[Bug 2068687] Re: L2TP VPN is not working in Ubuntu 24.04

2024-06-10 Thread Douglas Kosovic 
Upstream go-l2tp issue that's been resolved:
https://github.com/katalix/go-l2tp/issues/6


In the network-manager-l2tp PPA I've created a no-modification backport of 
golang-github-katalix-go-l2tp-0.1.8-1 for Ubuntu 24.04 : 
https://launchpad.net/~nm-l2tp/+archive/ubuntu/network-manager-l2tp

So, Ubuntu 24.04 users wanting the latest network-manager-l2tp from the
PPA will also get a newer go-l2tp package which includes the fix for
this issue.


** Bug watch added: github.com/katalix/go-l2tp/issues #6
   https://github.com/katalix/go-l2tp/issues/6

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2068687

Title:
  L2TP VPN is not working in Ubuntu 24.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-github-katalix-go-l2tp/+bug/2068687/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2068687] Re: L2TP VPN is not working in Ubuntu 24.04

2024-06-07 Thread Douglas Kosovic 
Regarding the original go-l2tp kl2tpd error:

level=error tunnel_name=t1 message="bad control message"
message_type=avpMsgTypeSli error="no specification for v2 message
avpMsgTypeSli"


Looks like the missing avpMsgTypeSli message_type was recently fixed with the 
following commit that's in go-l2tp 0.1.8 :

https://github.com/katalix/go-l2tp/commit/5720acff49c0deda96b132c21c7431ae5300a56a

I'm changing the package from network-manager-l2tp to go-l2tp for this
bug.


** Package changed: network-manager-l2tp (Ubuntu) => 
golang-github-katalix-go-l2tp (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2068687

Title:
  L2TP VPN is not working in Ubuntu 24.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-github-katalix-go-l2tp/+bug/2068687/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2068687] Re: L2TP VPN is not working in Ubuntu 24.04

2024-06-07 Thread Douglas Kosovic 
I'm not sure why the user authentication is failing for you with
go-l2tp's kl2tpd, you could try disabling all of the authentication
methods in the PPP settings other than MSCHAPv2.

You could also try switching to xl2tpd and see if you have the same
problem, e.g.:


  sudo apt install xl2tpd

  sudo apt purge go-l2tp


the other Linux distros you mentioned don't ship with go-l2tp, so they would 
have been defaulting to xl2tpd.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2068687

Title:
  L2TP VPN is not working in Ubuntu 24.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/2068687/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1970068] Re: L2TP+IPSec not working after upgrade to 22.04 LTS

2022-04-24 Thread Douglas Kosovic 
I think this is a duplicate of the following, although the xl2tpd errors 
manifest slightly differently :
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1951832
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1968336

But as others have confirmed, Ubuntu 22.05's xl2tpd-1.3.16-1 is broken,
so the most likely culprit.


network-manager-l2tp uses kl2tpd as its default L2TP daemon and falls back to 
xl2tpd if it can't find kl2tpd. To confirm it is only xl2tpd that is broken for 
you, try installing kl2tpd with the following :

sudo apt install golang-go

go install "github.com/katalix/go-l2tp/...@latest"
sudo mkdir /usr/local/sbin
sudo cp go/bin/kl2tpd /usr/local/sbin

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1970068

Title:
  L2TP+IPSec not working after upgrade to 22.04 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1970068/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1951832] Re: xl2tpd "Can not find tunnel" in jammy

2022-04-23 Thread Douglas Kosovic 
For those using network-manager-l2tp, another workaround is to use
Katalix go-l2tp which is from the authors of the L2TP kernel modules
(which xl2tpd also happens to use).

With Networkmanager-l2tp >= 1.20.0, it has switched to kl2tpd as the
default L2TP daemon and falls back to xl2tpd if it can't find it. kl2tpd
can readily be installed with :


sudo apt install golang-go

go install "github.com/katalix/go-l2tp/...@latest"
sudo mkdir /usr/local/sbin
sudo cp go/bin/kl2tpd /usr/local/sbin

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1951832

Title:
  xl2tpd "Can not find tunnel" in jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1951832/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1890814] Re: Handle PPP non-compliant success packets

2021-02-25 Thread Douglas Kosovic 
Nim's status change of no longer affects ppp I think was just a mistake
and rectified, but the rectification wasn't recorded in a new message.

This bug report no longer affects ppp >= 2.4.9, as it was fixed upstream
and is the reason the corresponding Debian bug was closed.

