Arch Linux

nesk

Member

Registered: 2011-03-31

Posts: 181

[solved] OpenConnect not working with NetworkManager (dbus error)

openconnect works fine when run plainly like this:

$ openconnect --cafile /path/cert.pem --user remote_user server.com
POST https://server.com/
Connected to 1.1.1.1:443
SSL negotiation with server.com
Connected to HTTPS on server.com
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://server.com/
Connected to 1.1.1.1:443
SSL negotiation with server.com
Connected to HTTPS on server.com
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://server.com/+webvpn+/index.html
SSL negotiation with server.com
Connected to HTTPS on server.com
SSL certificate authentication failed
Please enter your username and password.
GROUP: [USER_ACCESS]:USER_ACCESS
Please enter your username and password.
Password:
POST https://server.com/+webvpn+/index.html
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as 10.10.10.10, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1).

I created VPN connection with the same setting in NM, starting it with "nmcli connection up VPN" and getting this in journal:

Sep 03 19:28:57 arch NetworkManager[327]: <info>  [1504456137.9612] audit: op="connection-activate" uuid="2915d78d-a694-47c2-ae16-838ab444a64b" name="VPN" pid=12044 uid=1000 result="success"
Sep 03 19:28:57 arch NetworkManager[327]: <info>  [1504456137.9650] vpn-connection[0x55c5392386d0,2915d78d-a694-47c2-ae16-838ab444a64b,"VPN",0]: Started the VPN service, PID 12050
Sep 03 19:28:57 arch lxqt-panel[685]:     * Error image is NULL
Sep 03 19:28:57 arch NetworkManager[327]: <info>  [1504456137.9755] vpn-connection[0x55c5392386d0,2915d78d-a694-47c2-ae16-838ab444a64b,"VPN",0]: Saw the service appear; activating connection
Sep 03 19:28:57 arch lxqt-panel[685]:     * Error image is NULL
Sep 03 19:28:58 arch gnome-keyring-daemon[645]: asked to register item /org/freedesktop/secrets/collection/login/19, but it's already registered
Sep 03 19:28:58 arch NetworkManager[327]: <info>  [1504456138.9340] keyfile: update /etc/NetworkManager/system-connections/VPN (2915d78d-a694-47c2-ae16-838ab444a64b,"VPN")
Sep 03 19:28:58 arch NetworkManager[327]: <info>  [1504456138.9351] keyfile: update /etc/NetworkManager/system-connections/VPN (2915d78d-a694-47c2-ae16-838ab444a64b,"VPN") after persisting connection
Sep 03 19:28:58 arch NetworkManager[327]: <info>  [1504456138.9421] vpn-connection[0x55c5392386d0,2915d78d-a694-47c2-ae16-838ab444a64b,"VPN",0]: VPN connection: (ConnectInteractive) reply received
Sep 03 19:28:58 arch lxqt-panel[685]:     * Error image is NULL
Sep 03 19:28:58 arch NetworkManager[327]: <info>  [1504456138.9449] vpn-connection[0x55c5392386d0,2915d78d-a694-47c2-ae16-838ab444a64b,"VPN",0]: VPN plugin: state changed: starting (3)
Sep 03 19:28:58 arch openconnect[12062]: Connected to 1.1.1.1:443
Sep 03 19:28:58 arch openconnect[12062]: SSL negotiation with 1.1.1.1
Sep 03 19:28:59 arch openconnect[12062]: Server certificate verify failed: signer not found
Sep 03 19:28:59 arch openconnect[12062]: Connected to HTTPS on 1.1.1.1
Sep 03 19:28:59 arch openconnect[12062]: Got CONNECT response: HTTP/1.1 200 OK
Sep 03 19:28:59 arch openconnect[12062]: CSTP connected. DPD 30, Keepalive 20
Sep 03 19:28:59 arch openconnect[12062]: Connected as 10.10.10.10, using SSL
Sep 03 19:28:59 arch openconnect[12062]: Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1).
Sep 03 19:29:00 arch dbus[299]: [system] Rejected send message, 1 matched rules; type="method_call", sender=":1.952" (uid=615 pid=12067 comm="/usr/lib/NetworkManager/nm-openconnect-service-ope") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="SetConfig" error name="(unset)" requested_reply="0" destination=":1.949" (uid=0 pid=12050 comm="/usr/lib/NetworkManager/nm-openconnect-service --b")
Sep 03 19:29:59 arch NetworkManager[327]: <warn>  [1504456199.4594] vpn-connection[0x55c5392386d0,2915d78d-a694-47c2-ae16-838ab444a64b,"VPN",0]: VPN connection: connect timeout exceeded.
Sep 03 19:29:59 arch unknown[12050]: Connect timer expired, disconnecting.
Sep 03 19:29:59 arch NetworkManager[327]: <info>  [1504456199.4660] vpn-connection[0x55c5392386d0,2915d78d-a694-47c2-ae16-838ab444a64b,"VPN",0]: VPN service disappeared

It seems dbus cuts NM with this "Rejected send message" error. Couldn't find anything about that on the web.
Any suggestions?

Last edited by nesk (2017-10-20 09:04:45)

nesk

Member

Registered: 2011-03-31

Posts: 181

Re: [solved] OpenConnect not working with NetworkManager (dbus error)

Created new connection from nm-applet on NM 1.8.4, now it is working.

Last edited by nesk (2017-10-20 09:05:20)