on Debian I saw with Arch Linux, but doesn't mean others wouldn't. Cheers, Doug
Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
I suspect this is the same as the following upstream NetworkManager 1.36.2 routing bug: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/946 I assume you have enabled the "Use this connection only for resources on its network" checkbox in the VPN connection's IPv4 settings? In which case network-manager 1.36.2 doesn't appear to be adding any routes for the VPN connection like it does if the checkbox isn't enabled or did with earlier versions of NetworkManager.
Bug#1007901: [Pkg-utopia-maintainers] Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
As mentioned to the upstream NetworkManager 1.36.2 VPN routing bug: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/946 The routing issue when the "Use this connection only for resources on its network" IPv4 setting is enabled, no longer appears to occur with NetworkManager 1.37.2. As 1.37.2 is a developer release, I believe this issue will resolve itself once the Debian network-manager package is upgraded to whatever the next NetworkManager non-developer release will be.
Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
Hi Michael, > Is there anything to fix on the network-manager package side or can > this issue be closed? With the upgrade of the network-manager package to 1.36.4-1, the VPN routing issue appears to have been resolved. I just checked again now that I'm not able to reproduce the issue, so this issue can be closed. Cheers, Doug
Bug#925388: unblock: network-manager-l2tp/1.2.12-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package network-manager-l2tp I'm the current upstream maintainer of Networkmanager-l2tp and the Debian package maintainer of network-manager-l2tp. My Debian package sponsor suggests it would probably make sense if I ask the release team for pre-approval for buster before this new upstream release (network-manager-l2tp-1.2.12-1) is uploaded to unstable. I've renamed the upstream GitHub project from network-manager-l2tp to NetworkManager-l2tp (as https://github.com/robots.txt was preventing googlebots and others from crawling the project), and I now provide a pre-generated tar.xz tarball (like GNOME Project VPN clients do) instead of using the GitHub provided tar.gz tarball. Consequently the debdiff is considerably larger than between previous releases because of generated autoreconf and intltoolize files. This packages is of priority optional, but this release has a number of important bug fixes that impact other packages including: - No longer produces confusing error message when user attempts to import an OpenVPN .ovpn file with nm-connection-editor/nmcli. e.g.: https://bugzilla.redhat.com/show_bug.cgi?id=1545255 as this VPN client's import/export capability has been removed as there was no need for its proprietary file format, better to just use NetworkManager VPN profile files instead if one needs to copy config files. - Add nm-l2tp-service- prefix to pppd ipparam argument used by a condition in Debian's resolvconf's /etc/ppp/ip-up.d/000resolvconf script: https://github.com/nm-l2tp/NetworkManager-l2tp/commit/479cb0da09168bde03d7f97147fa14ff591388d2 Although this bug isn't critical, it just ensures NetworkManager takes care of /etc/resolv.conf during the VPN connection. There were a number of other important bug fixes, but they have no impact on other packages. As mentioned this new upstream release (network-manager-l2tp-1.2.12-1) has not been uploaded to unstable as my sponsor suggested seeking pre-approval for testing first,. So I have not attached a debdiff, but I have provided the following temporary GitHub VCS fork of unstable to make it easier to see the changes of this proposed release in the commits: https://github.com/dkosovic/debian Thanks Doug unblock network-manager-l2tp/1.2.12-1 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
Bug#925388: network-manager-l2tp uploaded to mentors.debian.net
Forgot to mention network-manager-l2tp-1.2.12-1 was uploaded to mentors.debian.net : https://mentors.debian.net/package/network-manager-l2tp awaiting pre-approval for testing before it is uploaded to unstable.
Bug#894674: kernels 4.15 and 4.16 break xl2tpd
Package: xl2tpd Version: 1.3.11-1 Kernels 4.15 and 4.16 break xl2tpd, please see following upstream issue for more details : https://github.com/xelerance/xl2tpd/issues/147 The following commit/patch fixes the issue: https://github.com/xelerance/xl2tpd/commit/9c2cd4933478a83075df5b10f24af7589e90abc3.patch It'll be great if the patch could be backported or new package created whenever the next xl2tpd non-dev release is made on github.
