Summary: | Cisco VPN using Always Ask secrets | ||
---|---|---|---|
Product: | [Unmaintained] Network Management | Reporter: | Tamás Németh <nt1277> |
Component: | VPNC | Assignee: | Will Stephenson <wstephenson> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | florian.reinhard, lamarque, luigi.toscano |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | openSUSE | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: |
Description
Tamás Németh
2009-08-21 01:03:19 UTC
Please provide the info requested in comment #16 at bug #188489 *** This bug has been marked as a duplicate of bug 188489 *** Dear Will! Sorry for changing back the bug status, but - despite I'm not a programmer - I think that this bug is not about whether knetworkmanager is able to store and/or ask for PSK and XAUTH secrets. I've tried to connect to the same VPN account both by Gnome and knetworkmanager with the same connection data. I instructed but NetworkManager clients to save the secrets. Gnome's nm-applet was successful while knetworkmanager was not. I've extracted the dbus data of but applications. See the difference: ############################################################ Gnome's nm-applet: [Argument: a{sa{sv}} { "vpn" = [Argument: a{sv} { "service-type" = [Variant(QString): "org.freedesktop.NetworkManager.vpnc"], "data" = [Variant: [Argument: a{ss} { "IPSec ID" = "KDE", "IPSec gateway" = "nyme-asa.nyme.hu", "NAT Traversal Mode" = "natt", "Xauth username" = "kde" }]], "user-name" = [Variant(QString): "tamas"], "secrets" = [Variant: [Argument: a{ss} {}]] }], "ipv4" = [Argument: a{sv} { "routes" = [Variant: [Argument: aau {}]], "addresses" = [Variant: [Argument: aau {}]], "method" = [Variant(QString): "auto"], "dns" = [Variant: [Argument: au {}]] }], "connection" = [Argument: a{sv} { "id" = [Variant(QString): "KDE"], "timestamp" = [Variant(qulonglong): 1254870943], "uuid" = [Variant(QString): "c254cf2d-269c-445a-bbce-91b788e06fb4"], "type" = [Variant(QString): "vpn"] }] }] ############################################################ KDE4.3.1's knetworkmanager: [Argument: a{sa{sv}} { "connection" = [Argument: a{sv} { "autoconnect" = [Variant(bool): false], "id" = [Variant(QString): "KDE"], "type" = [Variant(QString): "vpn"], "uuid" = [Variant(QString): "9aa1a541-69c8-4d6a-8d72-05fe0e97c976"] }], "vpn" = [Argument: a{sv} { "data" = [Variant: [Argument: a{ss} { "IPSec ID" = "KDE", "IPSec gateway" = "nyme-asa.nyme.hu", "NAT Traversal Mode" = "natt", "Xauth username" = "kde", "ipsec-secret-type" = "save", "xauth-password-type" = "save" }]], "secrets" = [Variant: [Argument: a{ss} {}]], "service-type" = [Variant(QString): "org.freedesktop.NetworkManager.vpnc"], "user-name" = [Variant(QString): "kde"] }] }] Note the knetworkmanager misses the ipv4 section again (like in https://bugs.kde.org/show_bug.cgi?id=209676), but more importantly the data generated by knetworkmanager contains "ipsec-secret-type" and "xauth-password-type" properties in the vpn/data section which is not present in nm-applets data. NetworkManager doesn't seem to be able to process these fields at least "ipsec-secret-type" as seen in /var/log/NetworkManager: Oct 7 01:37:38 milleniumfalcon NetworkManager: <WARN> nm_vpn_connection_connect_cb(): VPN connection 'KDE' failed to connect: 'property 'ipsec-secret-type' invalid or not supported'. Is it some inner data structure of knetwormanager which accidentally made it wy out via the dbus interface? Or am I using too old NetworkManager (0.7.0.r4359 of openSUSE 11.1). BTW my knetworkmanager version is currently 0.9.svn1028043. https://bugs.kde.org/show_bug.cgi?id=188489#c15 seems to describe something very similar. I've created a test VPN account for KDE developers (as I did before in order to help openSUSE developers), and I am willing to send an appropriate vpnc.conf to make you able to use my test account if you need. nm-applet asks for vpn secrets, knetworkmanager doesn't. here's what qdebusfornm reports for both setups: ##knetworkmanager qdbusfornm --system org.freedesktop.NetworkManagerUserSettings /org/freedesktop/NetworkManagerSettings/1 org.freedesktop.NetworkManagerSettings.Connection.GetSettings a{sa{sv}}(==connection== autoconnect: false id: My VPN type: vpn uuid: 0f464bb0-e6ee-4710-835f-771f3ee91dce ==vpn== data: a{ss}(IPSec ID: **sec** IPSec gateway: ***.de Xauth username: **username** ipsec-secret-type: ask xauth-password-type: ask ) secrets: a{ss}() service-type: org.freedesktop.NetworkManager.vpnc user-name: