380299 – [openconnect] not successful after valid credentials are provided

Bug 380299 - [openconnect] not successful after valid credentials are provided

Summary: [openconnect] not successful after valid credentials are provided

Status:	RESOLVED FIXED

Alias:	None

Product:	plasma-nm
Classification:	Plasma
Component:	general (show other bugs)
Version:	master
Platform:	Neon Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Jan Grulich

URL:
Keywords:

Duplicates (3):	380400 380938 381133 (view as bug list)
Depends on:
Blocks:

Reported:	2017-05-29 05:55 UTC by Bernhard Schmidt
Modified:	2017-06-14 05:38 UTC (History)
CC List:	7 users (show)

See Also:
Latest Commit:	https://commits.kde.org/plasma-nm/0ebb1756a5a6c2cb56032fffa6153e6283dc42b0
Version Fixed In:

Attachments
Patch to fix openconnect issue (692 bytes, patch) 2017-06-01 10:01 UTC, Jan Grulich	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Bernhard Schmidt 2017-05-29 05:55:55 UTC

I've been successfully connecting to an OpenConnect VPN using the "user" version of Neon. Yesterday I did a clean reinstallation with the "dev/stable" version and since then having issues with the VPN.

When trying to connect to a OpenConnect VPN the credentials are used but after the auth nothing more happens. It just stays there until I hit cancel. The connection (interface) is not setup. When using the wrong credentials I get an error message telling we so, so I assume that auth did happen and succeed. When using nmcli with --ask, the connection is successfully established.

Ticking "view log" on the openconnect dialog shows this:
POST https://<vpn>/
Attempting to connect to server <vpn>:443
SSL negotiation with <vpn>
Connected to HTTPS on <vpn>
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Mon, 29 May 2017 05:27:27 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML POST enabled
POST https://<vpn>/
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Mon, 29 May 2017 05:27:37 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
Got HTTP response: HTTP/1.1 200 OK
Content-Length: 2639
Content-Type: text/xml
Cache-Control: max-age=0
X-Transcend-Version: 1
HTTP body length:  (2639)
Downloaded new XML profile

