Re: Issue connecting to Fortigate SSL VPN using NM GUI
On Sun, Jan 20, 2019 at 1:51 AM Berend De Schouwer via networkmanager-list < networkmanager-list@gnome.org> wrote: > On Tue, 2019-01-15 at 23:27 +, br...@bmartins.pt wrote: > > Hello everyone, > > > > I'm using Ubuntu 18.04 fully updated and currently having issues > > connecting to my company's VPN service using NetworkManager GUI. > > Works for me (to our company's Forti VPN) on Fedora 29. So it can > work. > > > > If I manually connect from CLI using "sudo openfortivpn > > gateway.company.com:443 -u mys...@company.com" everything works as > > expected. > > > > Log messages written to /var/log/syslog were pasted here: > > https://paste.gnome.org/ph1gz6fvg > > > > It looks like a timeout occurs, but I don't know where I can increase > > it. > > The timeout looks long enough. How long does it take to connect when > running 'sudo ...'? > > I suspect it's running into selinux rules since it works running as > sudo. Maybe look at audit.log or try with selinux disabled. > > You can increase pppd's debug info by editing /etc/ppp/options and > adding 'debug' (needs selinux off) > If it requires GRE, I have found in later Fedora's, I have to manually alter the firewall to make them all work: sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT sudo firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPT ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Network connection local to devices.
Thank you very much for your answer! Indeed, just erasing what’s in “Device” (under “Ethernet” as you said, but only for wired connections: for wifi (what’s most likely to change and require auth info), it’s “Wifi”) works. On 2019-01-22 at 20:27, Thomas Haller wrote: >> Why does that work that way by default in GUI? or did I do something >> wrong at some point maybe? > > I think it makes sense to restrict a profile by default to one device. > Ultimately, that is decided by the client tool (like nm-applet) that > creates the profile profile in such a way. > > It doesn't sound like you did anything wrong. If the setting is not > best for your case, modify the profile as it suits you. Then, I’d like to know if there’s a way to make that “device” section unimportant for every wifi profile, or otherwise, how to erase it for all of them, or otherwise, in which file is this written so I write a script to do it. Also why is this the default for nm-applet (are there other widely used clients? isn’t this mailing-list the appropriate place for asking about it? or is there some other development team and mailing-list?)? isn’t there a way to change that? So I don’t forget all the connection I happen to find around each time I change computer… ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: multiple RAs spamming log with policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS
On Tue, 2019-01-22 at 08:50 -0500, Brian J. Murrell wrote: > My router is (now) sending multiple RAs instead of aggregating all > prefixes/routes into a single RA as such: > > Soliciting ff02::2 (ff02::2) on pc_bridge... > > Hop limit : 64 ( 0x40) > Stateful address conf.: No > Stateful other conf. : No > Mobile home agent : No > Router preference : medium > Neighbor discovery proxy : No > Router lifetime :0 (0x) seconds > Reachable time: unspecified (0x) > Retransmit time : unspecified (0x) > Source link-layer address: 6C:B0:CE:F5:1E:4A > MTU : 1500 bytes (valid) > Prefix : fd31:aeb1:48df::/64 > On-link : Yes > Autonomous address conf.: Yes > Valid time : infinite (0x) > Pref. time : infinite (0x) > Route: fd31:aeb1:48df::/48 > Route preference: medium > Route lifetime : infinite (0x) > Recursive DNS server : fd31:aeb1:48df::2 > DNS server lifetime : 6000 (0x1770) seconds > from fe80::6eb0:ceff:fef5:1e4a > > Hop limit : 64 ( 0x40) > Stateful address conf.: No > Mobile home agent : No > Router preference : medium > Neighbor discovery proxy : No > Router lifetime : 1800 (0x0708) seconds > Reachable time: unspecified (0x) > Retransmit time : unspecified (0x) > Source link-layer address: 6C:B0:CE:F5:1E:4A > MTU : 1500 bytes (valid) > Prefix : 2001:1234:5678:a700::/64 > On-link : Yes > Autonomous address conf.: Yes > Valid time :84531 (0x00014a33) seconds > Pref. time :41331 (0xa173) seconds > Route: 2001:1234:5678:a700::/56 > Route preference: medium > Route lifetime :84531 (0x00014a33) seconds > Recursive DNS server : fd31:aeb1:48df::1 > DNS server lifetime : 6000 (0x1770) seconds > from fe80::6eb0:ceff:fef5:1e4a > > But now that it's going this NetworkManager-1.10.2-16.el7_5.x86_64 is > spamming the log as such: > > Jan 22 08:49:40 server NetworkManager[1842]: > [1548164980.5807] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:42 server NetworkManager[1842]: > [1548164982.0102] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:42 server NetworkManager[1842]: > [1548164982.5751] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:43 server NetworkManager[1842]: > [1548164983.2225] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:43 server NetworkManager[1842]: > [1548164983.5056] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:44 server NetworkManager[1842]: > [1548164984.7597] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:45 server NetworkManager[1842]: > [1548164985.4752] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:46 server NetworkManager[1842]: > [1548164986.1900] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:46 server NetworkManager[1842]: > [1548164986.8223] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:47 server NetworkManager[1842]: > [1548164987.5415] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:47 server NetworkManager[1842]: > [1548164987.5820] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:47 server NetworkManager[1842]: > [1548164987.7178] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:47 server NetworkManager[1842]: > [1548164987.8289] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:48 server NetworkManager[1842]: > [1548164988.2436] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:48 server NetworkManager[1842]: > [1548164988.9381] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:49 server NetworkManager[1842]: > [1548164989.1140] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:49 server NetworkManager[1842]: > [1548164989.8361] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:49 server NetworkManager[1842]: > [1548164989.9141] policy: set 'enp2s0' (enp2s0) as default > for IPv6 routing and DNS > Jan 22 08:49:51
Re: Network connection local to devices.
