0.1.1 doesn't seem to add anything at all

[Dan2552]

• cisco VPN
• 0.1.0 worked but doesn't support adding groupname

It provides warnings fine if you miss out settings: Warning: You did not provide a group name for service <abc>

[halo]

Hi Dan, thanks for your feedback!

• Which parameters do you provide to the command? (I'm asking to make sure this is not a problem)
• Which output do you get? (I'm asking because I ran into hard-crashes before that would "not do anything", as you describe it)
• Does the --debug output show you anything useful? (I'm asking because I want to find out where exactly it hangs)

Also, please try this version. (I basically just made sure it compiled correctly and I added more debugging output where I suspect it could crash).

[Dan2552]

if [[ $(which macosvpn) == "" ]]; then
  # by flipping the version here, on 0.1.0 it works
  sudo bash -c "curl -L https://github.com/halo/macosvpn/releases/download/0.1.1/macosvpn > /usr/local/bin/macosvpn"
  # sudo bash -c "curl -L https://github.com/halo/macosvpn/releases/download/0.1.0/macosvpn > /usr/local/bin/macosvpn"
  sudo chmod +x /usr/local/bin/macosvpn
fi

sudo macosvpn create --cisco name --endpoint my.endpoint.is.an.ip.address --username $vpn_username --password $vpn_password --groupname MYGROUPNAME --shared-secret $vpn_shared_secret

I'll hopefully be able to spend a bit of time debugging later today.

[Dan2552]

scripts λ macosvpn --version                                          
0.1.2
scripts λ sudo macosvpn create --cisco test --endpoint test.test --username test --password test --groupname test --shared-secret test --debug

  You are running in debug mode

  Uncaptured argument values: /usr/local/bin/macosvpn
  So, you wish to create one or more VPN service(s).
  Gained superhuman rights.
  Creating new Cisco IPSec Service using <[Cisco IPSec] name=test endpointPrefix=(null) endpoint=test.test endpointSuffix=(null) username=test password=test sharedSecret=test localIdentifier=test>
  Cisco IPSec Service detected...
  Instantiating interface references...
  Creating a new, fresh VPN service in memory using the interface we already created
  That service is to have a name

[halo]

Ok, so far, the same thing happens to me. But then I ran it again and I got one log message further. Then it failed again 3 times, then it worked as normal and created the VPN as intended, then it kept failing again.

I really dislike random errors :/

[halo]

For what it's worth, I do see this warning log, but I even see that when it's working. So I don't suppose it's related.

[Dan2552]

huh. Yeah, I just ran it 10 times in a row and 1 time it worked

[halo]

Maybe we need to convert it to Swift ;) I saw you're into that. I do wish I could speak it fluently.

Either way, one of the recent code changes must have introduced it. I guess I'll have to go through it step by tep. Other than that, I recently upgraded Yosemite to 10.10.5 (14F1021). You?

[Dan2552]

If I run without sudo I get a popup to authenticate from OS X, but then my shell does report the following:

fish: 'macosvpn create --cisco test --…' terminated by signal SIGSEGV (Address boundary error)

Don't know if that helps...

Is there a way to pass in arguments when running from Xcode? Some breakpoints would be helpful. I've never touched an Objective-C command-line app before :smile:

[halo]

I have another macbook on 10.10.3 or something will try it there. @arnieggertsson did you have any errors like this when you tried the new release? Which OS version are you on?

[Dan2552]

I'm running 10.11.1 (15B42)

[halo]

If I run without sudo I get a popup to authenticate from OS X

See, that is how I originally intended the whole thing to work. That's how it was in the beginning. But at some point processes got prevented from elevating themselves. So I had to start using sudo.

Is there a way to pass in arguments when running from Xcode

Ah, I haven't even thought about that. You'd have to hack around somewhere in VPNArguments. There doesn't seem to be a way to set defaults in the readme.

[steve-jansen]

Is there a way to pass in arguments when running from Xcode

Xcode > Project > Scheme > Edit

Change to debug process as root, and pass args on launch:

[steve-jansen]

@halo This seems like a possibly bad build. I'm on OS X v10.10.5 and reproduce this issue with the GitHub pre-release binary; however, I cannot reproduce it with a local build of master (either Debug or Release build).

Using the GH Release Binary:

$ cd /tmp
$ curl -SLO https://github.com/halo/macosvpn/releases/download/0.1.1/macosvpn
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   581    0   581    0     0    585      0 --:--:-- --:--:-- --:--:--   585
100  393k  100  393k    0     0  44087      0  0:00:09  0:00:09 --:--:-- 84871+x od
$ chmod +x macosvpn
$ ./macosvpn --version
0.1.0
$ md5 ./macosvpn
MD5 (./macosvpn) = 7f81a4c2283b79cd6f3b369eb505ecd7
$ /usr/bin/macosvpn -v
0.1.0
$ md5 /usr/bin/macosvpn
MD5 (/usr/bin/macosvpn) = 5604e3145d17358539a78661a2d9fa21
$ sudo ./macosvpn create --cisco test --endpoint test.test --username test --password test --groupname test --shared-secret test --debug
  You are running in debug mode

