Just upgraded one of my laptops to 13.2 and I’m now having trouble getting my company’s VPN software to work. We use Juniper’s Network Connect software; its a java applet that you launch once you’ve logged into the corporate website (RSA token, etc.). It worked fine in 12.1 before I upgraded and works fine in 13.1 on my other laptop. In 13.2, it connects and launches the vpn applet just fine, but when it gets to assigning an IP and creating the network tunnel, it detects something changing the route table and disconnects.
This is with NetworkManager. If I switch to wicked, everything works fine, but then I don’t have any good way to manage my wireless connections. So it seems that the new NetworkManager is doing some tricky with the route table that it did not used to do that is causing this issue. What I’m wondering is if this is
a) a bug.
b) a config issue that I can tweak in the network settings to fix
c) intended behavior that I’m just out of luck with.
Here’s the info that I’ve got that might help and I’m happy to provide anything else
routing table before launching vpn:
Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface
default www 0.0.0.0 UG 1024 0 0 enp0s25
192.168.0.0 * 255.255.255.0 U 0 0 0 enp0s25
Connection started:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default www 0.0.0.0 UG 1024 0 0 enp0s25
vortex.scea.com www 255.255.255.255 UGH 1 0 0 enp0s25
192.168.0.0 * 255.255.255.0 U 0 0 0 enp0s25
www * 255.255.255.255 UH 1 0 0 enp0s25
192.168.45.0 * 255.255.255.0 U 0 0 0 tun0
Connection completed, IP being assigned:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default pd-vpn-145.989s 0.0.0.0 UG 1 0 0 tun0
default www 0.0.0.0 UG 1024 0 0 enp0s25
vortex.scea.com www 255.255.255.255 UGH 1 0 0 enp0s25
192.168.0.0 pd-vpn-145.989s 255.255.255.0 UG 1 0 0 tun0
192.168.0.0 * 255.255.255.0 U 10 0 0 enp0s25
www * 255.255.255.255 UH 1 0 0 enp0s25
192.168.45.0 * 255.255.255.0 U 0 0 0 tun0
and this is the error message I get in the VPN logs:
20141213144459.150662 ncsvc[p26114.t26114] rmon.error Unauthorized new route to 192.168.45.0/0.0.0.0 has been added (conflicts with our route to 0.0.0.0), disconnecting (routemon.cpp:598)
This is the output from journalctl related to network manager when the connection is happening
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): carrier is OFF
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): new Tun device (driver: ‘unknown’ ifindex: 12)
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): exported as /org/freedesktop/NetworkManager/Devices/8
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): link connected
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): device state change: unmanaged → unavailable (reason ‘connection-assumed’) [10 20 41]
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): device state change: unavailable → disconnected (reason ‘connection-assumed’) [20 30 41]
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) starting connection ‘tun0’
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 1 of 5 (Device Prepare) scheduled…
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 1 of 5 (Device Prepare) started…
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): device state change: disconnected → prepare (reason ‘none’) [30 40 0]
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 2 of 5 (Device Configure) scheduled…
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 1 of 5 (Device Prepare) complete.
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 2 of 5 (Device Configure) starting…
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): device state change: prepare → config (reason ‘none’) [40 50 0]
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 2 of 5 (Device Configure) successful.
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 3 of 5 (IP Configure Start) scheduled.
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 2 of 5 (Device Configure) complete.
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 3 of 5 (IP Configure Start) started…
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): device state change: config → ip-config (reason ‘none’) [50 70 0]
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 5 of 5 (IPv4 Configure Commit) scheduled…
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 3 of 5 (IP Configure Start) complete.
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 5 of 5 (IPv4 Commit) started…
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): device state change: ip-config → ip-check (reason ‘none’) [70 80 0]
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) Stage 5 of 5 (IPv4 Commit) complete.
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): device state change: ip-check → secondaries (reason ‘none’) [80 90 0]
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> (tun0): device state change: secondaries → activated (reason ‘none’) [90 100 0]
Dec 13 15:45:16 gyrfalcon.site NetworkManager[7112]: <info> Activation (tun0) successful, device activated.
Dec 13 15:45:16 gyrfalcon.site dbus[856]: [system] Activating via systemd: service name=‘org.freedesktop.nm_dispatcher’ unit=‘dbus-org.freedesktop.nm-dispatcher.service’
Dec 13 15:45:16 gyrfalcon.site dbus[856]: [system] Successfully activated service ‘org.freedesktop.nm_dispatcher’
Dec 13 15:45:16 gyrfalcon.site nm-dispatcher[10202]: Dispatching action ‘up’ for tun0
Thanks to anyone who can give a helping hand.