This SRU patch request is for Ubuntu 20.04 which is still using an older
ppp.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890814

Title:
  Handle PPP non-compliant success packets

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1890814/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1890814] Re: Handle PPP non-compliant success packets

2020-08-07 Thread Douglas Kosovic 
** Bug watch added: Debian Bug tracker #968040
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968040

** Also affects: ppp (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968040
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890814

Title:
  Handle PPP non-compliant success packets

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1890814/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1890814] [NEW] Handle PPP non-compliant success packets

2020-08-07 Thread Douglas Kosovic 
Public bug reported:

[Impact]
According to RFC2759, the format of PPP success packets is :

"S= M="

Recently Windows Server 2019 has started producing non-complaint PPP
success packets which have a space missing before the M= characters.

PPP based (e.g. PPTP, L2TP, etc) VPN clients connecting to an affected
Windows Server 2019 VPN server will get the following error message
during MS-CHAPv2 authentication :

   MS-CHAPv2 Success packet is badly formed


If the following upstream ppp patch is applied, it will handle the 
non-compliant, missing-space before M= success packets :

https://github.com/paulusmack/ppp/commit/3cd95baf3f1de1d5a9bc89be0f4c3215ceb5aefe.patch

** Affects: ppp (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: sru

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890814

Title:
  Handle PPP non-compliant success packets

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1890814/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1890814] Re: Handle PPP non-compliant success packets

2020-08-07 Thread Douglas Kosovic 
macOS already handles the missing space before M=, extract from :
https://opensource.apple.com/source/ppp/ppp-862.120.2/Helpers/pppd/chap_ms.c.auto.html

//we'll allow the missing-space case from the server, even though
//it's non-conforming to spec!
dbglog("Rcvd non-conforming MSCHAPv2 Success packet, len=%d", len);
if(len >= 2 && !strncmp((char*)msg, "M=", 2))
msg += 2;
else
{
error("MS-CHAPv2 Success packet is badly formed.");
return 0;
}

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890814

Title:
  Handle PPP non-compliant success packets

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1890814/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1875784] Re: Impossible create or edit L2TP vpn, missing form

2020-04-30 Thread Douglas Kosovic 
** Changed in: network-manager-l2tp (Ubuntu)
   Status: New => Invalid

** Changed in: network-manager-l2tp (Ubuntu)
 Assignee: (unassigned) => Douglas Kosovic (dkosovic)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875784

Title:
  Impossible create or edit L2TP vpn, missing form

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1875784/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1875784] Re: Impossible create or edit L2TP vpn, missing form

2020-04-28 Thread Douglas Kosovic 
Did you install networkmanager-l2tp-gnome package which has the GNOME
L2TP VPN plug-in for the GNOME NetworkManager connection editor?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875784

Title:
  Impossible create or edit L2TP vpn, missing form

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1875784/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1875784] Re: Impossible create or edit L2TP vpn, missing form

2020-04-28 Thread Douglas Kosovic 
correction I meant network-manager-l2tp-gnome package

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875784

Title:
  Impossible create or edit L2TP vpn, missing form

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1875784/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1849930] Re: Additional L2TP VPN Breaks First VPN

2019-11-01 Thread Douglas Kosovic 
** Project changed: l2tp-ipsec-vpn => ubuntu

** Changed in: ubuntu
   Status: New => Confirmed

** Package changed: ubuntu => network-manager-l2tp (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1849930

Title:
  Additional L2TP VPN Breaks First VPN

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-control-center/+bug/1849930/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1778946] Re: No dns resolution after closing a vpn/pptp connection

2019-01-20 Thread Douglas Kosovic 
Comment 6 and 7 in the upstream GNOME NetworkManager-pptp bug report :
https://bugzilla.gnome.org/show_bug.cgi?id=785771#c6
are relevant to this bug (but not the 'cp -a' issue).

As mentioned, the following exit in /etc/ppp/ip-up.d/000resolvconf when
the interface is managed by NM, seems the right solution.

case "$6" in
  nm-pptp-service-*|nm-l2tp-service-*|/org/freedesktop/NetworkManager/PPP/*)
# NetworkManager handles it
exit 0
;;
esac

Perhaps the exit should be added to /etc/ppp/ip-up.d/usepeerdns for
instances when resolvconf package isn't installed?

** Bug watch added: GNOME Bug Tracker #785771
   https://bugzilla.gnome.org/show_bug.cgi?id=785771

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1778946

Title:
  No dns resolution after closing a vpn/pptp connection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1778946/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1778946] Re: No dns resolution after closing a vpn/pptp connection

2019-01-19 Thread Douglas Kosovic 
I wasn't able to redirect the stderr from the following line in /etc/ppp
/ip-up.d/usepeerdns (probably because of something pppd is doing) :

cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"

So I modified the cp.c source from the coreutils package and redirected
stderr to a file.

