Auto-activation fails if secondary connection is already active
When a VPN is configured as a secondary connection for an interface, that interface will be unable to auto-activate if that VPN is already connected.
My work email server is behind a VPN, so I have configured both my wired and wireless interfaces to have my work VPN as a secondary connection. (This is suggested by the documentation for nm-settions: Note that autoconnect is not implemented for VPN profiles. See "secondaries" as an alternative to automatically connect VPN profiles.) With this configuration, I noticed that plugging in the Ethernet cable when WiFi was connected would fail, and that attempting to enable WiFi when Ethernet was already connected would as well.
This can also happen when the VPN has been manually connected on one connection and then attempting to bring up a second connection which has that same VPN as a secondary.
Here is a sample of the logs when plugging in the Ethernet cable while WiFi and the VPN are already connected:
Apr 03 09:54:03 NetworkManager[1090]: <info> [1554299643.6031] dhcp4 (enp0s31f6): state changed unknown -> bound
Apr 03 09:54:03 NetworkManager[1090]: <info> [1554299643.6088] device (enp0s31f6): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Apr 03 09:54:03 NetworkManager[1090]: <info> [1554299643.6115] device (enp0s31f6): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Apr 03 09:54:03 NetworkManager[1090]: <warn> [1554299643.6118] policy: secondary connection 'Work VPN (da74c3ee-d8a2-4c92-83f5-b7fdf4072c0a)' auto-activation failed: (6) Connection 'Work VPN' is already active
Apr 03 09:54:03 NetworkManager[1090]: <info> [1554299643.6124] device (enp0s31f6): state change: secondaries -> failed (reason 'secondary-connection-failed', sys-iface-state: 'managed')
Apr 03 09:54:03 NetworkManager[1090]: <warn> [1554299643.6136] device (enp0s31f6): Activation: failed for connection 'Profile 1'
Apr 03 09:54:03 NetworkManager[1090]: <info> [1554299643.6147] device (enp0s31f6): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Apr 03 09:54:03 dhclient[17567]: bound to 192.168.1.123 -- renewal in 35841 seconds.
The DHCP connection completes, but the "failure" of the VPN connection stops the auto-connection. In my case, already being connected isn't a failure, so I would prefer that the connection stay up.
Are there any use cases where the VPN already being up is a failure?
Here's the full log of plugging in the cable and watching NetworkManager thrash about the secondary connection: SecondaryFailed.txt