Bug 380938

Summary: [OpenConnect] Connection timed out when using "AC certificate file"
Product: [Plasma] plasmashell Reporter: Christian González <chgonzalezg>
Component: Networking in generalAssignee: Jan Grulich <jgrulich>
Status: RESOLVED DUPLICATE    
Severity: normal CC: jgrulich, vissers.j
Priority: NOR    
Version: master   
Target Milestone: 1.0   
Platform: Neon   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Christian González 2017-06-07 14:50:02 UTC
As of version 7.08, OpenConnect has removed the "--no-cert-check" option [1]. So now I need to provide a certificate file (in the "AC certificate file" field) to connect to my OpenConnect server.

When I use plasma-nm applet, connection timed out. If I start nm-applet in parallel and try to connect from there (using the same configuration), connection is established. I can even connect from plasma-nm if nm-applet is active in parallel, but if I close nm-applet an try to connect from plasma-nm, connection timed out.


[1] http://www.infradead.org/openconnect/changelog.html
Comment 1 Jan Grulich 2017-06-07 15:01:52 UTC
Is there anything relevant in NetworkManager log?
Comment 2 Christian González 2017-06-07 15:30:31 UTC
Relevant content on /var/log/syslog:

Jun  7 11:24:13 christian-Inspiron-3459 NetworkManager[1274]: <info>  [1496849053.9321] audit: op="connection-activate" uuid="0e63d056-8067-40cd-8dd4-5238084849cc" name="XXXXX" pid=19424 uid=1000 result="success"
Jun  7 11:24:13 christian-Inspiron-3459 NetworkManager[1274]: <info>  [1496849053.9442] vpn-connection[0x19f17d0,0e63d056-8067-40cd-8dd4-5238084849cc,"XXXXX",0]: Started the VPN service, PID 5960
Jun  7 11:24:13 christian-Inspiron-3459 NetworkManager[1274]: <info>  [1496849053.9927] vpn-connection[0x19f17d0,0e63d056-8067-40cd-8dd4-5238084849cc,"XXXXX",0]: Saw the service appear; activating connection
Jun  7 11:24:14 christian-Inspiron-3459 NetworkManager[1274]: <info>  [1496849054.0305] keyfile: update /etc/NetworkManager/system-connections/SEREMI Salud Bío Bío (0e63d056-8067-40cd-8dd4-5238084849cc,"SEREMI Salud Bío Bío")
(... 2 minutes after...))
Jun  7 11:26:14 christian-Inspiron-3459 NetworkManager[1274]: <error> [1496849174.0434] vpn-connection[0x19f17d0,0e63d056-8067-40cd-8dd4-5238084849cc,"XXXXX",0]: Failed to request VPN secrets #3: No agents were available for this request.


This is in the connection window:

POST https://a.b.c.d/
Intentando conectar al servidor a.b.c.d:443
Negociación SSL con «a.b.c.d»
Conectó a HTTPS en a.b.c.d
Se obtuvo la respuesta HTTP: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Wed, 07 Jun 2017 15:24:14 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
Cuerpo HTTP chunked (-2)
POST XML activado
POST https://a.b.c.d/
Se obtuvo la respuesta HTTP: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Wed, 07 Jun 2017 15:24:14 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
Cuerpo HTTP chunked (-2)
POST XML activado
POST https://a.b.c.d/
Se obtuvo la respuesta HTTP: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Wed, 07 Jun 2017 15:24:16 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
Cuerpo HTTP chunked (-2)


Is there another log that I can send to you?

(I've made a video recording but it shows some sensitive data. Perhaps I could send it to you personal email if needed.)
Comment 3 Jan Grulich 2017-06-12 07:42:03 UTC
Do you get openconnect dialog once you attempt to activate your connection?
Comment 4 Christian González 2017-06-12 12:44:21 UTC
Yes, it's the second part of the logs I've posted.
Comment 5 Jan Grulich 2017-06-14 05:38:31 UTC

*** This bug has been marked as a duplicate of bug 380299 ***
Comment 6 Ben Cooksley 2024-12-23 18:23:47 UTC
Bulk transfer as requested in T17796