Bug 147373

Version:            (using KDE KDE 3.5.5)
Installed from:    SuSE RPMs

I regularly connect to a Cisco VPN using a password consisting of a personal pin followed by the current token displayed on my SecurID device.  I can connect fine using Cisco's VPN client or vpnc from the command line.

I tried using KNetworkManager for this and although it worked fine the first few times, my VPN account would eventually get thrown into a "next passcode" (also referred to "next tokencode") mode.  Once in this mode, KNetworkManger would constantly give me authentication failures (while the more interactive command line clients would start endlessly prompting me to enter the next passcode on my SecurID).

This happened for a few days (with a helpful network admin resetting my account each time it got messed up).  Finally, I stopped using KNetworkManager and went back to VPNC from the command line.  I haven't had the problem again since then.

I don't know anything about the internals of KNetworkManager or NetworkManager.  The only thing that seems like a red flag is that KNetworkManager asks for my password before it tries to connect.  If the connection takes a while to establish, then that passcode may be stale by the time it gets sent.  From the Cisco documentation I've seen online, if you enter a stale passcode 3 times in a row, it puts you into "next tokencode" mode.  Maybe this is what is happening?  I know that the command line tools wait until they have a connection to ask me for a password.

In any case, I think KNetworkManager is pretty neat, and I would love to see this fixed so that I can use it for VPN connections as well as basic network switching.