  Uncaptured argument values: /tmp/macosvpn
  So, you wish to create one or more VPN service(s).
  Gained superhuman rights.
  Creating new Cisco IPSec Service using <[Cisco IPSec] name=test endpointPrefix=(null) endpoint=test.test endpointSuffix=(null) username=test password=test sharedSecret=test localIdentifier=test>
  L2TP Service detected...
  Instantiating interface references...
$

Local build of ced57c18c22f6b18359fd6602572c11d89f9dfc9:

$ sudo /Users/me/Library/Developer/Xcode/DerivedData/macosvpn-govqhcedfhzrxhaboujguohazmpf/Build/Products/Debug/macosvpn --version
0.1.2
$ sudo /Users/me/Library/Developer/Xcode/DerivedData/macosvpn-govqhcedfhzrxhaboujguohazmpf/Build/Products/Debug/macosvpn create --cisco test --endpoint test.test --username test --password test --groupname test --shared-secret test --debug

  You are running in debug mode

  Uncaptured argument values: /Users/me/Library/Developer/Xcode/DerivedData/macosvpn-govqhcedfhzrxhaboujguohazmpf/Build/Products/Debug/macosvpn
  So, you wish to create one or more VPN service(s).
  Gained superhuman rights.
  Creating new Cisco IPSec Service using <[Cisco IPSec] name=test endpointPrefix=(null) endpoint=test.test endpointSuffix=(null) username=test password=test sharedSecret=test localIdentifier=test>
  Cisco IPSec Service detected...
  Instantiating interface references...
  Creating a new, fresh VPN service in memory using the interface we already created
  That service is to have a name
  And we also woould like to know the internal ID of this service
  It will be used to find the correct passwords in the system keychain
  Deallocating obsolete interface references...
  Reloading top Interface...
  Configuring Cisco IPSec Service
  Successfully configured Cisco IPSec interface of service test
  Adding default protocols (DNS, etc.) to service test...
  Fetching set of all available network services...
  Fetching IPv4 protocol of service test...
  Configuring IPv4 protocol of service test...
  Commiting all changes including service test...
  Preparing to add Keychain items for service test...
  Succeeded opening System Keychain
  Unlocking System Keychain
  Succeeded unlocking System Keychain
  Created empty Keychain access object
  Successfully created Keychain Item
  Succeeded opening System Keychain
  Unlocking System Keychain
  Succeeded unlocking System Keychain
  Created empty Keychain access object
  Successfully created Keychain Item
  Successfully created Cisco IPSec VPN test with ID 35089AD9-B3E8-4335-9FF5-6C92A7385026

  Finished.

$

[halo]

@steve-jansen Thank you for explaining how to run this as root and how to add arguments :) Now I have a reliable way to crash Xcode haha. Seriously, every time I run that, it gives me the beachball somewhere in the VPNController create method :) But I could still reliably reproduce the issue 9 out of 10 times with the compiled local development executable.

So, I just went through all changes recently made and I believe I solved it. Turns out, NULL is not a good group name. See this commit. I'm not sure why, but now it doesn't crash for me any more and I can create as many VPNs as I like, of all types, and with and without group name.

@Dan2552 Would you mind giving master a try? Simply create one Cisco VPN with group name and one without.

And anyone who does that, needs to do it 10 times, because the crash only occurred randomly, and at random places :)

[halo]

(Because I had the problem locally and don't have it anymore, I went ahead and released 0.1.3 from latest master.)

[Dan2552]

not having luck on my work computer running Yosemite. When I'm able to, I'll test on my home laptop again and do a bit of debugging with what Steve suggested.

[halo]

Ok, I think I found the issue. If the group is set, these Arrays need to have the size 9, otherwise 7. It works fine in each use case provided that rule is respected.

I'm not sure how to initialize a CFStringRef and set the size afterwards in a conditional. What's the syntax to conditionally define the size?

[halo]

Figured it out.

[Dan2552]

Sorry to be the messenger... Doesn't look like everything is fixed; still failed but worked after running it a few times.

[halo]

Ok, this is getting ridiculous :) I experience the same thing now with the released executable (compiled for production).

[halo]

I just created dozens of services without problems. Both L2TP and Cisco, with and without group. 😮

I now uploaded the very executable I used just one minute ago for this into the 0.1.4 release. It was not compiled using "Archive", but it's simply the product of the debug "Command + b" building process.

Would you mind trying that one?

[Dan2552]

Yes! It works every time!

[halo]

Thank you indeed. I can sleep well again ;)

[steve-jansen]

@halo didn't we see a situation previously where the official archive build didn't work as expected, but, a debug build did?

EDIT

See above ^^^ on Nov 9th

[halo]

Yes, I was just going to point to the same post :) I'll try to keep an eye on it in upcoming releases.

I'm wondering if Travis could catch this. Not sure if network services can be added there. Could be.

[halo]

Just to confirm: I'm working on integration specs which just call the macosvpn executable to test the actual functionality on Travis.

The Release configuration always crashes randomly. The Debug configuration works just fine. No, I don't know why ;)

@steve-jansen So you were absolutely right.

[halo]

I turned off "Code Optimization" for the Release configuration. Now it works just fine. Pchew!