You are not logged in.

#1 2023-09-12 21:47:33

zakrush
Member
Registered: 2023-03-20
Posts: 28

NetworkManager applet don't asked username and password openconnect

Hello.
I spend many time for searching some problems with my VPN connection throught NetworkManager openconnect plugin.
I should up VPN by Cisco Any connect. Auth by certificate and username and password.

I have config:
i3wm + networkmanager 1.44.0-1 +networkmanager-openconnect 1.2.10-1  + gnome-keyring (if it needs)


When I push on vnp connection I don't get window for input PEM_pass_phrase, username and password. I got this errors
journalctl -xe

sep 13 00:22:53 redmi NetworkManager[1262]: <info>  [1694553773.1557] vpn[0x56265b4dcb70,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
sep 13 00:22:53 redmi NetworkManager[1262]: <info>  [1694553773.1558] audit: op="connection-activate" uuid="7b628aa8-674f-43af-a700-96182110a927" name="testVPN" pid=1705 uid=1000 result="success"
sep 13 00:22:53 redmi NetworkManager[1262]: <warn>  [1694553773.1736] vpn[0x56265b4dcb70,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.

When I connect manually by command
nmcli connection up testVPN --ask
I got VPN connection.


My config is

sudo cat /etc/NetworkManager/system-connections/testVPN.nmconnection

[connection]
id=testVPN
uuid=7b628aa8-674f-43af-a700-96182110a927
type=vpn
autoconnect=false

[vpn]
authtype=cert
autoconnect-flags=0
cacert=/home/dm/certificates/root.pem
certsigs-flags=0
cookie-flags=2
disable_udp=no
enable_csd_trojan=no
gateway=vpn.doman.com
gateway-flags=2
gwcert-flags=2
lasthost-flags=0
pem_passphrase_fsid=no
prevent_invalid_cert=no
protocol=anyconnect
resolve-flags=2
stoken_source=disabled
usercert=/home/dm/certificates/client_ssl.pem
xmlconfig-flags=0
service-type=org.freedesktop.NetworkManager.openconnect

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

[proxy]

I was trying to write password and user in vpn-secrets sections, but it didn't help me. Also I can't found some information about parameters this configs like password-flags and how save username.

All my variants got one error:

A password is required to connect to 'testVPN'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets

Offline

#2 2023-09-13 04:47:29

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,448

Re: NetworkManager applet don't asked username and password openconnect

https://wiki.archlinux.org/title/Networ … #nm-applet
Otherwise

loginctl session-status
echo $DBUS_SESSION_BUS_ADDRESS

and in doubt the last link below.

Offline

#3 2023-09-13 05:31:57

zakrush
Member
Registered: 2023-03-20
Posts: 28

Re: NetworkManager applet don't asked username and password openconnect

[en]loginctl session-status[/en]

loginctl session-status
2 - dm (1000)
           Since: Wed 2023-09-13 08:17:49 MSK; 4min 23s ago
          Leader: 1663 (sddm-helper)
            Seat: seat0; vc2
             TTY: tty2
         Service: sddm; type x11; class user
           State: active
            Idle: no
            Unit: session-2.scope
                  ├─1663 /usr/lib/sddm/sddm-helper --socket /tmp/sddm-auth-2a2115bd-4f3f-4326-8e8f-2fbec75dcde6 --id 1 --start i3-with-shmlog --user dm
                  ├─1684 i3-with-shmlog
                  ├─1697 nm-applet
                  ├─1711 xclip
                  ├─1720 /usr/bin/python /usr/bin/autotiling
                  ├─1724 polybar bottom
                  ├─1912 compton -b
                  ├─2685 /opt/yandex/browser/yandex_browser
                  ├─2690 cat
                  ├─2691 cat
                  ├─2693 /opt/yandex/browser/chrome_crashpad_handler --monitor-self --monitor-self-annotation=ptype=crashpad-handler "--database=/home/dm/.config/yandex-browser/Crash Reports" --metrics-dir=/home>
                  ├─3260 "/opt/yandex/browser/yandex_browser --type=renderer --user-id=92005d01-d35e-4c27-a700-3fa919e9912a --brand-id=yandex --crashpad-handler-pid=2693 --enable-crash-reporter=27903d28-8b55-4ee>
                  ├─3441 alacritty
                  ├─3829 /bin/zsh
                  ├─4242 loginctl session-status
                  └─4243 less
sep 13 08:17:49 redmi systemd[1]: Started Session 2 of User dm.
echo $DBUS_SESSION_BUS_ADDRESS
unix:path=/run/user/1000/bus

As I understand it, gnome keyring is not running. I was searching different ways to run it but can't to make it with i3wm + sddm. It should to run.

