456543 – Update plasma-nm to have broader openconnect functionality

Bug 456543 - Update plasma-nm to have broader openconnect functionality

Summary: Update plasma-nm to have broader openconnect functionality

Status:	RESOLVED FIXED

Alias:	None

Product:	systemsettings
Classification:	Applications
Component:	kcm_networkmanagement (other bugs)
Version First Reported In:	unspecified
Platform:	Fedora RPMs Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Jan Grulich

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-07-10 10:18 UTC by emelenas
Modified:	2025-10-20 23:17 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description emelenas 2022-07-10 10:18:26 UTC

SUMMARY
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols.
See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***
plasma-nm for openconnect vpn lacks some functionality offered by the latter. openconnect has a number of protocols that are not embedded into the plasma-nm editor.  In addition, due to the particular implementation, editing the connection generated by hand or by nm-applet results in breaking the cnfiguration.

STEPS TO REPRODUCE
1. Open the editor to set up a new connection
2. Observe there are missing protocols for openconnect
3. 

OBSERVED RESULT
Missing protocols

EXPECTED RESULT
A full set of openconnect protocols to set up the vpn connection

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: Fedora Linux 36
(available in About System)
KDE Plasma Version: 5.25.2 
KDE Frameworks Version:  5.94.0
Qt Version: 5.15.3

ADDITIONAL INFORMATION

openconnect currently supports the following protocols,
Set VPN protocol:
      --protocol=anyconnect       Compatible with Cisco AnyConnect SSL VPN, as well as ocserv (default)
      --protocol=nc               Compatible with Juniper Network Connect
      --protocol=gp               Compatible with Palo Alto Networks (PAN) GlobalProtect SSL VPN
      --protocol=pulse            Compatible with Pulse Connect Secure SSL VPN
      --protocol=f5               Compatible with F5 BIG-IP SSL VPN
      --protocol=fortinet         Compatible with FortiGate SSL VPN
      --protocol=array            Compatible with Array Networks SSL VPN

but plasma-nm openconnect vpn can only handle the first four, which are hard-coded in the editor and in OpenconnectSettingWidget::loadConfig. 


However, openconnect provides the function

int openconnect_get_supported_protocols(struct oc_vpn_proto **protos) 

which returns the number of supported protocols and stores them in *protos . NetworkManager uses this information to populate the drop-down menu in the UI so that new protocols become available as soon as they are implemented in openconnect.  

I believe it would not be too difficult to implement the same mechanism in plasma-nm to expand the range of choices the user has for openconnect vpn connections. At the very least, plasma-nm should be updated to include the missing protocols.

Comment 1 emelenas 2022-07-10 10:19:13 UTC

If pointed to the right repository, I can make an attempt to the implementation

Comment 2 TraceyC 2025-10-20 23:17:04 UTC

It's been a long time since there was activity in this bug report, and many improvements have been made in the meantime.
From the original message, the missing VPN protocols were

      --protocol=f5               Compatible with F5 BIG-IP SSL VPN
      --protocol=fortinet         Compatible with FortiGate SSL VPN
      --protocol=array            Compatible with Array Networks SSL VPN

I now see those in the new connection menu under VPN connections
System Settings - Wi-Fi & Internet - New Connection

It looks like the desired functionality was implemented. If you still see a bug in Plasma 6.4.5, please open a new bug report. Thanks!