Version: 0.2 (using KDE KDE 3.5.7) Installed from: Unspecified Linux OS: Linux Since version 0.2 of knetworkmanager shipped with openSUSE 10.3 the openvpn plugin can't handle password protected keys anymore. (in 10.2 it worked). No password dialog appears anymore, just says: failed to connect. sniplet from /var/log/messages: nm-openvpn[5252]: OpenVPN 2.0.9 i586-suse-linux [SSL] [LZO] [EPOLL] built on Sep 22 2007 nm-openvpn[5252]: ERROR: could not read Private Key username/password from management interface nm-openvpn[5252]: Exiting How to reproduce: Just use password protected keys Workaround: Removing passwords from keys Expected Behaviour: Password dialog pops up and passwords are saved in kwallet
I also have the same problem under Kubuntu (Gutsy) using KDE 3.5.8 and Knetworkmanger 0.2 Unfortunately I cannot remove the password. For now I am having to use openvpn from the command line to open the connection
Moving this to the future...
This is still a problem in kde 4.5.2.
commit 1a5933d10645e68c2fcda469c6c8809c1dd47871 branch master Author: Andy Goossens <andygoossens@telenet.be> Date: Mon Dec 20 19:30:57 2010 +0100 Support password protected keys in OpenVPN REVIEW: 6054 BUG: 150680 diff --git a/vpnplugins/openvpn/openvpnprop.ui b/vpnplugins/openvpn/openvpnprop.ui index 8218cbc..b359a9e 100644 --- a/vpnplugins/openvpn/openvpnprop.ui +++ b/vpnplugins/openvpn/openvpnprop.ui @@ -6,7 +6,7 @@ <rect> <x>0</x> <y>0</y> - <width>345</width> + <width>418</width> <height>423</height> </rect> </property> @@ -144,6 +144,23 @@ <item row="2" column="1"> <widget class="KUrlRequester" name="x509Key"/> </item> + <item row="3" column="0"> + <widget class="QLabel" name="label_7"> + <property name="text"> + <string>Key password:</string> + </property> + <property name="buddy"> + <cstring>x509KeyPassword</cstring> + </property> + </widget> + </item> + <item row="3" column="1"> + <widget class="KLineEdit" name="x509KeyPassword"> + <property name="passwordMode"> + <bool>true</bool> + </property> + </widget> + </item> </layout> </item> <item> @@ -290,7 +307,11 @@ </widget> </item> <item row="2" column="1"> - <widget class="KLineEdit" name="passPassword"/> + <widget class="KLineEdit" name="passPassword"> + <property name="passwordMode"> + <bool>true</bool> + </property> + </widget> </item> </layout> </item> @@ -313,21 +334,38 @@ <layout class="QVBoxLayout" name="verticalLayout_4"> <item> <layout class="QGridLayout" name="gridLayout_3"> - <item row="0" column="0"> - <widget class="QLabel" name="textLabel2_2"> + <item row="4" column="0"> + <widget class="QLabel" name="textLabel9_2"> <property name="text"> - <string>CA file</string> + <string>Username</string> </property> <property name="wordWrap"> <bool>false</bool> </property> <property name="buddy"> - <cstring>x509PassCaFile</cstring> + <cstring>x509PassUsername</cstring> </property> </widget> </item> - <item row="0" column="1"> - <widget class="KUrlRequester" name="x509PassCaFile"/> + <item row="4" column="1"> + <widget class="KLineEdit" name="x509PassUsername"/> + </item> + <item row="5" column="0"> + <widget class="QLabel" name="label"> + <property name="text"> + <string>Password</string> + </property> + <property name="buddy"> + <cstring>x509PassPassword</cstring> + </property> + </widget> + </item> + <item row="5" column="1"> + <widget class="KLineEdit" name="x509PassPassword"> + <property name="echoMode"> + <enum>QLineEdit::Password</enum> + </property> + </widget> </item> <item row="1" column="0"> <widget class="QLabel" name="textLabel3_2_2"> @@ -342,52 +380,55 @@ </property> </widget> </item> - <item row="1" column="1"> - <widget class="KUrlRequester" name="x509PassCert"/> - </item> - <item row="2" column="0"> - <widget class="QLabel" name="textLabel4_2"> + <item row="0" column="0"> + <widget class="QLabel" name="textLabel2_2"> <property name="text"> - <string>Key</string> + <string>CA file</string> </property> <property name="wordWrap"> <bool>false</bool> </property> <property name="buddy"> - <cstring>x509PassKey</cstring> + <cstring>x509PassCaFile</cstring> </property> </widget> </item> + <item row="0" column="1"> + <widget class="KUrlRequester" name="x509PassCaFile"/> + </item> <item row="2" column="1"> <widget class="KUrlRequester" name="x509PassKey"/> </item> - <item row="3" column="0"> - <widget class="QLabel" name="textLabel9_2"> + <item row="2" column="0"> + <widget class="QLabel" name="textLabel4_2"> <property name="text"> - <string>Username</string> + <string>Key</string> </property> <property