Bug 1212336

Summary: openfortivpn systemd daemon sd_notify
Product: [openSUSE] openSUSE Tumbleweed Reporter: Dmitry Markov <werwolf131313>
Component: NetworkAssignee: Martin Hauke <mardnh>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: werwolf131313
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Dmitry Markov 2023-06-14 04:02:49 UTC 
to work you have to use openfortivpn
systemd service works out of the box, but after a while it turns off because it thinks it could not start
It's all the fault of Type=notify, according to the developers, this should work, but only Type=simple works in opensuse.

> [werwolf@work] ~  
> ❯ sudo systemctl cat openfortivpn@ 
> # /usr/lib/systemd/system/openfortivpn@.service
> [Unit]
> Description=OpenFortiVPN for %I
> After=network-online.target
> Documentation=man:openfortivpn(1)
> 
> [Service]
> Type=notify
> PrivateTmp=true
> # added automatically, for details please see
> # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
> ProtectSystem=full
> ProtectHome=true
> ProtectHostname=true
> ProtectKernelTunables=true
> ProtectKernelModules=true
> ProtectKernelLogs=true
> ProtectControlGroups=true
> RestrictRealtime=true
> # end of automatic additions 
> ExecStart=/usr/bin/openfortivpn -c /etc/openfortivpn/%I.conf
> OOMScoreAdjust=-100
> 
> [Install]
> WantedBy=multi-user.target
> 
> # /etc/systemd/system/openfortivpn@sd.service.d/override.conf
> [Service]
> Type=simple
Comment 1 Dmitry Markov 2023-06-14 04:09:37 UTC 
I'm not sure if the package is the problem. maybe the problem is in upstream, so I also duplicated the issue there.

https://github.com/adrienverge/openfortivpn/issues/1113
Comment 2 Dmitry Markov 2023-06-14 04:10:34 UTC 
log without override:

> Jun 14 08:54:22 work openfortivpn[1974]: INFO:   Interface ppp0 is UP.
> Jun 14 08:54:22 work openfortivpn[1974]: INFO:   Setting new routes...
> Jun 14 08:54:22 work openfortivpn[1974]: INFO:   Adding VPN nameservers...
> Jun 14 08:54:22 work openfortivpn[1974]: INFO:   Tunnel is up and running.
> Jun 14 08:55:42 work systemd[1]: openfortivpn@sd.service: start operation timed out. Terminating.
> Jun 14 08:55:42 work openfortivpn[1974]: INFO:   Cancelling threads...
> Jun 14 08:55:42 work pppd[2008]: Terminating on signal 15
> Jun 14 08:55:42 work openfortivpn[2008]: Terminating on signal 15
> Jun 14 08:55:42 work openfortivpn[2008]: Connect time 1.4 minutes.
> Jun 14 08:55:42 work openfortivpn[2008]: Sent 1083455 bytes, received 2936678 bytes.
> Jun 14 08:55:42 work pppd[2008]: Connect time 1.4 minutes.
> Jun 14 08:55:42 work openfortivpn[1974]: INFO:   Cleanup, joining threads...
> Jun 14 08:55:42 work openfortivpn[1974]: INFO:   Setting ppp0 interface down.
> Jun 14 08:55:42 work openfortivpn[1974]: INFO:   Restoring routes...
> Jun 14 08:55:42 work openfortivpn[1974]: WARN:   Could not delete route through tunnel (No such process).
> Jun 14 08:55:42 work openfortivpn[1974]: INFO:   Removing VPN nameservers...
> Jun 14 08:55:42 work pppd[2008]: Sent 1083455 bytes, received 2936678 bytes.
> Jun 14 08:55:42 work openfortivpn[2008]: Hangup (SIGHUP)
> Jun 14 08:55:42 work openfortivpn[2008]: Modem hangup
> Jun 14 08:55:42 work openfortivpn[2008]: Connection terminated.
> Jun 14 08:55:42 work pppd[2008]: Hangup (SIGHUP)
> Jun 14 08:55:42 work pppd[2008]: Modem hangup
> Jun 14 08:55:42 work pppd[2008]: Connection terminated.
> Jun 14 08:55:42 work pppd[2008]: Script /etc/ppp/ip-down finished (pid 2791), status = 0x0
> Jun 14 08:55:42 work openfortivpn[2008]: Script /etc/ppp/ip-down finished (pid 2791), status = 0x0
> Jun 14 08:55:42 work pppd[2008]: Exit.
> Jun 14 08:55:42 work openfortivpn[1974]: INFO:   pppd: The link was terminated by the modem hanging up.
> Jun 14 08:55:42 work openfortivpn[1974]: INFO:   Terminated pppd.
> Jun 14 08:55:42 work openfortivpn[1974]: INFO:   Closed connection to gateway.
> Jun 14 08:55:43 work openfortivpn[1974]: INFO:   Logged out.
> Jun 14 08:55:43 work systemd[1]: openfortivpn@sd.service: Failed with result 'timeout'.
> Jun 14 08:55:43 work systemd[1]: Failed to start OpenFortiVPN for sd.
> Jun 14 08:55:43 work systemd[1]: openfortivpn@sd.service: Consumed 1.085s CPU time.
Comment 3 Martin Hauke 2023-08-27 16:51:53 UTC 
openfortivpn so far was not build with support for systemd.
This should be fixed with the following SR
https://build.opensuse.org/request/show/1106181
Comment 4 Dmitry Markov 2023-12-26 15:10:50 UTC 
Sorry, I forgot to note that this fix worked for me.