Hi, On Tue, 2019-01-22 at 09:56 +0100, Alexandre Garreau wrote: > How do you do that through GUI? There are several GUIs. For example, in nm-connection-editor there is the "Ethernet" tab with "Device" (which corresponds to the "connection.interface-name" and "ethernet.mac-address" properties). > Why does that work that way by default in GUI? or did I do something > wrong at some point maybe? I think it makes sense to restrict a profile by default to one device. Ultimately, that is decided by the client tool (like nm-applet) that creates the profile profile in such a way. It doesn't sound like you did anything wrong. If the setting is not best for your case, modify the profile as it suits you. best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
multiple RAs spamming log with policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS
My router is (now) sending multiple RAs instead of aggregating all prefixes/routes into a single RA as such: Soliciting ff02::2 (ff02::2) on pc_bridge... Hop limit : 64 ( 0x40) Stateful address conf.: No Stateful other conf. : No Mobile home agent : No Router preference : medium Neighbor discovery proxy : No Router lifetime :0 (0x) seconds Reachable time: unspecified (0x) Retransmit time : unspecified (0x) Source link-layer address: 6C:B0:CE:F5:1E:4A MTU : 1500 bytes (valid) Prefix : fd31:aeb1:48df::/64 On-link : Yes Autonomous address conf.: Yes Valid time : infinite (0x) Pref. time : infinite (0x) Route: fd31:aeb1:48df::/48 Route preference: medium Route lifetime : infinite (0x) Recursive DNS server : fd31:aeb1:48df::2 DNS server lifetime : 6000 (0x1770) seconds from fe80::6eb0:ceff:fef5:1e4a Hop limit : 64 ( 0x40) Stateful address conf.: No Mobile home agent : No Router preference : medium Neighbor discovery proxy : No Router lifetime : 1800 (0x0708) seconds Reachable time: unspecified (0x) Retransmit time : unspecified (0x) Source link-layer address: 6C:B0:CE:F5:1E:4A MTU : 1500 bytes (valid) Prefix : 2001:1234:5678:a700::/64 On-link : Yes Autonomous address conf.: Yes Valid time :84531 (0x00014a33) seconds Pref. time :41331 (0xa173) seconds Route: 2001:1234:5678:a700::/56 Route preference: medium Route lifetime :84531 (0x00014a33) seconds Recursive DNS server : fd31:aeb1:48df::1 DNS server lifetime : 6000 (0x1770) seconds from fe80::6eb0:ceff:fef5:1e4a But now that it's going this NetworkManager-1.10.2-16.el7_5.x86_64 is spamming the log as such: Jan 22 08:49:40 server NetworkManager[1842]: [1548164980.5807] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:42 server NetworkManager[1842]: [1548164982.0102] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:42 server NetworkManager[1842]: [1548164982.5751] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:43 server NetworkManager[1842]: [1548164983.2225] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:43 server NetworkManager[1842]: [1548164983.5056] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:44 server NetworkManager[1842]: [1548164984.7597] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:45 server NetworkManager[1842]: [1548164985.4752] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:46 server NetworkManager[1842]: [1548164986.1900] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:46 server NetworkManager[1842]: [1548164986.8223] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:47 server NetworkManager[1842]: [1548164987.5415] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:47 server NetworkManager[1842]: [1548164987.5820] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:47 server NetworkManager[1842]: [1548164987.7178] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:47 server NetworkManager[1842]: [1548164987.8289] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:48 server NetworkManager[1842]: [1548164988.2436] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:48 server NetworkManager[1842]: [1548164988.9381] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:49 server NetworkManager[1842]: [1548164989.1140] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:49 server NetworkManager[1842]: [1548164989.8361] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:49 server NetworkManager[1842]: [1548164989.9141] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:51 server NetworkManager[1842]: [1548164991.3413] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22 08:49:51 server NetworkManager[1842]: [1548164991.5886] policy: set 'enp2s0' (enp2s0) as default for IPv6 routing and DNS Jan 22
Re: Network connection local to devices.
How do you do that through GUI? Why does that work that way by default in GUI? or did I do something wrong at some point maybe? ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Network connection local to devices.
On Mon, 2019-01-21 at 19:22 +0100, Alexandre Garreau via networkmanager-list wrote: > I often change computer, but keep my configuration files, or even my > whole system. Or, sometimes, I only change or add a new wifi card. > Each time I do that, network-manager becomes unable to automatically > use the old registered connection, as it is parametered for a > specific device: is there a way to disable that? Hi, don't set the parameters in the connection profile that restrict the profile to a particular device. For example, do not set (as applicable): - connection.interface-name - ethernet.mac-address - wifi.mac-address - match.interface-names - gsm.device-id - gsm.network-id And see `man nm-settings`. $ nmcli connection modify "$PROFILE" ethernet.mac-address '' best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