Maybe It can be useful

 sudo systemctl status gnome-keyring-daemon
Unit gnome-keyring-daemon.service could not be found.
systemctl --user show-environment
HOME=/home/dm
LANG=ru_RU.UTF-8
LC_MESSAGES=en_US.UTF-8
LOGNAME=dm
MAIL=/var/spool/mail/dm
PATH=/usr/local/bin:/usr/bin:/var/lib/snapd/snap/bin
SHELL=/bin/zsh
USER=dm
XDG_RUNTIME_DIR=/run/user/1000
XDG_DATA_DIRS=/usr/local/share/:/usr/share/:/var/lib/snapd/desktop
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
DISPLAY=:0
XAUTHORITY=/tmp/xauth_vfZUYU

The logn password is the same as keyring password

Last edited by zakrush (2023-09-13 05:53:03)

Offline

#4 2023-09-13 09:57:35

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,448

Re: NetworkManager applet don't asked username and password openconnect

nm-applet should maybe still ask, gkr or not - afaiu it doesn't do that for you?

https://bbs.archlinux.org/viewtopic.php?id=278836
https://bbs.archlinux.org/viewtopic.php?id=285845 # suggests to explicitly disable GKR in the OpenVPN settings
https://bbs.archlinux.org/viewtopic.php?id=286378 # user actually cancelled, ultimate cause was a bad cipher algo.

Edit: your session is fine, it's not a dbus issue.

Last edited by seth (2023-09-13 09:57:57)

Offline

#5 2023-09-15 06:37:38

zakrush
Member
Registered: 2023-03-20
Posts: 28

Re: NetworkManager applet don't asked username and password openconnect

seth wrote:

nm-applet should maybe still ask, gkr or not - afaiu it doesn't do that for you?

https://bbs.archlinux.org/viewtopic.php?id=278836
https://bbs.archlinux.org/viewtopic.php?id=285845 # suggests to explicitly disable GKR in the OpenVPN settings
https://bbs.archlinux.org/viewtopic.php?id=286378 # user actually cancelled, ultimate cause was a bad cipher algo.

Edit: your session is fine, it's not a dbus issue.

Yes it doesn't asked mee.

I read and try this toppics. Nothing help me.

First I installed webkit2gtk-4.1.2

pacman -Q | grep webkit2gtk
webkit2gtk-4.1 2.40.5-2

It didn't help me.

Then I downgrade networkmanager-openconnect to 1.2.8-2

pacman -Q | grep openconnect
networkmanager-openconnect 1.2.8-2
openconnect 1:8.10-1

It is also didn't help.
I have the same error:

secrets: failed to request VPN secrets #3: User canceled the secrets request.

Offline

#6 2023-09-15 07:11:12

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,448

Re: NetworkManager applet don't asked username and password openconnect

Can you try the behavior on openbox?
Just in case that nm-applet doesn't play ball w/ tiling WMs (and needs to be set to floating mode)?

Offline

#7 2023-09-18 06:56:58

zakrush
Member
Registered: 2023-03-20
Posts: 28

Re: NetworkManager applet don't asked username and password openconnect

seth wrote:

Can you try the behavior on openbox?
Just in case that nm-applet doesn't play ball w/ tiling WMs (and needs to be set to floating mode)?

hmm... I'm thinking it will be some problem try with openbox.

So about floating mode. I don't have problem with ask and save WiFi password in float window.

Offline

#8 2023-09-18 16:31:43

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,448

Re: NetworkManager applet don't asked username and password openconnect

Run

nmcli connection up testVPN

see whether you get asked for credentials and if not, post the system journal

Offline

#9 2023-09-21 08:47:08

zakrush
Member
Registered: 2023-03-20
Posts: 28

Re: NetworkManager applet don't asked username and password openconnect

seth wrote:

Run

nmcli connection up testVPN

see whether you get asked for credentials and if not, post the system journal

nmcli connection up testVPN
A password is required to connect to 'testVPN'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
Hint: use 'journalctl -xe NM_CONNECTION=7b628aa8-674f-43af-a700-96182110a927 + NM_DEVICE=enp0s13f0u1u4u4' to get more details.