Bug#887950: Disable libnm-glib support
Hi Michael, I've uploaded to https://mentors.debian.net/package/network-manager-l2tp , hope it looks okay. If so, I'll commit the changes to https://github.com/nm-l2tp/debian One minor difference, I just changed the order of two override_dh_auto_configure lines in debian/rules to match network-manager-pptp. I'm in process of implementing a new network-manager-l2tp 1.8.0 that uses the NMACertChooser API introduced with NetworkManager 1.8.0, but is a number of weeks away if not more. Once I create a new deb package, will make sure to I sync with the network-manager-pptp deb package. Cheers, Doug
Bug#857812: ITP: network-manager-l2tp -- L2TP and L2TP/IPsec VPN plugin for NetworkManager
Package: wnpp Owner: Douglas Kosovic Severity: wishlist * Package name: network-manager-l2tp Version : 1.2.4 Upstream Author : Douglas Kosovic * URL : https://github.com/nm-l2tp/network-manager-l2tp * License : GPL Programming Lang: C Description : L2TP and L2TP/IPsec VPN plugin for NetworkManager network-manager-l2tp is a VPN plugin for NetworkManager which provides support for L2TP and L2TP/IPsec (i.e. L2TP over IPsec) connections. Debian currently has no working L2TP or L2TP/IPsec VPN GUI client, although it did in the past. Two packages are generated from the source: - network-manager-l2tp. - network-manager-l2tp-gnome. The latter package consists of the GNOME components. KDE’s plasma-nm has a dependency on network-manager-l2tp for its L2TP/IPsec support
Bug#1053583: network-manager-l2tp-gnome: Cannot connect to IPv6 gateway
Yeah, basically the same as bug #619557, xl2tpd upstream still doesn't support IPv6, so IPv6 support was never added to NetworkManager-l2tp. NetworkManager-l2tp >= 1.20.0 can use kl2tpd from the Katalix go-l2tp package for L2TP support: https://github.com/katalix/go-l2tp Katalix are the ones that wrote the L2TP Linux kernel modules (that xl2tpd and kl2tpd make use of). Unlike xl2tpd, kl2tpd supports IPv6. There is no Debian package that comes with kl2tpd yet, but the upstream kl2tpd author is planning on providing one. But having said that, network-manager-l2tp source code will need to be modified to support IPv6 with kl2tpd, pppd and the optional IPsec daemons. There is a chance the next version of network-manager-l2tp might support IPv6 if kl2tpd is used (any github pull requests for IPv6 support are welcome). You can use the kl2tpd from the command-line if you need IPv6 support now.
Bug#1054306: Please install helper binaries into /usr/libexec
Hi Michael, > For consistencies sake, please consider applying the attached patch, > which moves the helper binaries to /usr/libexec. There was a new upstream version, so I updated to the newest version and incorporated the patch. If I do an update from a previously installed version using the following command: sudo debi -u network-manager-l2tp_1.20.10-1_amd64.changes I get the following error when trying to establish a L2TP VPN connection: ... starting: failure to start VPN service: Failed to execute child process "/usr/lib/NetworkManager/nm-l2tp-service" (No such file or directory) It looks like /usr/lib/NetworkManager/VPN/nm-l2tp-service.name which has the following line is not getting replaced in an upgrade: program=/usr/lib/NetworkManager/nm-l2tp-service There is no issue when I remove the old network-manager-l2tp packages and do a clean install. I haven't looked into it further yet. Cheers, Doug
Bug#1054306: Please install helper binaries into /usr/libexec
> If I do an update from a previously installed version using the following > command: > > sudo debi -u network-manager-l2tp_1.20.10-1_amd64.changes I meant upgrade, not update. > I get the following error when trying to establish a L2TP VPN > connection: > > ... starting: failure to start VPN service: Failed to > execute child process "/usr/lib/NetworkManager/nm-l2tp-service" > (No such file or directory) For whatever reason, I'm no longer able to reproduce the issue. Although I did have to restart NetworkManager once when I got that "Failed to execute child process /usr/lib/NetworkManager/nm-l2tp-service" which makes more sense than my previous nm-l2tp-service.name file not getting upgraded issue. I don't think there is anything wrong with the new network-manager-l2tp 1.20.10-1 package in regards to the nm-l2tp-service.name file issue, so think I will upload the new version. Doug
Bug#1064358: network-manager-l2tp: cannot connect with mschapv2 if mppe is required
Hi Rémi, > since upgrading to 1.20.12-1, I cannot connect to my ipsec/l2tp vpn anymore. > > I tried many things, but the only thing that works is disabling mppe, or > downgrading to 1.20.10-1 > > Here are the debug log for 1.20.12-1: > ... > > And here is the log with 1.20.10-1: ... > I still have the «Unsupported protocol», but then the connection carries on > and works. That behaviour is a consequence of the following commit in version 1.20.12 which doesn't disable the Compression Control Protocol (CCP) when MPPE is enabled (as MPPE protocol negotiation happens within CPP) : https://github.com/nm-l2tp/NetworkManager-l2tp/commit/fdf5d98e86c5f0a97f9649fa3e23b3c001a93340 MPPE protocol negotiation had been broken since 2013 with the following commit which disabled CCP : https://github.com/nm-l2tp/NetworkManager-l2tp/commit/5fe98f70344e842faa28014be7ba259c2db7ae8b I don't think any MPPE encryption is being used in your 1.20.10-1 log output, even though MPPE is enabled, or am I interpreting things wrong? MPPE encryption is very weak and is typically only used with L2TP VPN connections, not L2TP/IPsec which use much stronger IPsec encryption. Cheers, Doug