name="wordWrap"> <bool>false</bool> </property> <property name="buddy"> - <cstring>x509PassUsername</cstring> + <cstring>x509PassKey</cstring> </property> </widget> </item> - <item row="3" column="1"> - <widget class="KLineEdit" name="x509PassUsername"/> + <item row="1" column="1"> + <widget class="KUrlRequester" name="x509PassCert"/> </item> - <item row="4" column="0"> - <widget class="QLabel" name="label"> + <item row="3" column="0"> + <widget class="QLabel" name="label_6"> <property name="text"> - <string>Password</string> + <string>Key password</string> + </property> + <property name="buddy"> + <cstring>x509PassKeyPassword</cstring> </property> </widget> </item> - <item row="4" column="1"> - <widget class="KLineEdit" name="x509PassPassword"> - <property name="echoMode"> - <enum>QLineEdit::Password</enum> + <item row="3" column="1"> + <widget class="KLineEdit" name="x509PassKeyPassword"> + <property name="passwordMode"> + <bool>true</bool> </property> </widget> </item> @@ -671,7 +712,7 @@ </layout> </widget> <layoutdefault spacing="6" margin="11"/> - <customwidgets> + <customwidgets> <customwidget> <class>KUrlRequester</class> <extends>QFrame</extends> @@ -695,6 +736,7 @@ <tabstop>x509CaFile</tabstop> <tabstop>x509Cert</tabstop> <tabstop>x509Key</tabstop> + <tabstop>x509KeyPassword</tabstop> <tabstop>sbCustomPort</tabstop> <tabstop>chkUseLZO</tabstop> <tabstop>chkUseTCP</tabstop> @@ -704,17 +746,18 @@ <tabstop>useExtraTlsAuth</tabstop> <tabstop>kurlTlsAuthKey</tabstop> <tabstop>cboDirection</tabstop> + <tabstop>x509PassCaFile</tabstop> + <tabstop>x509PassCert</tabstop> <tabstop>x509PassKey</tabstop> + <tabstop>x509PassKeyPassword</tabstop> <tabstop>x509PassUsername</tabstop> <tabstop>x509PassPassword</tabstop> <tabstop>pskSharedKey</tabstop> - <tabstop>pskRemoteIp</tabstop> <tabstop>pskLocalIp</tabstop> + <tabstop>pskRemoteIp</tabstop> <tabstop>passCaFile</tabstop> <tabstop>passUserName</tabstop> <tabstop>passPassword</tabstop> - <tabstop>x509PassCaFile</tabstop> - <tabstop>x509PassCert</tabstop> </tabstops> <resources/> <connections> diff --git a/vpnplugins/openvpn/openvpnwidget.cpp b/vpnplugins/openvpn/openvpnwidget.cpp index ce4f9cf..0e59277 100644 --- a/vpnplugins/openvpn/openvpnwidget.cpp +++ b/vpnplugins/openvpn/openvpnwidget.cpp @@ -219,9 +219,14 @@ void OpenVpnSettingWidget::writeConfig() data.insert( NM_OPENVPN_KEY_CA, d->ui.x509CaFile->url().path().toUtf8()); data.insert( NM_OPENVPN_KEY_CERT, d->ui.x509Cert->url().path().toUtf8()); data.insert( NM_OPENVPN_KEY_KEY, d->ui.x509Key->url().path().toUtf8()); - // The OpenVPN NetworkManager plugin requires that the secrets map be - // nonempty, even if there's no real password, - secretData.insert(NM_OPENVPN_KEY_NOSECRET, ""); + // key password + if (d->ui.x509KeyPassword->text().isEmpty()) { + // The OpenVPN NetworkManager plugin requires that the secrets map be + // nonempty, even if there's no real password, + secretData.insert(NM_OPENVPN_KEY_NOSECRET, ""); + } else { + secretData.insert(NM_OPENVPN_KEY_CERTPASS, d->ui.x509KeyPassword->text()); + } break; case 1: contype = NM_OPENVPN_CONTYPE_STATIC_KEY; @@ -251,6 +256,10 @@ void OpenVpnSettingWidget::writeConfig() data.insert(NM_OPENVPN_KEY_CERT, d->ui.x509PassCert->url().path().toUtf8()); // key file data.insert(NM_OPENVPN_KEY_KEY, d->ui.x509PassKey->url().path().toUtf8()); + // key password + if (!d->ui.x509PassKeyPassword->text().isEmpty()) { + secretData.insert(NM_OPENVPN_KEY_CERTPASS, d->ui.x509PassKeyPassword->text()); + } // password secretData.insert(NM_OPENVPN_KEY_PASSWORD, d->ui.x509PassPassword->text()); break; @@ -304,6 +313,8 @@ void OpenVpnSettingWidget::readSecrets() QVariantMap secrets = d->setting->vpnSecrets(); d->ui.x509PassPassword->setText(secrets.value(QLatin1String(NM_OPENVPN_KEY_PASSWORD)).toString()); d->ui.passPassword->setText(secrets.value(QLatin1String(NM_OPENVPN_KEY_PASSWORD)).toString()); + d->ui.x509PassKeyPassword->setText(secrets.value(QLatin1String(NM_OPENVPN_KEY_CERTPASS)).toString()); + d->ui.x509KeyPassword->setText(secrets.value(QLatin1String(NM_OPENVPN_KEY_CERTPASS)).toString()); } void OpenVpnSettingWidget::validate()
I built the git hash b1810b12 of git://git.kde.org/networkmanagement, which contains the commit in comment #4 and can confirm that plasma-widget-networkmanagement now successfully connects to an openvpn with a passworded key. Much thanks for this fix.
*** Bug 269162 has been marked as a duplicate of this bug. ***