Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1017379: nm-openvpn: capng_change_id() failed applying capabilities: Operation not permitted (errno=1)
695 views
Skip to first unread message
Benjamin Eikel
Aug 15, 2022, 3:50:04 AM8/15/22
to
Package: network-manager-openvpn
Version: 1.8.18-3
Severity: important
I upgraded some packages today and since then, I cannot connect to VPNs anymore.
* network-manager: 1.38.2-1 --> 1.38.4-1
* systemd: 251.3-1 --> 251.4-1
The connection seems to be successful at first, but then an error occurs (IP
addresses replaced by 1.2.3.4):
Aug 15 09:24:45 myhostname nm-openvpn[11804]: OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
Aug 15 09:24:45 myhostname nm-openvpn[11804]: library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 15 09:24:45 myhostname nm-openvpn[11804]: TCP/UDP: Preserving recently used remote address: [AF_INET]1.2.3.4:1200
Aug 15 09:24:45 myhostname nm-openvpn[11804]: UDPv4 link local: (not bound)
Aug 15 09:24:45 myhostname nm-openvpn[11804]: UDPv4 link remote: [AF_INET]1.2.3.4:1200
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Aug 15 09:24:46 myhostname nm-openvpn[11804]: [fws-kef] Peer Connection Initiated with [AF_INET]1.2.3.4:1200
Aug 15 09:24:46 myhostname nm-openvpn[11804]: sitnl_send: rtnl: generic error (-17): File exists
Aug 15 09:24:46 myhostname nm-openvpn[11804]: DCO device tun1 opened
Aug 15 09:24:46 myhostname nm-openvpn[11804]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 11799 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_6 --tun -- tun1 1500 0 1.2.3.4 1.2.3.4 init
Aug 15 09:24:46 myhostname NetworkManager[1051]: <info> [1660548286.3476] manager: (tun1): new Generic device (/org/freedesktop/NetworkManager/Devices/12)
Aug 15 09:24:46 myhostname kded5[3196]: org.kde.plasma.nm.kded: Unhandled VPN connection state change: 4
Aug 15 09:24:46 myhostname NetworkManager[1051]: <info> [1660548286.3784] device (tun1): carrier: link connected
Aug 15 09:24:46 myhostname nm-openvpn[11804]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Aug 15 09:24:46 myhostname nm-openvpn[11804]: capng_change_id() failed applying capabilities: Operation not permitted (errno=1)
Aug 15 09:24:46 myhostname nm-openvpn[11804]: NOTE: previous error likely due to missing capability CAP_SETPCAP.
Aug 15 09:24:46 myhostname nm-openvpn[11804]: Exiting due to fatal error
Aug 15 09:24:46 myhostname nm-openvpn[11804]: net_addr_v4_del: 1.2.3.4 dev tun1
Aug 15 09:24:46 myhostname nm-openvpn[11804]: sitnl_send: rtnl: generic error (-99): Cannot assign requested address
Aug 15 09:24:46 myhostname nm-openvpn[11804]: Linux can't del IP from iface tun1
Aug 15 09:24:46 myhostname kernel: tun1: tun1: deleting peer with id 28, reason 0
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-4-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages network-manager-openvpn depends on:
ii adduser 3.123
ii libc6 2.34-3
ii libglib2.0-0 2.72.3-1+b1
ii libnm0 1.38.4-1
ii network-manager 1.38.4-1
ii openvpn 2.6.0~git20220811-1
network-manager-openvpn recommends no packages.
network-manager-openvpn suggests no packages.
-- no debconf information
Version: 1.8.18-3
Severity: important
I upgraded some packages today and since then, I cannot connect to VPNs anymore.
* network-manager: 1.38.2-1 --> 1.38.4-1
* systemd: 251.3-1 --> 251.4-1
The connection seems to be successful at first, but then an error occurs (IP
addresses replaced by 1.2.3.4):
Aug 15 09:24:45 myhostname nm-openvpn[11804]: OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
Aug 15 09:24:45 myhostname nm-openvpn[11804]: library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 15 09:24:45 myhostname nm-openvpn[11804]: TCP/UDP: Preserving recently used remote address: [AF_INET]1.2.3.4:1200
Aug 15 09:24:45 myhostname nm-openvpn[11804]: UDPv4 link local: (not bound)
Aug 15 09:24:45 myhostname nm-openvpn[11804]: UDPv4 link remote: [AF_INET]1.2.3.4:1200
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Aug 15 09:24:46 myhostname nm-openvpn[11804]: [fws-kef] Peer Connection Initiated with [AF_INET]1.2.3.4:1200
Aug 15 09:24:46 myhostname nm-openvpn[11804]: sitnl_send: rtnl: generic error (-17): File exists
Aug 15 09:24:46 myhostname nm-openvpn[11804]: DCO device tun1 opened
Aug 15 09:24:46 myhostname nm-openvpn[11804]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 11799 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_6 --tun -- tun1 1500 0 1.2.3.4 1.2.3.4 init
Aug 15 09:24:46 myhostname NetworkManager[1051]: <info> [1660548286.3476] manager: (tun1): new Generic device (/org/freedesktop/NetworkManager/Devices/12)
Aug 15 09:24:46 myhostname kded5[3196]: org.kde.plasma.nm.kded: Unhandled VPN connection state change: 4
Aug 15 09:24:46 myhostname NetworkManager[1051]: <info> [1660548286.3784] device (tun1): carrier: link connected
Aug 15 09:24:46 myhostname nm-openvpn[11804]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Aug 15 09:24:46 myhostname nm-openvpn[11804]: capng_change_id() failed applying capabilities: Operation not permitted (errno=1)
Aug 15 09:24:46 myhostname nm-openvpn[11804]: NOTE: previous error likely due to missing capability CAP_SETPCAP.