freinhard ) ##nm-applet qdbusfornm --system org.freedesktop.NetworkManagerUserSettings /org/freedesktop/NetworkManagerSettings/2 org.freedesktop.NetworkManagerSettings.Connection.GetSettings a{sa{sv}}(==connection== autoconnect: false id: My VPN timestamp: 1254919583 type: vpn uuid: c8dcb0b7-40ba-4570-9dc5-c338893fc1b1 ==ipv4== addresses: aau() dns: au() method: auto routes: aau() ==vpn== data: a{ss}(IPSec ID: **sec** IPSec gateway: ***.de NAT Traversal Mode: cisco-udp Xauth username: **username** ipsec-secret-type: ask xauth-password-type: ask ) secrets: a{ss}() service-type: org.freedesktop.NetworkManager.vpnc user-name: freinhard ) https://bugs.kde.org/show_bug.cgi?id=188489 was reopened to deal with Always Ask but I'll move the action here as the base VPNC support works now. Tamas: I would be very grateful for your test VPN details to test with. Dear Will! Have you succeeded with processing this bug. After installing KDE 4.4.0 onto openSUSE 11.2, I had to realize that instead of doing nothing, knetworkmanager now crashes upon a VPN connection attempt. BTW, can you use the test account provided by me? Tamas: not yet, I'm overloaded. But I will be hacking on KNM next week at Tokamak4. (In reply to comment #6) > Tamas: not yet, I'm overloaded. But I will be hacking on KNM next week at > Tokamak4. Sorry, until yesterday I didn't know that you are a Novell/SuSE employee, and that you may be the only developer of knetworkmanager and the main responsible person for KDE at Novell. So, you have my sympathy and I don't urge you. Too bad I can't code C/C++. Ineterstingly it started to work on openSUSE 11.2, both with KDE 4.3.5 and 4.4.3. Can I close this bug since someone reported it is working? (In reply to comment #9) > Can I close this bug since someone reported it is working? My original intention was to report that VPNC doesn't work at all in KDE. It works now, however, Will Stephenson renamed the report at 2009-11-17 suggesting the problem is that KDE VPN client doesn't work when instructed to ask for passwords instead of storing them. This function (the password request dialog) still doesn't work for me in plain openSUSE 11.4. (In reply to comment #10) > (In reply to comment #9) > > Can I close this bug since someone reported it is working? > > My original intention was to report that VPNC doesn't work at all in KDE. It > works now, however, Will Stephenson renamed the report at 2009-11-17 suggesting > the problem is that KDE VPN client doesn't work when instructed to ask for > passwords instead of storing them. This function (the password request dialog) > still doesn't work for me in plain openSUSE 11.4. In the past two days I commited some changes from Andrey Borzenkov that should solve that problem. Can you git pull those changes and test them? I do not have VPN here to do that. Sorry, I don't know how to git pull, but I created a VPN test account for KDE
developers:
vpn type: vpnc (cisco/free)
gateway: nyme-asa.nyme.hu
group name: KDE
PSK: szurkemarha
username: kde
password: szurkemarha
You can do only three things with the provided vpn test account: using two
dns servers (193.225.93.1 and 193.225.93.200) and a https server
(www.nyme.hu).
Please never ever tell this anyone. Also, please inform me when I can
close this account.
Sincerely,
Tamás
2011. március 16. 20:34:03 dátummal Lamarque V. Souza az alábbiakat írta:
> https://bugs.kde.org/show_bug.cgi?id=204596
>
>
>
>
>
> --- Comment #11 from Lamarque V. Souza <lamarque gmail com> 2011-03-16
> 20:34:03 --- (In reply to comment #10)
>
> > (In reply to comment #9)
> >
> > > Can I close this bug since someone reported it is working?
> >
> > My original intention was to report that VPNC doesn't work at all in KDE.
> > It works now, however, Will Stephenson renamed the report at 2009-11-17
> > suggesting the problem is that KDE VPN client doesn't work when
> > instructed to ask for passwords instead of storing them. This function
> > (the password request dialog) still doesn't work for me in plain
> > openSUSE 11.4.
>
> In the past two days I commited some changes from Andrey Borzenkov that
> should solve that problem. Can you git pull those changes and test them? I
> do not have VPN here to do that.
(In reply to comment #11) What a lame I am!!!! Anyway, I changed the passwords ;) See my personal mail. The patch that fixed http://bugs.kde.org/262555 also fixes this bug, so marking this one as duplicate. *** This bug has been marked as a duplicate of bug 262555 *** |