The error message I now see is :


cp: failed to preserve ownership for 
'/run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0': Operation not 
permitted


cp.c is using the lchown() function which is failing with that message.

Looks like only preserving ownership is failing as I tried the following
and it works:

cp --preserve=mode,timestamps "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-
backup.$PPP_IFACE"

The way /run is mounted might be the reason why 'cp -a' and lchown() is failing.
 

Ignore what I said able $? being 0 after the cp -a line. Doing the
following line confirms $? is 1 :

cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE" || echo
ERROR $? >> /tmp/usepeerdns-up.log

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1778946

Title:
  No dns resolution after closing a vpn/pptp connection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1778946/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1778946] Re: No dns resolution after closing a vpn/pptp connection

2019-01-17 Thread Douglas Kosovic 
Sorry ignore comment #16 as the following line in /etc/ppp/ip-
up.d/usepeerdns will exit because of the '#!/bin/sh -e' shebang
line:

cp -Lp "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"


So my original suggestion of replacing the following line:

cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"

to:

cp "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"
chmod 644 "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"

was correct and won't prematurely exit.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1778946

Title:
  No dns resolution after closing a vpn/pptp connection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1778946/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1778946] Re: No dns resolution after closing a vpn/pptp connection

2019-01-17 Thread Douglas Kosovic 
Correction the following line in /etc/ppp/ip-up.d/usepeerdns
probably should be changed from :

cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"

to:

cp -Lp "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"
chmod 644 "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1778946

Title:
  No dns resolution after closing a vpn/pptp connection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1778946/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1778946] Re: No dns resolution after closing a vpn/pptp connection

2019-01-17 Thread Douglas Kosovic 
I can confirm the issue is the following line in /etc/ppp/ip-
up.d/usepeerdns as previously mentioned :

cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"

The variable expansion of that line is :
cp -a /run/systemd/resolve/stub-resolv.conf 
/run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0

I had to modify the shebang line of that script from :
  #!/bin/sh -e
to :
  #!/bin/sh
to get past that line and output debugging output I inserted, which included :

ls -l /run/systemd/resolve/stub-resolv.conf
-rw-r--r-- 1 systemd-resolve systemd-resolve 720 Jan 17 21:47 
/run/systemd/resolve/stub-resolv.conf

ls -l /run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0
-rw--- 1 root root 720 Jan 17 21:47 
/run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0

So 'cp -a' isn't copying the permissions. Oddly, $? is 0 after running
that 'cp -a' line, therefor seems correct, also umask is 0022, so I'm
not sure what is going wrong.


Anyway a fix seems to be to change the following line in 
/etc/ppp/ip-up.d/usepeerdns from :

cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"

to:

cp "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"
chmod 644 "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"


For Ubuntu 18.04 setups that have the pppconfig package installed, the
following lines in /etc/ppp/ip-up.d/0dns-up probably should be changed
from :

/bin/cp -Lp "$RESOLVCONF" "$RESOLVBAK" || exit 1
/bin/cp -Lp "$TEMPRESOLV" "$RESOLVCONF" || exit 1
chmod 644 "$RESOLVCONF" || exit 1

to:

/bin/cp -Lp "$RESOLVCONF" "$RESOLVBAK" || exit 1
chmod 644 "$RESOLVBAK" || exit 1
/bin/cp -Lp "$TEMPRESOLV" "$RESOLVCONF" || exit 1
chmod 644 "$RESOLVCONF" || exit 1

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1778946

Title:
  No dns resolution after closing a vpn/pptp connection

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1778946/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1760796] Re: kernel 4.15 breaks xl2tpd

2018-07-23 Thread Douglas Kosovic 
Hi Eric and Ɓukasz,

I uninstalled existing xl2tpd from test PPA on xenial and bionic before
installing xl2tpd from respective proposed repository.

On xenial I installed and tested xl2tpd_1.3.6+dfsg-
4ubuntu0.16.04.2_amd64.deb and can confirm I'm able to establish
L2TP/IPsec VPN connection with following kernels :

* kernel 4.4.0-124-generic.
* kernel 4.13.0-36-generic.
* kernel 4.15.0-29-generic.

Similarly on bionic with xl2tpd_1.3.10-1ubuntu1_amd64.deb, I can confirm VPN 
connection with following kernels : 
* kernel 4.13.0-36-generic.
* kernel 4.15.0-29-generic.

