Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#847313: network-manager-openconnect: nmcli connect doesn't work with --ask but works with nm-applet running
234 views
Skip to first unread message
Matti Koskimies
Dec 7, 2016, 4:00:02 AM12/7/16
to
Package: network-manager-openconnect
Version: 1.2.2-1
Severity: normal
Dear Maintainer,
I have a OpenConnect VPN connection and I like to use nmcli to connect to it.
But I can't do that unless nm-applet is running. When I use the --ask option I
get a connection to the authentication, but it fails every time. After I start
nm-applet I get a GUI asking for credentials, and the connection is
established.
$ nmcli connection up HaVaVPN
A password is required to connect to 'HaVaVPN'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and
nmcli cannot ask without '--ask' option.
Error: Connection activation failed: no valid VPN secrets.
$ nmcli --ask connection up HaVaVPN
POST https://*hostname removed*/restricted
Connected to *IP removed*:443
SSL negotiation with *hostname removed*
Connected to HTTPS on *hostname removed*
XML POST enabled
Please enter your username and password.
Username:*username removed*
Password:
POST https://*hostname removed*/
Error: Connection activation failed: unknown reason.
$ nm-applet &
[1] 12907
$ nmcli connection up HaVaVPN
A password is required to connect to 'HaVaVPN'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and
nmcli cannot ask without '--ask' option.
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
VPN connection successfully activated (D-Bus active path:
/org/freedesktop/NetworkManager/ActiveConnection/7)
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages network-manager-openconnect depends on:
ii adduser 3.115
ii libc6 2.24-8
ii libglib2.0-0 2.50.2-2
ii libnm0 1.4.2-3
ii network-manager 1.4.2-3
ii openconnect 7.07-1
network-manager-openconnect recommends no packages.
network-manager-openconnect suggests no packages.
-- no debconf information
Version: 1.2.2-1
Severity: normal
Dear Maintainer,
I have a OpenConnect VPN connection and I like to use nmcli to connect to it.
But I can't do that unless nm-applet is running. When I use the --ask option I
get a connection to the authentication, but it fails every time. After I start
nm-applet I get a GUI asking for credentials, and the connection is
established.
$ nmcli connection up HaVaVPN
A password is required to connect to 'HaVaVPN'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and
nmcli cannot ask without '--ask' option.
Error: Connection activation failed: no valid VPN secrets.
$ nmcli --ask connection up HaVaVPN
POST https://*hostname removed*/restricted
Connected to *IP removed*:443
SSL negotiation with *hostname removed*
Connected to HTTPS on *hostname removed*
XML POST enabled
Please enter your username and password.
Username:*username removed*
Password:
POST https://*hostname removed*/
Error: Connection activation failed: unknown reason.
$ nm-applet &
[1] 12907
$ nmcli connection up HaVaVPN
A password is required to connect to 'HaVaVPN'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and
nmcli cannot ask without '--ask' option.
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
VPN connection successfully activated (D-Bus active path:
/org/freedesktop/NetworkManager/ActiveConnection/7)
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages network-manager-openconnect depends on:
ii adduser 3.115
ii libc6 2.24-8
ii libglib2.0-0 2.50.2-2
ii libnm0 1.4.2-3
ii network-manager 1.4.2-3
ii openconnect 7.07-1
network-manager-openconnect recommends no packages.
network-manager-openconnect suggests no packages.
-- no debconf information
Mike Miller
Dec 7, 2016, 10:50:02 PM12/7/16
to
On Wed, Dec 07, 2016 at 10:54:10 +0200, Matti Koskimies wrote:
> I have a OpenConnect VPN connection and I like to use nmcli to connect to it.
> But I can't do that unless nm-applet is running. When I use the --ask option I
> get a connection to the authentication, but it fails every time. After I start
> nm-applet I get a GUI asking for credentials, and the connection is
> established.
I can't reproduce this, but that doesn't mean it's not a bug in some
> I have a OpenConnect VPN connection and I like to use nmcli to connect to it.
> But I can't do that unless nm-applet is running. When I use the --ask option I
> get a connection to the authentication, but it fails every time. After I start
> nm-applet I get a GUI asking for credentials, and the connection is
> established.
component. I would suspect this is network-manager itself rather than
the nm-openconnect component. Can you test with another VPN type?
> $ nmcli --ask connection up HaVaVPN
> POST https://*hostname removed*/restricted
> Connected to *IP removed*:443
> SSL negotiation with *hostname removed*
> Connected to HTTPS on *hostname removed*
> XML POST enabled
> Please enter your username and password.
> Username:*username removed*
> Password:
> POST https://*hostname removed*/
> Error: Connection activation failed: unknown reason.
simple user + password login?
Does connecting with openconnect directly work?
Here's what I see in a completely headless environment:
$ nmcli --ask con up test
POST https://example.com/
Connected to [...]:443
SSL negotiation with example.com
Server certificate verify failed: signer not found
Certificate from VPN server "example.com" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on example.com
XML POST enabled
Please enter your username.
Username:user
POST https://example.com/auth
Please enter your password.
Password:
POST https://example.com/auth
VPN connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/33)
--
mike
0 new messages