[Pkg-utopia-maintainers] Bug#1017379: nm-openvpn: capng_change_id() failed applying capabilities: Operation not permitted (errno=1)

Benjamin Eikel debian at eikel.org
Mon Aug 15 08:36:11 BST 2022 

Package: network-manager-openvpn
Version: 1.8.18-3
Severity: important

I upgraded some packages today and since then, I cannot connect to VPNs anymore.
* network-manager: 1.38.2-1 --> 1.38.4-1
* systemd: 251.3-1 --> 251.4-1

The connection seems to be successful at first, but then an error occurs (IP
addresses replaced by 1.2.3.4):

Aug 15 09:24:45 myhostname nm-openvpn[11804]: OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
Aug 15 09:24:45 myhostname nm-openvpn[11804]: library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 15 09:24:45 myhostname nm-openvpn[11804]: TCP/UDP: Preserving recently used remote address: [AF_INET]1.2.3.4:1200
Aug 15 09:24:45 myhostname nm-openvpn[11804]: UDPv4 link local: (not bound)
Aug 15 09:24:45 myhostname nm-openvpn[11804]: UDPv4 link remote: [AF_INET]1.2.3.4:1200
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Aug 15 09:24:46 myhostname nm-openvpn[11804]: [fws-kef] Peer Connection Initiated with [AF_INET]1.2.3.4:1200
Aug 15 09:24:46 myhostname nm-openvpn[11804]: sitnl_send: rtnl: generic error (-17): File exists
Aug 15 09:24:46 myhostname nm-openvpn[11804]: DCO device tun1 opened
Aug 15 09:24:46 myhostname nm-openvpn[11804]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 11799 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_6 --tun -- tun1 1500 0 1.2.3.4 1.2.3.4 init
Aug 15 09:24:46 myhostname NetworkManager[1051]: <info>  [1660548286.3476] manager: (tun1): new Generic device (/org/freedesktop/NetworkManager/Devices/12)
Aug 15 09:24:46 myhostname kded5[3196]: org.kde.plasma.nm.kded: Unhandled VPN connection state change:  4
Aug 15 09:24:46 myhostname NetworkManager[1051]: <info>  [1660548286.3784] device (tun1): carrier: link connected
Aug 15 09:24:46 myhostname nm-openvpn[11804]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Aug 15 09:24:46 myhostname nm-openvpn[11804]: capng_change_id() failed applying capabilities: Operation not permitted (errno=1)
Aug 15 09:24:46 myhostname nm-openvpn[11804]: NOTE: previous error likely due to missing capability CAP_SETPCAP.
Aug 15 09:24:46 myhostname nm-openvpn[11804]: Exiting due to fatal error
Aug 15 09:24:46 myhostname nm-openvpn[11804]: net_addr_v4_del: 1.2.3.4 dev tun1
Aug 15 09:24:46 myhostname nm-openvpn[11804]: sitnl_send: rtnl: generic error (-99): Cannot assign requested address
Aug 15 09:24:46 myhostname nm-openvpn[11804]: Linux can't del IP from iface tun1
Aug 15 09:24:46 myhostname kernel: tun1: tun1: deleting peer with id 28, reason 0

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.18.0-4-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages network-manager-openvpn depends on:
ii  adduser          3.123
ii  libc6            2.34-3
ii  libglib2.0-0     2.72.3-1+b1
ii  libnm0           1.38.4-1
ii  network-manager  1.38.4-1
ii  openvpn          2.6.0~git20220811-1

network-manager-openvpn recommends no packages.

network-manager-openvpn suggests no packages.

-- no debconf information

More information about the Pkg-utopia-maintainers mailing list