journalctl -xe NM_CONNECTION=7b628aa8-674f-43af-a700-96182110a927 + NM_DEVICE=enp0s13f0u1u4u4

сен 21 11:36:32 redmi NetworkManager[1267]: <info>  [1695285392.9934] vpn[0x557c127d8f30,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
сен 21 11:36:33 redmi NetworkManager[1267]: <warn>  [1695285393.0244] vpn[0x557c127d8f30,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.
сен 21 11:39:39 redmi NetworkManager[1267]: <info>  [1695285579.7697] vpn[0x557c1286c300,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
сен 21 11:39:39 redmi NetworkManager[1267]: <warn>  [1695285579.8015] vpn[0x557c1286c300,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.

journalctl -f

сен 21 11:45:29 redmi NetworkManager[1267]: <info>  [1695285929.2456] agent-manager: agent[a29a193b028741c1,:1.349/nmcli-connect/1000]: agent registered
сен 21 11:45:29 redmi NetworkManager[1267]: <info>  [1695285929.2476] vpn[0x557c12932270,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
сен 21 11:45:29 redmi NetworkManager[1267]: <info>  [1695285929.2478] audit: op="connection-activate" uuid="7b628aa8-674f-43af-a700-96182110a927" name="testVPN" pid=108245 uid=1000 result="success"
сен 21 11:45:29 redmi NetworkManager[1267]: <warn>  [1695285929.2784] vpn[0x557c12932270,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.

Offline

#10 2023-09-21 15:55:14

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,448

Re: NetworkManager applet don't asked username and password openconnect

Ok, contrary to the wiki, try "nmcli --ask connection up testVPN"

Offline

#11 2023-09-23 15:17:27

DKEBeck
Member
Registered: 2022-08-15
Posts: 18

Re: NetworkManager applet don't asked username and password openconnect

I am experiencing this same issue - XFCE here.  After the networkmanager-openconnect upgrade to 1.2.10-1 at the end of May, trying to connect to an anyconnect VPN immediately fails - no username/password entry screen appears.

Via GUI:

The VPN connection ConnectionName failed because there were no valid VPN secrets.

Via CLI:

$ nmcli con up id ConnectionName
A password is required to connect to 'ConnectionName'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
Hint: use 'journalctl -xe NM_CONNECTION= + NM_DEVICE=eno1' to get more details.

journalctl shows the same for me as the OP.

This has been reported as an issue, but no action on it so far:
https://gitlab.gnome.org/GNOME/NetworkM … issues/101

For me, "nmcli con up id VPNNAME --ask" works fine, prompting me for my user/pass.  Also, downgrading to networkmanager-openconnect to 1.2.8-2 works for me as well - connecting via GUI again asks for user/pass.  I've created new VPN connections, verified keyrings, etc., but nothing has worked for me.  For now I have added networkmanager-openconnect to my IgnorePkg list in pacman.conf (the only entry in that list) to keep it at the working version, but that's not ideal obviously.

Offline

#12 2023-09-26 09:03:22

zakrush
Member
Registered: 2023-03-20
Posts: 28

Re: NetworkManager applet don't asked username and password openconnect

seth wrote:

Ok, contrary to the wiki, try "nmcli --ask connection up testVPN"


At the topic start I write that nmcli -ask connection  up testVPN is working for me.

The journalctl logs on this case is:

