Bug 204596

Summary: Cisco VPN using Always Ask secrets
Product: [Unmaintained] Network Management Reporter: Tamás Németh <nt1277>
Component: VPNCAssignee: Will Stephenson <wstephenson>
Status: RESOLVED DUPLICATE    
Severity: normal CC: florian.reinhard, lamarque, luigi.toscano
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Tamás Németh 2009-08-21 01:03:19 UTC
Version:            (using KDE 4.3.0)
OS:                Linux
Installed from:    SuSE RPMs

I've created group PSK + username/password authenticated a Cisco VPN connection in kvpnc (running as root) which worked well, but later I wanted to try KDE 4.3.0's knetworkmanager, which seems to be cool (even mobile 3G works), but it's vpnc plugin failed to work. When I click on the connection simply nothing happens, neither on the 3G mobile network nor on a wireless network.
Comment 1 Will Stephenson 2009-08-30 12:00:23 UTC
Please provide the info requested in comment #16 at bug #188489

*** This bug has been marked as a duplicate of bug 188489 ***
Comment 2 Tamás Németh 2009-10-07 11:46:27 UTC
Dear Will!

Sorry for changing back the bug status, but - despite I'm not a programmer - I think that this bug is not about whether knetworkmanager is able to store and/or ask for PSK and XAUTH secrets.

I've tried to connect to the same VPN account both by Gnome and knetworkmanager with the same connection data. I instructed but NetworkManager clients to save the secrets. Gnome's nm-applet was successful while knetworkmanager was not. I've extracted the dbus data of but applications. See the difference:

############################################################


Gnome's nm-applet:

[Argument: a{sa{sv}}
{
   "vpn" = [Argument: a{sv}
   {
      "service-type" = [Variant(QString): "org.freedesktop.NetworkManager.vpnc"],
      "data" = [Variant: [Argument: a{ss}
      {
         "IPSec ID" = "KDE",
         "IPSec gateway" = "nyme-asa.nyme.hu",
         "NAT Traversal Mode" = "natt",
         "Xauth username" = "kde"
      }]],
      "user-name" = [Variant(QString): "tamas"],
      "secrets" = [Variant: [Argument: a{ss} {}]]
   }],
   "ipv4" = [Argument: a{sv}
   {
      "routes" = [Variant: [Argument: aau {}]],
      "addresses" = [Variant: [Argument: aau {}]],
      "method" = [Variant(QString): "auto"],
      "dns" = [Variant: [Argument: au {}]]
   }],
   "connection" = [Argument: a{sv}
   {
      "id" = [Variant(QString): "KDE"],
      "timestamp" = [Variant(qulonglong): 1254870943],
      "uuid" = [Variant(QString): "c254cf2d-269c-445a-bbce-91b788e06fb4"],
      "type" = [Variant(QString): "vpn"]
   }]
}]

############################################################

KDE4.3.1's knetworkmanager:

[Argument: a{sa{sv}}
{
   "connection" = [Argument: a{sv}
   {
      "autoconnect" = [Variant(bool): false],
      "id" = [Variant(QString): "KDE"],
      "type" = [Variant(QString): "vpn"],
      "uuid" = [Variant(QString): "9aa1a541-69c8-4d6a-8d72-05fe0e97c976"]
   }],
   "vpn" = [Argument: a{sv}
   {
      "data" = [Variant: [Argument: a{ss}
      {
         "IPSec ID" = "KDE",
         "IPSec gateway" = "nyme-asa.nyme.hu",
         "NAT Traversal Mode" = "natt",
         "Xauth username" = "kde",
         "ipsec-secret-type" = "save",
         "xauth-password-type" = "save"
      }]],
      "secrets" = [Variant: [Argument: a{ss} {}]],
      "service-type" = [Variant(QString): "org.freedesktop.NetworkManager.vpnc"],
      "user-name" = [Variant(QString): "kde"]
   }]
}]

Note the knetworkmanager misses the ipv4 section again (like in https://bugs.kde.org/show_bug.cgi?id=209676), but more importantly the data generated by knetworkmanager contains "ipsec-secret-type" and "xauth-password-type" properties in the vpn/data section which is not present in nm-applets data. NetworkManager doesn't seem to be able to process these fields at least "ipsec-secret-type" as seen in /var/log/NetworkManager:

Oct  7 01:37:38 milleniumfalcon NetworkManager: <WARN>  nm_vpn_connection_connect_cb(): VPN connection 'KDE' failed to connect: 'property 'ipsec-secret-type' invalid or not supported'. 

Is it some inner data structure of knetwormanager which accidentally made it wy out via the dbus interface? Or am I using too old NetworkManager (0.7.0.r4359 of
openSUSE 11.1). BTW my knetworkmanager version is currently 0.9.svn1028043. https://bugs.kde.org/show_bug.cgi?id=188489#c15 seems to describe something very similar.



I've created a test VPN account for KDE developers (as I did before in order to help openSUSE developers), and I am willing to send an appropriate vpnc.conf to make you able to use my test account if you need.
Comment 3 Florian Reinhard 2009-10-07 14:52:45 UTC
nm-applet asks for vpn secrets, knetworkmanager doesn't.
here's what qdebusfornm reports for both setups:

##knetworkmanager
qdbusfornm --system org.freedesktop.NetworkManagerUserSettings /org/freedesktop/NetworkManagerSettings/1 org.freedesktop.NetworkManagerSettings.Connection.GetSettings
a{sa{sv}}(==connection==
autoconnect: false
id: My VPN
type: vpn
uuid: 0f464bb0-e6ee-4710-835f-771f3ee91dce
==vpn==
data: a{ss}(IPSec ID: **sec**
IPSec gateway: ***.de
Xauth username: **username**
ipsec-secret-type: ask
xauth-password-type: ask
)
secrets: a{ss}()
service-type: org.freedesktop.NetworkManager.vpnc
user-name: freinhard
)