I've changed verification-needed-bionic and verification-needed-xenial
to verification-done-bionic and verification-done-xenial respectively.

I didn't change the verification-needed tag, but guess I should have.


--
Doug

** Tags removed: verification-needed-bionic verification-needed-xenial
** Tags added: verification-done-bionic verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1760796

Title:
  kernel 4.15 breaks xl2tpd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1760796] Re: kernel 4.15 breaks xl2tpd

2018-07-22 Thread Douglas Kosovic 
@Billy thanks for the Xenial xl2tpd test package.

I setup an Ubuntu 16.04.4 VM which came with kernel 4.13.0-36-generic
and did an apt update followed by an apt upgrade and it installed kernel
4.15.0-29-generic. I didn't know the proper way to downgrade to kernel
4.4, so manually downloaded and installed the following :

linux-headers-4.4.0-124_4.4.0-124.148_all.deb
linux-headers-4.4.0-124-generic_4.4.0-124.148_amd64.deb
linux-image-4.4.0-124-generic_4.4.0-124.148_amd64.deb

Following is a summary of the tests performed, first with unpatched
xl2tpd followed by the test PPA xl2tpd.

Ubuntu 16.04.4 with xl2tpd-1.3.6+dfsg-4ubuntu0.16.04.1 :

* didn't check kernel 4.4.0-124-generic.

* kernel 4.13.0-36-generic - works as expected.

* kernel 4.15.0-29-generic - results in following error as expected :

  xl2tpd[2189]: udp_xmit failed ... with err=-1:No such device


Ubuntu 16.04.4 upgrade to xl2tpd-1.3.6+dfsg-4ubuntu0.16.04.1+lp1760796 :

* kernel 4.4.0-124-generic - works!

* kernel 4.13.0-36-generic - works!

* kernel 4.15.0-29-generic - works!


So things look okay to me in regards to xenial.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1760796

Title:
  kernel 4.15 breaks xl2tpd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1760796] Re: kernel 4.15 breaks xl2tpd

2018-07-13 Thread Douglas Kosovic 
I can confirm I am able to establish a L2TP/IPsec connection with
xl2tpd_1.3.10-1+lp1760796_amd64.deb test package with Bionic's latest
4.15 kernel.

I'll need to bring up a VM for xenial, but happy to test with kernel 4.4
and 4.15 on xenial for any backport. The version of xl2tpd in xenial
updates is currently 1.3.6+dfsg-4ubuntu0.16.04.1 and suspect the patch
should apply cleanly to it.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1760796

Title:
  kernel 4.15 breaks xl2tpd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1760796] Re: kernel 4.15 breaks xl2tpd

2018-06-11 Thread Douglas Kosovic 
** Tags added: sts sts-sru-needed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1760796

Title:
  kernel 4.15 breaks xl2tpd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1771223] Re: Cannot connect to L2TP network

2018-05-17 Thread Douglas Kosovic 
** Changed in: network-manager-l2tp (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771223

Title:
  Cannot connect to L2TP network

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1771223/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1771223] Re: Cannot connect to L2TP network

2018-05-15 Thread Douglas Kosovic 
I'm guessing there is a firewall between the client and VPN server when
the client is in the outside world.

See the "Issue with not stopping system xl2tpd service" section in the 
README.md file :
https://github.com/nm-l2tp/network-manager-l2tp/blob/nm-1-2/README.md


I'm guessing the firewall doesn't like clients that are trying to connect with 
an ephemeral port.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771223

Title:
  Cannot connect to L2TP network

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1771223/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1771223] Re: Cannot connect to L2TP network

2018-05-15 Thread Douglas Kosovic 
See "Issue with VPN servers only proposing IPsec IKEv1 weak legacy
algorithms" in the README.md file:

https://github.com/nm-l2tp/network-manager-l2tp/blob/nm-1-2/README.md

I can confirm with the ike-scan.sh script mentioned in the README.md
file that the VPN server you are trying to connect to only provides
proposals that the newer version of strongSwan now considers weak.

If you can modify the VPN servers settings, the current strongest
proposal it provides contain modp1536, but it needs to be at least
mod2048.

Otherwise, you can specify IPsec phase 1 and phase 2 algorithms in the
IPsec Options dialog box:


- Phase1 Algorithms : aes256-sha1-modp1536
- Phase2 Algorithms : aes256-sha1

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771223

Title:
  Cannot connect to L2TP network

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1771223/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1771223] Re: Cannot connect to L2TP network

2018-05-14 Thread Douglas Kosovic 
Can you confirm you are seeing the "udp_xmit failed ... with err=-1:No
such device" error ?

