You are not logged in.

#1 2010-01-09 07:24:06

MercuryShadow
Member
From: Chciago 'burbs
Registered: 2010-01-04
Posts: 29

OpenConnect VPN fails with "there were no valid VPN secrets" error

I've been trying to connect to a cisco vpn using the openconnect plugin for networkmanager, but it keeps failing before I even get a chance to authenticate. I get an error saying that there weren't any valid VPN secrets, along with a dialog saying "There was a problem launching the authentication dialog for VPN connection type 'org.freedesktop.NetworkManager.openconnect'. Contact your system administrator.'"

/var/log/messages.log shows the following warning:

NetworkManager: <WARN>  get_secrets_cb(): Couldn't get connection secrets: vpn-password-dialog.c.262 (nma_vpn_request_password): couldn't run VPN auth dialog..

I did some googling and found that this is apparently a permissions issue with dbus. The dbus config for the openconnect plugin has a policy user called "nm-openconnect", which doesn't exist on my system. There is also warning about this user not existing whenever dbus is restarted. I tried just creating the user, but this didn't get rid of the error. So, now I'm stuck. Has anyone else seen this before, or could anyone help assist me in further troubleshooting this? I'm personally not very familiar with dbus.

Offline

#2 2010-01-09 07:29:45

MercuryShadow
Member
From: Chciago 'burbs
Registered: 2010-01-04
Posts: 29

Re: OpenConnect VPN fails with "there were no valid VPN secrets" error

Here is the dbus policy (/etc/dbus-1/system.d/nm-openconnect-service.conf) :

<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
        <policy user="root">
                <allow own="org.freedesktop.NetworkManager.openconnect"/>
                <allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
        </policy>
        <policy user="nm-openconnect">
                <allow own="org.freedesktop.NetworkManager.openconnect"/>
                <allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
        </policy>
        <policy context="default">
                <deny own="org.freedesktop.NetworkManager.openconnect"/>
                <deny send_destination="org.freedesktop.NetworkManager.openconnect"/>
        </policy>
</busconfig>

Offline

#3 2010-01-10 01:38:40

MercuryShadow
Member
From: Chciago 'burbs
Registered: 2010-01-04
Posts: 29

Re: OpenConnect VPN fails with "there were no valid VPN secrets" error

I took a look at how Fedora's RPM for the openconnect plugin for NetworkManager does things, since it had worked for me before in Fedora. The dbus policy is identical, and the nm-openconnect user and group are added using the following commands:

groupadd -r nm-openconnect
useradd  -r -s /sbin/nologin -d / -M -c 'NetworkManager user for OpenConnect' -g nm-openconnect nm-openconnect



I ran these to add the user and group, then restarted, but this did not make any difference. I still got the same error in the messages.log.

Last edited by MercuryShadow (2010-01-10 01:40:38)

Offline

#4 2010-01-12 03:14:27

MercuryShadow
Member
From: Chciago 'burbs
Registered: 2010-01-04
Posts: 29

Re: OpenConnect VPN fails with "there were no valid VPN secrets" error

After troubleshooting this with the package maintainer, I opened an upstream bug. The developer helped us figure out that the auth dialog binary was in the wrong location. Until an updated package can be made, running the following as root will fix the problem:

ln -s /usr/lib/openconnect/nm-openconnect-auth-dialog /usr/lib/networkmanager/

Offline

Board footer

Powered by FluxBB