Aug 15 09:24:46 myhostname nm-openvpn[11804]: Exiting due to fatal error
Aug 15 09:24:46 myhostname nm-openvpn[11804]: net_addr_v4_del: 1.2.3.4 dev tun1
Aug 15 09:24:46 myhostname nm-openvpn[11804]: sitnl_send: rtnl: generic error (-99): Cannot assign requested address
Aug 15 09:24:46 myhostname nm-openvpn[11804]: Linux can't del IP from iface tun1
Aug 15 09:24:46 myhostname kernel: tun1: tun1: deleting peer with id 28, reason 0
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-4-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages network-manager-openvpn depends on:
ii adduser 3.123
ii libc6 2.34-3
ii libglib2.0-0 2.72.3-1+b1
ii libnm0 1.38.4-1
ii network-manager 1.38.4-1
ii openvpn 2.6.0~git20220811-1
network-manager-openvpn recommends no packages.
network-manager-openvpn suggests no packages.
-- no debconf information
Benjamin Eikel
Aug 15, 2022, 4:20:03 AM8/15/22
to
Package: network-manager-openvpn
Followup-For: Bug #1017379
I saw that openvpn had also been upgraded. Downgrading from 2.6.0~git20220811-1
to 2.6.0~git20220808-1 fixes it for me. So prob
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-4-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages network-manager-openvpn depends on:
ii adduser 3.123
ii libc6 2.34-3
ii libglib2.0-0 2.72.3-1+b1
ii libnm0 1.38.4-1
ii network-manager 1.38.4-1
ii openvpn 2.6.0~git20220808-1
Followup-For: Bug #1017379
I saw that openvpn had also been upgraded. Downgrading from 2.6.0~git20220811-1
to 2.6.0~git20220808-1 fixes it for me. So prob
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-4-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages network-manager-openvpn depends on:
ii adduser 3.123
ii libc6 2.34-3
ii libglib2.0-0 2.72.3-1+b1
ii libnm0 1.38.4-1
ii network-manager 1.38.4-1
Benjamin Eikel
Aug 15, 2022, 4:30:03 AM8/15/22
to
Package: network-manager-openvpn
Followup-For: Bug #1017379
reassign 1017379 openvpn 2.6.0~git20220811-1
Followup-For: Bug #1017379
Sorry, I have sent an incomplete version of my last message. I wanted to add
that this issue probably should be moved to the openvpn package. I tried to add
a `reassign` command to my message, let's see if this works.
Bernhard Schmidt
Aug 15, 2022, 6:10:04 AM8/15/22
to
Control: severity -1 serious
Control: forwarded -1 https://sourceforge.net/p/openvpn/mailman/message/37693662/
Control: tags -1 confirmed upstream
On 15/08/22 09:36 AM, Benjamin Eikel wrote:
> Aug 15 09:24:46 myhostname nm-openvpn[11804]: capng_change_id() failed applying capabilities: Operation not permitted (errno=1)
> Aug 15 09:24:46 myhostname nm-openvpn[11804]: NOTE: previous error likely due to missing capability CAP_SETPCAP.
> Aug 15 09:24:46 myhostname nm-openvpn[11804]: Exiting due to fatal error
Thanks for the report.
Upstream is looking into it, see
https://sourceforge.net/p/openvpn/mailman/message/37693662/ . Until this
is done, raising the severity to prevent testing migration.
Bernhard
Control: forwarded -1 https://sourceforge.net/p/openvpn/mailman/message/37693662/
Control: tags -1 confirmed upstream
On 15/08/22 09:36 AM, Benjamin Eikel wrote:
> Aug 15 09:24:46 myhostname nm-openvpn[11804]: capng_change_id() failed applying capabilities: Operation not permitted (errno=1)
> Aug 15 09:24:46 myhostname nm-openvpn[11804]: NOTE: previous error likely due to missing capability CAP_SETPCAP.
> Aug 15 09:24:46 myhostname nm-openvpn[11804]: Exiting due to fatal error
Upstream is looking into it, see
https://sourceforge.net/p/openvpn/mailman/message/37693662/ . Until this
is done, raising the severity to prevent testing migration.
Bernhard
0 new messages