If you are, this is not a network-manager-l2tp bug, but a kernel 4.15
bug, I posted a xl2tpd bug report and workaround patch for Ubuntu
18.04's xl2tpd package almost a month before Bionic Beaver was released
:

https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796

The bug is receiving very little user attention, only 7 people have
voted for it, ho[pefully the more people vote for it the sooner it will
receive attention and someone will apply the patch.

xl2tpd 1.3.12 hasn't been released yet, can you confirm you built from
the xl2tpd 1.3.12 git branch? i.e. :

git clone -b 1.3.12 https://github.com/xelerance/xl2tpd.git
cd xl2tpd
make
sudo cp xl2tpd /usr/sbin/xl2tpd


xl2tpd 1.3.12 git branch definitely fixed the issue for me on Ubuntu 18.04.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771223

Title:
  Cannot connect to L2TP network

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1771223/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1771223] Re: Cannot connect to L2TP network

2018-05-14 Thread Douglas Kosovic 
** Changed in: network-manager-l2tp (Ubuntu)
 Assignee: (unassigned) => Douglas Kosovic (dkosovic)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771223

Title:
  Cannot connect to L2TP network

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1771223/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1760796] Re: kernel 4.15 breaks xl2tpd

2018-04-05 Thread Douglas Kosovic 
** Bug watch added: Red Hat Bugzilla #1562512
   https://bugzilla.redhat.com/show_bug.cgi?id=1562512

** Also affects: xl2tpd (Fedora) via
   https://bugzilla.redhat.com/show_bug.cgi?id=1562512
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1760796

Title:
  kernel 4.15 breaks xl2tpd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1760796] [NEW] kernel 4.15 breaks xl2tpd

2018-04-03 Thread Douglas Kosovic 
Public bug reported:

Kernel 4.15 breaks xl2tpd, please see following upstream issue for more details 
:
   https://github.com/xelerance/xl2tpd/issues/147


The following commit/patch fixes the issue:
  
https://github.com/xelerance/xl2tpd/commit/9c2cd4933478a83075df5b10f24af7589e90abc3.patch

As Ubuntu 18.04 (Bionic Beaver) is no longer accepting Debian packages,
I'm guessing then that the patch would need to be added and applied to
the existing xl2tpd-1.3.10-1 package.

The linux-image kernel package on Ubuntu 18.04 is currently linux-
image-4.15.0-13

** Affects: xl2tpd (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: xl2tpd (Debian)
 Importance: Unknown
 Status: Unknown

** Bug watch added: Debian Bug tracker #894674
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894674

** Also affects: xl2tpd (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894674
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1760796

Title:
  kernel 4.15 breaks xl2tpd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1760796/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 400748] Re: xl2tpd connection speed is too low

2018-04-03 Thread Douglas Kosovic 
I just saw this bug report now while looking foranother xl2tpd bug.

You might have already worked it out by now, but in regards to the
xl2tpd max transmit and receive speeds, the default max is 10 Mbps.

See the xl2tpd.conf manpage for the 'tx bps' and 'rx bps' options to set
it higher.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/400748

Title:
  xl2tpd connection speed is too low

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/400748/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1692066] Re: [Request] Libreswan plugin for Network Manager

2017-10-27 Thread Douglas Kosovic 
I suggest you file a Debian Request for Package (RFP) for 
network-manager-libreswan :
   https://wiki.debian.org/RFP

Once the package is in Debian Sid, it will automatically make its way to
Ubuntu.

Or if you are able to provide a package, an Intent to Package (ITP) :
   https://wiki.debian.org/ITP

libreswan was added to Debian Sid earlier in the year and it made its
way to Ubuntu 17.04.

Upstream in the GNOME Projects network-manager-libreswan GIT repository in the 
NEWS file, you'll notice network-manager-libreswan was renamed from 
network-manager-openswan at version 1.2
  https://git.gnome.org/browse/network-manager-libreswan/tree/

Debian/Ubuntu used to include network-manager-openswan, so that package
might be a good starting point for updating to network-manager-
libreswan.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1692066

Title:
  [Request] Libreswan plugin for Network Manager

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreswan/+bug/1692066/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1726135] Re: need to use group name

2017-10-23 Thread Douglas Kosovic 
Marked as invalid as the VPN server is using an algorithm considered
broken by stronswan and workaround was provided.