##nm-applet
qdbusfornm --system org.freedesktop.NetworkManagerUserSettings /org/freedesktop/NetworkManagerSettings/2 org.freedesktop.NetworkManagerSettings.Connection.GetSettings
a{sa{sv}}(==connection==
autoconnect: false
id: My VPN
timestamp: 1254919583
type: vpn
uuid: c8dcb0b7-40ba-4570-9dc5-c338893fc1b1
==ipv4==
addresses: aau()
dns: au()
method: auto
routes: aau()
==vpn==
data: a{ss}(IPSec ID: **sec**
IPSec gateway: ***.de
NAT Traversal Mode: cisco-udp
Xauth username: **username**
ipsec-secret-type: ask
xauth-password-type: ask
)
secrets: a{ss}()
service-type: org.freedesktop.NetworkManager.vpnc
user-name: freinhard
)
Comment 4 Will Stephenson 2009-11-17 19:10:15 UTC
https://bugs.kde.org/show_bug.cgi?id=188489 was reopened to deal with Always Ask but I'll move the action here as the base VPNC support works now.

Tamas:  I would be very grateful for your test VPN details to test with.
Comment 5 Tamás Németh 2010-02-16 13:55:53 UTC
Dear Will! Have you succeeded with processing this bug. After installing KDE 4.4.0 onto openSUSE 11.2, I had to realize that instead of doing nothing, knetworkmanager now crashes upon a VPN connection attempt.

BTW, can you use the test account provided by me?
Comment 6 Will Stephenson 2010-02-17 00:31:06 UTC
Tamas: not yet, I'm overloaded.  But I will be hacking on KNM next week at Tokamak4.
Comment 7 Tamás Németh 2010-02-17 07:00:38 UTC
(In reply to comment #6)
> Tamas: not yet, I'm overloaded.  But I will be hacking on KNM next week at
> Tokamak4.

Sorry, until yesterday I didn't know that you are a Novell/SuSE employee, and that you may be the only developer of knetworkmanager and the main responsible person for KDE at Novell. So, you have my sympathy and I don't urge you. Too bad I can't code C/C++.
Comment 8 Tamás Németh 2010-05-17 15:52:49 UTC
Ineterstingly it started to work on openSUSE 11.2, both with KDE 4.3.5 and 4.4.3.
Comment 9 Lamarque V. Souza 2011-03-14 19:44:51 UTC
Can I close this bug since someone reported it is working?
Comment 10 Tamás Németh 2011-03-16 20:27:41 UTC
(In reply to comment #9)
> Can I close this bug since someone reported it is working?

My original intention was to report that VPNC doesn't work at all in KDE. It works now, however, Will Stephenson renamed the report at 2009-11-17 suggesting the problem is that KDE VPN client doesn't work when instructed to ask for passwords instead of storing them. This function (the password request dialog) still doesn't work for me in plain openSUSE 11.4.
Comment 11 Lamarque V. Souza 2011-03-16 20:34:03 UTC
(In reply to comment #10)
> (In reply to comment #9)
> > Can I close this bug since someone reported it is working?
> 
> My original intention was to report that VPNC doesn't work at all in KDE. It
> works now, however, Will Stephenson renamed the report at 2009-11-17 suggesting
> the problem is that KDE VPN client doesn't work when instructed to ask for
> passwords instead of storing them. This function (the password request dialog)
> still doesn't work for me in plain openSUSE 11.4.

In the past two days I commited some changes from Andrey Borzenkov that should solve that problem. Can you git pull those changes and test them? I do not have VPN here to do that.
Comment 12 Tamás Németh 2011-03-18 16:16:19 UTC
Sorry, I don't know how to git pull, but I created a VPN test account for KDE 
developers:

vpn type: vpnc (cisco/free)
gateway: nyme-asa.nyme.hu
group name: KDE
PSK:  szurkemarha
username: kde
password: szurkemarha

You can do only three things with the provided  vpn test account: using two 
dns servers (193.225.93.1 and 193.225.93.200) and a https server 
(www.nyme.hu).

Please never ever tell this anyone. Also, please inform me when I can 
close this account.

Sincerely,

Tamás


2011. március 16. 20:34:03 dátummal Lamarque V. Souza az alábbiakat írta:
> https://bugs.kde.org/show_bug.cgi?id=204596
> 
> 
> 
> 
> 
> --- Comment #11 from Lamarque V. Souza <lamarque gmail com>  2011-03-16
> 20:34:03 --- (In reply to comment #10)
> 
> > (In reply to comment #9)
> > 
> > > Can I close this bug since someone reported it is working?
> > 
> > My original intention was to report that VPNC doesn't work at all in KDE.
> > It works now, however, Will Stephenson renamed the report at 2009-11-17
> > suggesting the problem is that KDE VPN client doesn't work when
> > instructed to ask for passwords instead of storing them. This function
> > (the password request dialog) still doesn't work for me in plain
> > openSUSE 11.4.
> 
> In the past two days I commited some changes from Andrey Borzenkov that
> should solve that problem. Can you git pull those changes and test them? I
> do not have VPN here to do that.
Comment 13 Tamás Németh 2011-03-18 16:23:57 UTC
(In reply to comment #11)

What a lame I am!!!! Anyway, I changed the passwords ;) See my personal mail.
Comment 14 Lamarque V. Souza 2011-03-18 22:01:57 UTC
The patch that fixed http://bugs.kde.org/262555 also fixes this bug, so marking this one as duplicate.

*** This bug has been marked as a duplicate of bug 262555 ***