Bug 22418

(In reply to Alberto Girlando from comment #0)

> 
> Looking around over the internet, it seems this is connect to a recent
> upgrade of vpnc or iproute2, but I don't know if these packages have been
> updated recently (many packages have been, but I did not keep trace)

The last changelog message I see for vpnc is:

------------------------------------------------------------------------
r1120596 | umeabot | 2017-07-14 15:41:29 +0200 (vr, 14 jul 2017) | 1 line

SILENT Branching for Mageia 6
------------------------------------------------------------------------

So vpnc didn't get updated.

However, iproute2-4.14.1-1.mga6 became available on 28 December

https://advisories.mageia.org/MGAA-2017-0134.html

That's three weeks ago, but many of our mirrors have had problems, so it is possible you updated it only a week ago.

Please give the output of: 

    rpm -qa --last | grep iproute2

Source RPM: vpnc-0.5.3-13.mga6 => vpnc-0.5.3-13.mga6, iproute2
CC: (none) => marja11, tmb

Thanks Maria. Then it is iproute2, because I do not use vpnc quite often.
Indeed this is the output of the rpm command:
iproute2-4.14.1-1.mga6.x86_64         Fri 29 Dec 2017 08:11:30 AM

Before opening the bug, I tried to downgrade with urpmi (this was the suggestion over the internet for arclinux or fedora): 
urpmi --downgrade iproute2
but this re-installed the present version.

you need to be specific about what to downgrade to, so:

urpmi --downgrade iproute2-4.9.0-1.mga6

Thanks Thomas, I did not know how the command worked, or how I could see what the previous version was. Anyway, this solved the problem for me. I do not know if you want to close the bug, or change to iproute2 or whatever.

You can do:

urpmq --sources

No, its still a vpnc issue as it needs to cope with new iproute2 and its 4.14 support

Assigning to all packagers collectively, since there is no registered maintainer for this package.

Assignee: bugsquad => pkg-bugs
Source RPM: vpnc-0.5.3-13.mga6, iproute2 => vpnc-0.5.3-13.mga6

Alberto,

Can you please try this patched version of vpnc:
ftp://kekepower.myftp.org/linux/shlomi/vpnc-0.5.3-14.mga6.x86_64.rpm


Cheers,
Stig

CC: (none) => smelror

Alberto,

another solution may be to try openconnect. It's in MGA6, though "only" at version 6.00.
openconnect-6.00-4.mga6

http://www.infradead.org/openconnect/

I have no idea if this works with the equipment you're trying to connect to, but it may be worth a try.

Cheers,
Stig

No Stig, patched version of vpnc does not work, gives same error as the non-patched one. I tried openconnect, and did not work, with a different error. Googling around I found that the protocol my University uses (juniper) is not implemented in version 6 of openconnect, but only in version 7. So I downgraded again iproute2.

Alberto.

Thanks for taking the time to test.

I'll see if I can help you with this.

Cheers,
Stig

I'm working with openconnect (7.08-1.mga6 ) and with iproute2-4.14.1-1.mga6, I can not use the vpn, and I have the following error :

Error: either "to" is duplicate, or "uid" is a garbage.

if I downgrade iproute2 to 4.9.0-1.mga6, the vpn is working again

CC: (none) => eric.gerbier

another tip : connexion to vpn by networkmanager graphical interface (with networkmanager-openconnect) works with iproute2-4.14.1-1.

the problem appears just in command line

I've been having problems on Cauldron based machines getting vpnc over nw-manager to work (using Plasma) - although all settings are correct - no errors, just fails to connect (timeout)

Under Linux Mint works just fine with exact same settings

CC: (none) => rfox

I am observing this on my fresh install of Mageia 6.

I run openconnect as follows:

# /usr/sbin/openconnect -u myusername myvpnprovider.com

I noticed the output of
/sbin/ip route get <my vpn IP address>
(this is what the vpnc-script runs)
includes the string 'uid' from the openconnect complaint.

Also there's somebody else describing it at
https://ask.fedoraproject.org/en/question/106252/openconnect-either-to-is-duplicate-or-uid-is-garbage/

I used the below diff to fix it and am able to vpn now:

$ diff -u etc/vpnc/vpnc-script /etc/vpnc/vpnc-script 
--- etc/vpnc/vpnc-script        2016-02-12 21:19:30.000000000 +0100
+++ /etc/vpnc/vpnc-script       2019-02-24 17:57:45.422476999 +0100
@@ -116,7 +116,7 @@
 
 if [ -n "$IPROUTE" ]; then
        fix_ip_get_output () {
-               sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit[0-9]\+//g;s/ipid 0x....//g'
+               sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit[0-9]\+//g;s/ipid 0x....//g;s/uid 0//g'
        }
 
        set_vpngateway_route() {

CC: (none) => tropikhajma

Created attachment 10783 [details]
patch

(In reply to pavel heimlich from comment #15)
> Created attachment 10783 [details]
> patch

Thanks for the patch.

Can you please help me understand what the patch does?

Cheers,
Stig

it removes the string 'uid 0' from the output of /sbin/ip.
This string apparently appeared there sometime after iproute2 4.9.0-1.mga6

Here's what the output of ip(8) looks like on my machine:

# /sbin/ip route get <myvpnIPaddress>
<myvpnIPaddress> via 192.168.3.1 dev enp4s0 src 192.168.3.240 uid 0
     cache

I confirm:

Patched vpnc 0.53.13.mga6 (x64) now works wit iproute2 4.14.1-1.mga6.

Thank you Pavel ! The bug can be probably closed.

note you should use something like 'uid [0-9]\+' instead of 'uid 0' so it works also for users other than root.

I have tested the given patch too, and I also confirm : it works !

Mageia 6 changed to end-of-life (EOL) status on 2019-09-30. It is no longer 
maintained, which means that it will not receive any further security or bug 
fix updates.

Package Maintainer: If you wish for this bug to remain open because you plan 
to fix it in a currently maintained version, simply change the 'version' to 
a later Mageia version.

Bug Reporter: Thank you for reporting this issue and we are sorry that we 
weren't able to fix it before Mageia 6's end of life. If you are able to 
reproduce it against a later version of Mageia, you are encouraged to click 
on "Version" and change it against that version of Mageia.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a more recent
Mageia release includes newer upstream software that fixes bugs or makes them
obsolete.

If you would like to help fixing bugs in the future, don't hesitate to join the
packager team via our mentoring program [1] or join the teams that fit you 
most [2].

[1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager
[2] http://www.mageia.org/contribute/

Best regards,
Aurélien
Bugsquad Team

Status: NEW => RESOLVED
Resolution: (none) => FIXED
CC: (none) => ouaurelien