** Changed in: network-manager-l2tp (Ubuntu)
 Assignee: (unassigned) => Douglas Kosovic (dkosovic)

** Changed in: network-manager-l2tp (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1726135

Title:
  need to use group name

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1726135/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1726135] Re: need to use group name

2017-10-23 Thread Douglas Kosovic 
>From the logs, it definitely isn't using IPsec XAuth.

The "NO_PROPOSAL_CHOSEN error" means your VPN server is using a legacy
encryption algorithm that strongswan considers broken as it is old and
weak, it is most likely 3DES :

https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites

It would be best if the VPN server can be updated to use stronger cipher
suites, but if you can't, in the README.md file, see the "User specified
IPsec IKEv1 cipher suites" section :

https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-
ikev1-cipher-suites

Extract :
If you are using strongSwan with this VPN plugin and you need to use the same 
ciphers that older versions of strongSwan and this VPN plugin used, enter the 
following in the corresponding IPsec configuration dialog text boxes:

Phase1 Algorithms : aes128-sha1-modp2048,3des-sha1-modp1536,3des-sha1-modp1024
Phase2 Algorithms : aes128-sha1,3des-sha1


If you then get a xl2tpd failure, you might also need to stop the system xl2tpd 
service, see "Issue with not stopping system xl2tpd service" section in the 
README.md file :

https://github.com/nm-l2tp/network-manager-l2tp#issue-with-not-stopping-
system-xl2tpd-service

I think OpenSUSE doesn't start the system xl2tpd service by default, but
Ubuntu does.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1726135

Title:
  need to use group name

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1726135/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1726135] Re: need to use group name

2017-10-22 Thread Douglas Kosovic 
Group Name is for IPsec Extended authentication (XAuth).

Xauth support was never implemented in network-manager-l2tp and it
doesn't make sense as XAuth doesn't use L2TP, so Group Name was removed
from the IPsec configuration dialog box.

So a summary for the differences in the two VPN connections are:
- IPsec XAuth uses XAuth for the user credentials which involves a Group Name.
- L2TP/IPsec uses L2TP for the PPP user credentials.

The Gnome Project provides a VPN IPsec IKEv1 VPN client with Group Name called 
network-manager-libreswan :
https://git.gnome.org/browse/network-manager-libreswan/plain/appdata/libreswan.png

Did Group Name ever work for you in the old network-manager-l2tp? If it
did, it was for something other than XAuth.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1726135

Title:
  need to use group name

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1726135/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 264691] Re: Please add NM option for connecting to L2TP IPSEC VPN

2017-06-14 Thread Douglas Kosovic 
network-manager-l2tp 1.2.6-2 was accepted into Debian sid :

   https://tracker.debian.org/pkg/network-manager-l2tp

The Debian package was automatically added to Ubuntu artful (17.10).

I've requested an Ubuntu backport of network-manager-l2tp from artful to
xenial (16.04) which includes intermediate zesty (17.04) and yakkety
(16:10) releases :

   https://bugs.launchpad.net/xenial-backports/+bug/1697934

Please vote for the backport by clicking the "this bug affects me" link
in the backport request.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/264691

Title:
  Please add NM option for connecting to L2TP IPSEC VPN

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager/+bug/264691/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1677990] Re: xl2tpd crash when tearing down L2TP/IPSec VPN connection

2017-05-15 Thread Douglas Kosovic 
Hi Brian,

I tested xl2tpd_1.3.6+dfsg-4ubuntu0.16.04.1_amd64.deb on xenial with
NetworkManager-l2tp and I'm no longer able to reproduce the xl2tpd
segmentation fault, nor is there any orphaned pppd process (which used
to happen after the parent xl2tpd process crashed)

Similarly with xl2tpd_1.3.6+dfsg-4ubuntu1_amd64.deb on yakkety.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677990

Title:
  xl2tpd crash when tearing down L2TP/IPSec VPN connection

To manage notifications about this bug go to:
https://bugs.launchpad.net/linuxmint/+bug/1677990/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 264691] Re: Please add NM option for connecting to L2TP IPSEC VPN

2017-03-13 Thread Douglas Kosovic 
There is now a new PPA, network-manager-l2tp 1.2.4 for 17.04 (zesty), 16.10 
(yakkety) and 16.04 (xenial) packages can be found here:
https://launchpad.net/~nm-l2tp/+archive/ubuntu/network-manager-l2tp

strongswan stable release updates for yakkety and xenial which fix the
aforementioned AppArmor name space issue were released in the last
couple of weeks. So I've decided to release PPA packages as Debian
strongswan doesn't have the fix yet. The network-manager-l2tp 1.2.4 PPA
packages on yakkety and xenial have explicit dependencies for the
versions of the strongswan packages with the fix.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/264691