journalctl:
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3038] active-connection[0x29d8820]: set device "wlp58s0" [0x295c850]
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3039] device[0x295c850] (wlp58s0): add_pending_action (1): 'activation::0x29d8820'
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3039] active-connection[0x29d8820]: constructed (NMVpnConnection, version-id 5)
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3040] auth: call[4087]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=18492, uid=1000, start=6647646]
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3062] auth: call[4087]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3071] active-connection[0x29d8820]: set state activating (was unknown)
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3072] active-connection[0x29d8820]: check-master-ready: not signalling (state activating, no master)
May 29 07:34:43 jasmine NetworkManager[25846]: <info>  [1496036083.3121] vpn-connection[0x29d8820,8e80b036-6696-49e0-8c47-fa23a00278d6,"VPN",0]: Started the VPN service, PID 19597
May 29 07:34:43 jasmine NetworkManager[25846]: <info>  [1496036083.3335] vpn-connection[0x29d8820,8e80b036-6696-49e0-8c47-fa23a00278d6,"VPN",0]: Saw the service appear; activating connection
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3337] vpn-connection[0x29d8820,8e80b036-6696-49e0-8c47-fa23a00278d6,"VPN",0]: requesting VPN secrets pass #1
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3386] vpn-connection[0x29d8820,8e80b036-6696-49e0-8c47-fa23a00278d6,"VPN",0]: asking service if additional secrets are required
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3425] vpn-connection[0x29d8820,8e80b036-6696-49e0-8c47-fa23a00278d6,"VPN",0]: service indicated additional secrets required
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3426] vpn-connection[0x29d8820,8e80b036-6696-49e0-8c47-fa23a00278d6,"VPN",0]: requesting VPN secrets pass #2
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3442] auth: call[4088]: CheckAuthorization(org.freedesktop.NetworkManager.settings.modify.own), subject=unix-process[pid=8327, uid=1000, start=423409]
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3469] auth: call[4088]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3526] vpn-connection[0x29d8820,8e80b036-6696-49e0-8c47-fa23a00278d6,"VPN",0]: asking service if additional secrets are required
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3568] vpn-connection[0x29d8820,8e80b036-6696-49e0-8c47-fa23a00278d6,"VPN",0]: service indicated additional secrets required
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3568] vpn-connection[0x29d8820,8e80b036-6696-49e0-8c47-fa23a00278d6,"VPN",0]: requesting VPN secrets pass #3
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3593] auth: call[4089]: CheckAuthorization(org.freedesktop.NetworkManager.settings.modify.own), subject=unix-process[pid=8327, uid=1000, start=423409]
May 29 07:34:43 jasmine NetworkManager[25846]: <debug> [1496036083.3610] auth: call[4089]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:34:44 jasmine NetworkManager[25846]: <debug> [1496036084.4792] auth: call[4090]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=18492, uid=1000, start=6647646]
May 29 07:34:44 jasmine NetworkManager[25846]: <debug> [1496036084.4850] auth: call[4090]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:34:44 jasmine NetworkManager[25846]: <debug> [1496036084.4857] device[0x295c850] (wlp58s0): add_pending_action (2): 'scan'
May 29 07:34:46 jasmine NetworkManager[25846]: <debug> [1496036086.2362] device[0x295c850] (wlp58s0): remove_pending_action (1): 'scan'
May 29 07:34:59 jasmine NetworkManager[25846]: <debug> [1496036099.4767] auth: call[4091]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=18492, uid=1000, start=6647646]
May 29 07:34:59 jasmine NetworkManager[25846]: <debug> [1496036099.4822] auth: call[4091]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:34:59 jasmine NetworkManager[25846]: <debug> [1496036099.4828] device[0x295c850] (wlp58s0): add_pending_action (2): 'scan'
May 29 07:34:59 jasmine NetworkManager[25846]: <debug> [1496036099.8801] rdisc-lndp[0x7f0bb4003380,"wlp58s0"]: processing libndp events
May 29 07:35:01 jasmine NetworkManager[25846]: <debug> [1496036101.5527] device[0x295c850] (wlp58s0): remove_pending_action (1): 'scan'
May 29 07:35:14 jasmine NetworkManager[25846]: <debug> [1496036114.4764] auth: call[4092]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=18492, uid=1000, start=6647646]
May 29 07:35:14 jasmine NetworkManager[25846]: <debug> [1496036114.4821] auth: call[4092]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:35:14 jasmine NetworkManager[25846]: <debug> [1496036114.4827] device[0x295c850] (wlp58s0): add_pending_action (2): 'scan'
May 29 07:35:16 jasmine NetworkManager[25846]: <debug> [1496036116.2999] device[0x295c850] (wlp58s0): remove_pending_action (1): 'scan'
May 29 07:35:29 jasmine NetworkManager[25846]: <debug> [1496036129.4776] auth: call[4093]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=18492, uid=1000, start=6647646]
May 29 07:35:29 jasmine NetworkManager[25846]: <debug> [1496036129.4841] auth: call[4093]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:35:29 jasmine NetworkManager[25846]: <debug> [1496036129.4848] device[0x295c850] (wlp58s0): add_pending_action (2): 'scan'
May 29 07:35:31 jasmine NetworkManager[25846]: <debug> [1496036131.3540] device[0x295c850] (wlp58s0): remove_pending_action (1): 'scan'
May 29 07:35:44 jasmine NetworkManager[25846]: <debug> [1496036144.4756] auth: call[4094]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=18492, uid=1000, start=6647646]
May 29 07:35:44 jasmine NetworkManager[25846]: <debug> [1496036144.4804] auth: call[4094]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:35:44 jasmine NetworkManager[25846]: <debug> [1496036144.4810] device[0x295c850] (wlp58s0): add_pending_action (2): 'scan'
May 29 07:35:48 jasmine NetworkManager[25846]: <debug> [1496036148.2093] device[0x295c850] (wlp58s0): remove_pending_action (1): 'scan'
May 29 07:35:59 jasmine NetworkManager[25846]: <debug> [1496036159.4782] auth: call[4095]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=18492, uid=1000, start=6647646]
May 29 07:35:59 jasmine NetworkManager[25846]: <debug> [1496036159.4846] auth: call[4095]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:35:59 jasmine NetworkManager[25846]: <debug> [1496036159.4852] device[0x295c850] (wlp58s0): add_pending_action (2): 'scan'
May 29 07:36:01 jasmine NetworkManager[25846]: <debug> [1496036161.1575] device[0x295c850] (wlp58s0): remove_pending_action (1): 'scan'
May 29 07:36:14 jasmine NetworkManager[25846]: <debug> [1496036174.4763] auth: call[4096]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=18492, uid=1000, start=6647646]
May 29 07:36:14 jasmine NetworkManager[25846]: <debug> [1496036174.4836] auth: call[4096]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:36:14 jasmine NetworkManager[25846]: <debug> [1496036174.4842] device[0x295c850] (wlp58s0): add_pending_action (2): 'scan'
May 29 07:36:16 jasmine NetworkManager[25846]: <debug> [1496036176.2041] device[0x295c850] (wlp58s0): remove_pending_action (1): 'scan'
May 29 07:36:29 jasmine NetworkManager[25846]: <debug> [1496036189.4743] auth: call[4097]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=18492, uid=1000, start=6647646]
May 29 07:36:29 jasmine NetworkManager[25846]: <debug> [1496036189.4774] auth: call[4097]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
May 29 07:36:29 jasmine NetworkManager[25846]: <debug> [1496036189.4778] device[0x295c850] (wlp58s0): add_pending_action (2): 'scan'
May 29 07:36:31 jasmine NetworkManager[25846]: <debug> [1496036191.1111] device[0x295c850] (wlp58s0): remove_pending_action (1): 'scan'