sep 26 11:50:42 redmi wpa_supplicant[1290]: wlp44s0: Reject scan trigger since one is already pending
sep 26 11:50:54 redmi NetworkManager[1267]: <info>  [1695718254.7823] agent-manager: agent[75cde0835c31e578,:1.535/nmcli-connect/1000]: agent registered
sep 26 11:50:54 redmi NetworkManager[1267]: <info>  [1695718254.7839] vpn[0x557c1293f910,5703e559-e5af-451e-843b-4f03c7a1d03f,"TestVPN"]: starting openconnect
sep 26 11:50:54 redmi NetworkManager[1267]: <info>  [1695718254.7840] audit: op="connection-activate" uuid="5703e559-e5af-451e-843b-4f03c7a1d03f" name="TestVPN" pid=215518 uid=1000 result="success"
sep 26 11:50:57 redmi kernel: CIFS: VFS: \\corp.example.com has not responded in 180 seconds. Reconnecting...
sep 26 11:50:58 redmi key.dns_resolver[215538]: t2ru-dcs-02.corp.example.com: No address associated with name
sep 26 11:51:04 redmi key.dns_resolver[215543]: T2RU-DCS-03.corp.example.com: No address associated with name
sep 26 11:51:10 redmi key.dns_resolver[215548]: T2RM-DCS-01.corp.example.com: No address associated with name
sep 26 11:51:18 redmi key.dns_resolver[215554]: T2RU-DCS-01.corp.example.com: No address associated with name
sep 26 11:51:19 redmi key.dns_resolver[215553]: t2rm-fpsclr-01: No address associated with name
sep 26 11:51:20 redmi openconnect[215558]: Connected to 194.176.96.4:443
sep 26 11:51:20 redmi openconnect[215558]: SSL negotiation with 194.176.96.4
sep 26 11:51:21 redmi openconnect[215558]: Server certificate verify failed: signer not found
sep 26 11:51:21 redmi openconnect[215558]: Connected to HTTPS on 194.176.96.4 with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
sep 26 11:51:21 redmi openconnect[215558]: Got CONNECT response: HTTP/1.1 200 OK
sep 26 11:51:21 redmi openconnect[215558]: CSTP connected. DPD 30, Keepalive 20
sep 26 11:51:21 redmi openconnect[215558]: Connected as 10.12.143.146, using SSL, with DTLS in progress
sep 26 11:51:21 redmi openconnect[215558]: Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-CUSTOM)-(AES-256-CBC)-(SHA1).
sep 26 11:51:21 redmi openconnect[215558]: SIOCSIFMTU: Operation not permitted
sep 26 11:51:21 redmi dbus-daemon[1227]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.5' (uid=0 pid=1267 comm="/usr/bin/NetworkManager --no-daemon")
sep 26 11:51:21 redmi NetworkManager[1267]: <info>  [1695718281.9431] device (vpn0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info>  [1695718281.9439] device (vpn0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info>  [1695718281.9442] device (vpn0): Activation: starting connection 'vpn0' (9b23da77-d2a0-4f31-b818-ecceb5c89f71)
sep 26 11:51:21 redmi NetworkManager[1267]: <info>  [1695718281.9450] device (vpn0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info>  [1695718281.9451] device (vpn0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info>  [1695718281.9452] device (vpn0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info>  [1695718281.9453] device (vpn0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi systemd[1]: Starting Network Manager Script Dispatcher Service...
░░ Subject: A start job for unit NetworkManager-dispatcher.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit NetworkManager-dispatcher.service has begun execution.
░░
░░ The job identifier is 14394.
sep 26 11:51:21 redmi dbus-daemon[1227]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
sep 26 11:51:21 redmi systemd[1]: Started Network Manager Script Dispatcher Service.
░░ Subject: A start job for unit NetworkManager-dispatcher.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit NetworkManager-dispatcher.service has finished successfully.
░░
░░ The job identifier is 14394.
sep 26 11:51:21 redmi systemd-resolved[1129]: vpn0: Bus client set search domain list to: office.bercut.ru, corp.skylink.ru, ts.example.com, nix.example.com, net.example.com, corp.example.com, example.com
sep 26 11:51:21 redmi systemd-resolved[1129]: vpn0: Bus client set DNS server list to: 10.77.252.105, 10.77.252.107
sep 26 11:51:21 redmi NetworkManager[1267]: <info>  [1695718281.9624] device (vpn0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info>  [1695718281.9625] device (vpn0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info>  [1695718281.9628] device (vpn0): Activation: successful, device activated.
DKEBeck wrote:

For me, "nmcli con up id VPNNAME --ask" works fine, prompting me for my user/pass.  Also, downgrading to networkmanager-openconnect to 1.2.8-2 works for me as well - connecting via GUI again asks for user/pass.  I've created new VPN connections, verified keyrings, etc., but nothing has worked for me.  For now I have added networkmanager-openconnect to my IgnorePkg list in pacman.conf (the only entry in that list) to keep it at the working version, but that's not ideal obviously.

Upper I tried downgrade, but it didn't solve the problem.
My networkmanager-openconnect is 1.2.8-2 now

pacman -Q | grep openconnect
networkmanager-openconnect 1.2.8-2

Offline

#13 2023-09-26 11:55:58

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,448

Re: NetworkManager applet don't asked username and password openconnect

Ok, so this is basically about NM likely having changed the backend to make "--ask" behave as would be expected but broke [random GUI frontend] on that track, file a bug against the applet to adapt the new API or NM to not willy-nilly break API.
https://gitlab.gnome.org/GNOME/network- … /-/issues/

Offline

Board footer

Powered by FluxBB