Title:
  Please add NM option for connecting to L2TP IPSEC VPN

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager/+bug/264691/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] Re: strongswan ipsec status issue with apparmor

2017-02-17 Thread Douglas Kosovic 
I can confirm NetworkManager-l2tp is working fine with the following 
yakkety-proposed packages:
  strongswan_5.3.5-1ubuntu4.1_all
  strongswan-charon_5.3.5-1ubuntu4.1_amd64
  strongswan-libcharon_5.3.5-1ubuntu4.1_amd64
  strongswan-starter_5.3.5-1ubuntu4.1_amd64
  libstrongswan_5.3.5-1ubuntu4.1_amd64
  libstrongswan-standard-plugins_5.3.5-1ubuntu4.1_amd64

Only strongswan AppArmor related messages I see are just status messages
which are fine :

Feb 18 11:50:32 ubuntu audit[506]: AVC apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="/usr/lib/ipsec/charon" 
pid=506 comm="apparmor_parser"
Feb 18 11:50:32 ubuntu audit[507]: AVC apparmor="STATUS" 
operation="profile_load" profile="unconfined" name="/usr/lib/ipsec/stroke" 
pid=507 comm="apparmor_parser"


Having said that, on Yakkety Yak with the stock strongswan_5.3.5-1ubuntu4 
packages, (unlike Xenial Xerus) I'm able to establish a VPN connection with 
NetworkManager-l2tp even though I see lots of the following AppArmor denied 
messages :

Feb 18 11:43:33 ubuntu audit[4002]: AVC apparmor="DENIED"
operation="sendmsg" info="Failed name lookup - disconnected path"
error=-13 profile="/usr/lib/ipsec/charon" name="run/systemd/journal/dev-
log" pid=4002 comm="charon" requested_mask="w" denied_mask="w" fsuid=0
ouid=0


But I think strongswan 5.3.5-1ubuntu4.1 is definitely worthwhile to get rid of 
those AppArmor denied messages.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] Re: strongswan ipsec status issue with apparmor

2017-02-17 Thread Douglas Kosovic 
As far as NetworkManager-l2tp is concerned, I can confirm the strongswan
5.3.5-1ubuntu3.1 xenial-proposed package worked fine for me.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] Re: strongswan ipsec status issue with apparmor

2016-11-20 Thread Douglas Kosovic 
AppArmor is a Linux kernel security module that allows administrators to
restrict programs' capabilities with per-program profiles.

Disabling the charon and stroke Apparmor profiles is just a workaround
that removes the restrictions including the issue you having.

The other option is to edit the two profiles with a text editor and add
'flags=(attach_disconnected)'. But you have to be sure you know where it
needs to be added.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] Re: strongswan ipsec status issue with apparmor

2016-11-19 Thread Douglas Kosovic 
Sorry I gave bad advice, Apparmor complain mode won't help, it was the
attach_disconnected in the patch which fixes the issue.

Simplest solution without patching is to disable the charon and stroke Apparmor 
profiles as mentioned on:
  https://github.com/nm-l2tp/network-manager-l2tp/wiki

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] Re: strongswan ipsec status issue with apparmor

2016-11-19 Thread Douglas Kosovic 
If you are using network-manager-l2tp, the Apparmor strongswan issue is listed 
in the known issues on the Wiki:
  https://github.com/nm-l2tp/network-manager-l2tp/wiki

The patch just puts the AppArmor profiles for charon and stroke into
complain mode. The same can be achieved with the following command-
lines:

sudo aa-complain /etc/apparmor.d/usr.lib.ipsec.charon

sudo aa-complain /etc/apparmor.d/usr.lib.ipsec.stroke

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 264691] Re: Please add NM option for connecting to L2TP IPSEC VPN

2016-07-12 Thread Douglas Kosovic 
I've posted a summary of current NetworkManager-l2tp known issues and 
workarounds for Ubuntu and Debian here :
  https://github.com/nm-l2tp/network-manager-l2tp/issues/12

I haven't created a new network-manager-l2tp PPA because because of the
strongSwan AppArmor name space issue involving NetworkManager and also
some Ubuntu 16.04 users have had an issues with the system xl2tpd, but
not with a locally built copy. Unfortunately I haven't been able to
reproduce the xl2tpd issue since I changed computers a couple of months
ago.