versions:
libkf5networkmanagerqt6                         5.34.0+p16.04+git20170514.2208-0
libnm0:amd64                                    1.2.6-0ubuntu0.16.04.1          libopenconnect5:amd64                           7.06-2build2                    network-manager                                 1.2.6-0ubuntu0.16.04.1          network-manager-openconnect                     1.2.0-0ubuntu0.16.04.1          network-manager-pptp                            1.1.93-1ubuntu1                 openconnect                                     7.06-2build2                    plasma-nm                                       4:5.10.0+p16.04+git20170526.1746-0         
vpnc-scripts                                    0.1~git20160829-1

Comment 1 Dirk Sarpe 2017-05-31 07:46:00 UTC

I experience the same bug but am running KDE neon User Edition 5.10 (16.04). I noticed the problem this morning after I ran the upgrade to 5.10 yesterday. The following error I see from journalctl -f -u NetworkManager.service:

Failed to request VPN secrets #3: No agents were available for this request.

Via nmcli I get a working VPN connection as well. This is probably restricted to openconnect as another vpn connection with vpnc works.

Comment 2 Jan Grulich 2017-05-31 12:27:00 UTC

I unfortunately don't have access to any openconnect vpn to be able to test it. I did check all changes in plasma-nm which made it to Plasma 5.10, but I don't think any of them could break openconnect plugin, but everything is possible. Is anyone willing to give me access to your openconnect server, i.e. with limited access or with a testing user, I wouldn't really take advantage of this, but without out that I'm afraid I won't be able to do something about this.

Alternatively you can try to build plasma-nm from Plasma/5.9 branch so we identify whether this is a bug introduced in Plasma 5.10. You will notice you are using older versions because the dialogs asking for secrets are different.

Comment 3 Jan Grulich 2017-06-01 07:18:15 UTC

*** Bug 380400 has been marked as a duplicate of this bug. ***

Comment 4 Bernhard Schmidt 2017-06-01 07:39:44 UTC

Sorry, can't provide any access. I'm not in control of the server side and I'd like to not give out creds of my account. :S

I did some bisecting on the plasma/5.10 branch. Commit e5574b4 seems to have broken it, f5c9a67 is working fine.

openconnect seems to do the auth but somehow the creds and/or the xmlconfig stuff isn't given back to plasma-nm? Not sure how all this is supposed to work, pointers on how to debug from here are welcome. :)

Comment 5 Jan Grulich 2017-06-01 10:01:49 UTC

Created attachment 105816 [details]
Patch to fix openconnect issue

I have identified a potential problem caused be the above mentioned commit. Can anyone verify whether this patch fixes this issue?

Comment 6 Bernhard Schmidt 2017-06-01 10:24:40 UTC

(In reply to Jan Grulich from comment #5)
> Created attachment 105816 [details]
> Patch to fix openconnect issue
> 
> I have identified a potential problem caused be the above mentioned commit.
> Can anyone verify whether this patch fixes this issue?

yes, it does fix it. Connection up and running :)

Thanks!

Comment 7 Jan Grulich 2017-06-01 10:33:19 UTC

Git commit ebfbe93510d7e5a10992a482efe38bc934dd19c5 by Jan Grulich.
Committed on 01/06/2017 at 10:33.
Pushed by grulich into branch 'master'.

Openconnect: make sure we accept the dialog

M  +7    -1    vpn/openconnect/openconnectauth.cpp

https://commits.kde.org/plasma-nm/ebfbe93510d7e5a10992a482efe38bc934dd19c5

Comment 8 Jan Grulich 2017-06-01 10:33:48 UTC

Git commit 0ebb1756a5a6c2cb56032fffa6153e6283dc42b0 by Jan Grulich.
Committed on 01/06/2017 at 10:33.
Pushed by grulich into branch 'Plasma/5.10'.

Openconnect: make sure we accept the dialog

M  +7    -1    vpn/openconnect/openconnectauth.cpp

https://commits.kde.org/plasma-nm/0ebb1756a5a6c2cb56032fffa6153e6283dc42b0

Comment 9 Piotr Keplicz 2017-06-08 09:43:39 UTC

Thanks, 5.10.1 works great!

Comment 10 Thiago Macieira 2017-06-13 01:26:30 UTC

*** Bug 381133 has been marked as a duplicate of this bug. ***

Comment 11 Jan Grulich 2017-06-14 05:37:57 UTC

*** Bug 381158 has been marked as a duplicate of this bug. ***

Comment 12 Jan Grulich 2017-06-14 05:38:31 UTC

*** Bug 380938 has been marked as a duplicate of this bug. ***