Bug#1070343: openfortivpn: stopped working after today's upgrade in Debian testing

[Francesco Poli]

Control: severity -1 important
Control: retitle -1 please warn users about the option --pppd-accept-remote 
needed for ppp >= 2.5.0


On Sat, 04 May 2024 00:23:32 +0200 Francesco Poli (wintermute) wrote:

[...]
>   Peer refused to agree to his IP address
[...]

I tried to downgrade ppp to version 2.4.9-1+1.1+b1 and openfortivpn is
working again.

By searching the web, I found openfortigui issue [#194], which mentions
the new option --pppd-accept-remote that has to be used with
openfortvpn, when ppp version >= 2.5.0 ...

[#194]: 

I actually added

  pppd-accept-remote = true

to my /etc/openfortivpn/MYNETWORK and now openfortivpn works again
(with ppp/2.5.0-1+2).

I am therefore lowering the severity of this bug report.

I am not closing it, though, since I believe that such an important
behavior change (the need to add an option, if ppp version >= 2.5.0)
should really be communicated to the users of the openfortivpn Debian
package users.
Maybe a NEWS.Debian file in /usr/share/doc/openfortivpn could be added
to document this new need?
I really believe that users should be warned about this!




-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpZHMqUG_HMM.pgp
Description: PGP signature

Bug#1070343: openfortivpn: stopped working after today's upgrade in Debian testing

[Francesco Poli (wintermute)]

Package: openfortivpn
Version: 1.22.0-1
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: invernom...@paranoici.org

Hello!
Thanks a lot for maintaining this useful package in Debian.
I use it often to connect to a Fortinet VPN.

Unfortunately, after today's (many) upgrades in Debian testing,
it stopped working (same configuration file that has worked fine
up to yesterday).

Now it does:

  # openfortivpn -c /etc/openfortivpn/MYNETWORK
  VPN account password:
  INFO:   Connected to gateway.
  INFO:   Authenticated.
  INFO:   Remote gateway has allocated a VPN.
  Using interface ppp0
  Connect: ppp0 <--> /dev/pts/7
  INFO:   Got addresses: [192.168.240.2], ns [X.Y.Z.A, X.Y.Z.B]
  INFO:   Negotiation complete.
  INFO:   Negotiation complete.
  Peer refused to agree to his IP address
  Connect time 0.1 minutes.
  Sent 1101 bytes, received 1081 bytes.

and remains stuck, seemingly doing nothing, until I hit [Ctrl+C]:

  ^CINFO:   Cancelling threads...
  INFO:   Cleanup, joining threads...
  Hangup (SIGHUP)
  Modem hangup
  Connection terminated.
  INFO:   pppd: The link was terminated by the modem hanging up.
  INFO:   Terminated pppd.
  INFO:   Closed connection to gateway.
  INFO:   Logged out.

I tried to downgrade to openfortivpn/1.21.0-2, but this didn't help.
I cannot understand what's wrong.
Could it be the ugrade of libc6?

  [UPGRADE] libc6:amd64 2.37-18 -> 2.37-19
  [UPGRADE] libc6-dbg:amd64 2.37-18 -> 2.37-19
  [UPGRADE] libc6-dev:amd64 2.37-18 -> 2.37-19

Looks unlikely...

Please note that I can connect to the same Fortinet VPN with
openconnect, and it works.

Please investigate and fix this bug as soon as possible.
Thanks a lot for your time and dedication!


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (800, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openfortivpn depends on:
ii  libc62.37-19
ii  libssl3t64   3.2.1-3
ii  libsystemd0  255.5-1
ii  ppp  2.5.0-1+2

openfortivpn recommends no packages.

Versions of packages openfortivpn suggests:
pn  resolvconf  

-- Configuration Files:
/etc/openfortivpn/config [Errno 13] Permission denied: 
'/etc/openfortivpn/config'

-- no debconf information