I hope to submit a network-manager-l2tp package to Debian once the
strongSwan AppArmor issue has been resolved.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/264691

Title:
  Please add NM option for connecting to L2TP IPSEC VPN

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager/+bug/264691/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] Re: strongswan ipsec status issue with apparmor

2016-06-28 Thread Douglas Kosovic 
Sorry, you are correct, I had forgotten I had changed to "complain" a
while back for the two profiles to help with debugging.

On a clean Ubuntu 16.04 install, I can confirm with just
flags=(attach_disconnected) for the two profiles, things work as
expected.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] Re: strongswan ipsec status issue with apparmor

2016-06-25 Thread Douglas Kosovic 
Somehow forgot the attachment, find attached.

** Patch added: "/etc/apparmor.d/usr.lib.ipsec.* patch"
   
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1587886/+attachment/4690136/+files/usr.lib.ipsec.patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] Re: strongswan ipsec status issue with apparmor

2016-06-25 Thread Douglas Kosovic 
I wasn't able to reproduce issue from the command-line with
NetworkManager-l2tp, it only happens after NetworkManager-l2tp restarts
strongSwan under NetworkManager.

Turns out it is the same NetworkManager issue as the following :
   https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1244157/comments/7

I used the attached patch for :
/etc/apparmor.d/usr.lib.ipsec.charon
/etc/apparmor.d/usr.lib.ipsec.stroke

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] Re: strongswan ipsec status issue with apparmor

2016-06-02 Thread Douglas Kosovic 
Doesn't appear to matter if bare metal PC or VM.

So far haven't been able to reproduce 'ipsec status' issue other than
using network-manager-l2tp, but need to do more comprehensive command-
line tests that mimics better what network-manager-l2tp is doing.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] Re: strongswan ipsec status issue with apparmor

2016-06-01 Thread Douglas Kosovic 
Hi Simon,

UEFI Lenovo desktop PC is what I'm running Xenial on.

I'm the new maintainer for network-manager-l2tp VPN plugin for NetworkManger :
   https://github.com/nm-l2tp/network-manager-l2tp

I started an IPSec/L2TP connection using network-manager-l2tp before
issuing the 'sudo ipsec status'.  So it may be something with network-
manager-l2tp IPSec connections that triggers the issue.


I've encountered a few scenarios with strongswan and network-manager-l2tp where 
an IPSec connection hasn't been established yet, and was hoping to check the 
connection status in the code by invoking 'ipsec status {connection name}', 
before it tries to do a L2TP connection.

Tommorow I'll try and do a bit more testing on other Xenial installs and
maybe try an IPSec connection without network-manager-l2tp on the PC
with the issue to see if I can reproduce. Will get back to you.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1587886] [NEW] strongswan ipsec status issue with apparmor

2016-06-01 Thread Douglas Kosovic 
Public bug reported:

$ lsb_release -rd
Description:Ubuntu 16.04 LTS
Release:16.04

$ apt-cache policy strongswan
strongswan:
  Installed: 5.3.5-1ubuntu3
  Candidate: 5.3.5-1ubuntu3
  Version table:
 *** 5.3.5-1ubuntu3 500
500 http://au.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
500 http://au.archive.ubuntu.com/ubuntu xenial/main i386 Packages
100 /var/lib/dpkg/status


Looks like 'ipsec status' might be causing strongswan's charon to write
to run/systemd/journal/dev-log instead of /run/systemd/journal/dev-log
and apparmor doesn't like it.

Extract from /etc/apparmor.d/abstractions/base :
  /{,var/}run/systemd/journal/dev-log w,

With an established ipsec connection, issue the following :

$ sudo ipsec status
connecting to 'unix:///var/run/charon.ctl' failed: Permission denied
failed to connect to stroke socket 'unix:///var/run/charon.ctl'


$ journalctl
...
Jun 01 12:15:07 ThinkCentre-M900 kernel: audit: type=1400 
audit(1464785297.366:491): apparmor="DENIED" operation="connect" info="Failed 
name lookup - disconnected path" error=-13 profile="/usr/lib/ipsec/charon" 
name="run/systemd/journal/dev-log" pid=4994 comm="charon" requested_mask="w" 
denied_mask="w" fsuid=0 ouid=0
...

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: strongswan 5.3.5-1ubuntu3
ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8
Uname: Linux 4.4.0-22-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Jun  1 23:06:53 2016
InstallationDate: Installed on 2016-05-11 (21 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
PackageArchitecture: all
SourcePackage: strongswan
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: strongswan (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: apport-bug strongswan xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886

Title:
  strongswan ipsec status issue with apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1587886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs