View previous topic :: View next topic |
Author |
Message |
muddle n00b
Joined: 01 May 2007 Posts: 28
|
Posted: Sat Mar 05, 2016 1:44 am Post subject: [solved] plasma-nm openconnect (kde5) |
|
|
Hi all,
I cannot connect to my VPN using plasma-nm.
If I try to connect to the VPN, plasma-nm opens a dialog and asks for username and password. After pressing the login button I get the notification: "Necessary secrets for the VPN connection were not provided.".
The connection works if I use openconnect from the command line (as root).
I'm using:
kde-frameworks-5.19
kde-plasma-5.5.5
Code: |
[I] kde-plasma/plasma-nm
Available versions: (5) (~)5.4.3 (~)5.5.4 (~)5.5.5 [M]~5.5.95^m[1] **5.6.49.9999[1] **9999[1]
{debug modemmanager openconnect teamd}
Installed versions: 5.5.5(5)(08:06:43 PM 03/04/2016)(openconnect -debug -modemmanager -teamd)
Homepage: https://www.kde.org/
Description: KDE Plasma applet for NetworkManager
[1] "kde" /var/lib/layman/kde
[I] net-misc/networkmanager-openconnect
Available versions: 1.0.2 1.0.8-r1 {gtk}
Installed versions: 1.0.8-r1(04:25:58 PM 02/27/2016)(gtk)
Homepage: https://wiki.gnome.org/Projects/NetworkManager
Description: NetworkManager OpenConnect plugin
[I] net-misc/openconnect
Available versions: 4.08(0/2) ~6.00(0/3) ~7.02(0/5) ~7.06(0/5) 7.06-r1(0/5) ~7.06-r2(0/5) **9999(0/5) {doc +-gnutls gssapi java libproxy libressl nls smartcard static-libs ELIBC="FreeBSD" LINGUAS="ar as ast bg bg_BG bn bn_IN bs ca ca@valencia cs da de el en_GB en_US eo es es_CR es_MX et eu fa fi fr gd gl gu he hi hi_IN hu id it ja km kn ko ku lo lt lv ml mr ms nb nl nn no or pa pl pt pt_BR pt_PT ro ru sk sl sq sr sr@latin sv ta te tg th tl tr ug uk ur_PK vi vi_VN wa zh_CN zh_HK zh_TW"}
Installed versions: 7.06-r1(04:18:24 PM 11/07/2015)(gnutls nls -doc -gssapi -java -libproxy -smartcard -static-libs ELIBC="-FreeBSD" LINGUAS="-ar -cs -de -el -en_GB -en_US -es -eu -fi -fr -gl -id -lt -nl -pa -pl -pt -pt_BR -sk -sl -tg -ug -uk -zh_CN -zh_TW")
Homepage: http://www.infradead.org/openconnect.html
Description: Free client for Cisco AnyConnect SSL VPN software
[I] kde-frameworks/networkmanager-qt
Available versions: (5) (~)5.17.0(5/5.17) (~)5.18.0(5/5.18) (~)5.19.0(5/5.19) **9999(5/9999)[1]
{debug doc teamd test}
Installed versions: 5.19.0(5)(09:52:59 PM 02/19/2016)(-debug -doc -teamd -test)
Homepage: https://www.kde.org/
Description: NetworkManager bindings for Qt
[I] net-misc/networkmanager
Available versions: ~0.9.8.4[2] 1.0.6-r1 ~1.0.10 1.0.10-r1 {avahi bluetooth connection-sharing (+)consolekit (+)dhclient (+)dhcpcd gnutls +introspection (+)modemmanager ncurses +nss +ppp resolvconf selinux systemd teamd test vala +wext +wifi zeroconf ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_S390="32 64" ABI_X86="32 64 x32" KERNEL="linux"}
Installed versions: 1.0.10-r1(04:25:06 PM 02/27/2016)(bluetooth consolekit dhclient introspection ncurses nss wext wifi -connection-sharing -dhcpcd -gnutls -modemmanager -ppp -resolvconf -selinux -systemd -teamd -test -vala -zeroconf ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="32 64 -x32" KERNEL="linux")
Homepage: https://wiki.gnome.org/Projects/NetworkManager
Description: A set of co-operative tools that make networking simple and straightforward
|
Code: |
The relevant line from /var/log/messages:
Mar 5 02:49:47 localhost NetworkManager[5290]: <info> Starting VPN service 'openconnect'...
Mar 5 02:49:47 localhost NetworkManager[5290]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 9331
Mar 5 02:49:47 localhost NetworkManager[5290]: <info> VPN service 'openconnect' appeared; activating connections
Mar 5 02:49:58 localhost NetworkManager[5290]: <error> [1457142598.266701] [/var/tmp/portage/net-misc/networkmanager-1.0.10-r1/work/NetworkManager-1.0.10/src/vpn-manager/nm-vpn-connection.c:1918] plugin_need_secrets_cb(): (38b121c4-2bb0-4535-a938-162b352680c5/gmi vpn) final secrets request failed to provide sufficient secrets
|
Last edited by muddle on Fri Oct 07, 2016 7:49 am; edited 1 time in total |
|
Back to top |
|
|
HerbMillerJW n00b
Joined: 16 Feb 2012 Posts: 37
|
Posted: Sun Mar 06, 2016 10:37 pm Post subject: |
|
|
Definitely issues with Plasma 5 and NetworkManager openconnect VPN right now. I've had three systems encounter this same problem when upgrading to Plasma 5. Unfortunately, I'm pretty sure it's a KDE issue and not a Gentoo issue.
I just filed a bug for it on bugs.kde.org if you're interested in chiming in. https://bugs.kde.org/show_bug.cgi?id=360176 |
|
Back to top |
|
|
muddle n00b
Joined: 01 May 2007 Posts: 28
|
Posted: Fri Oct 07, 2016 7:48 am Post subject: |
|
|
Hi all,
just want to report that we found a solution. The issue could be solved by changing/adding polkit rules (see below). I found the solution/workaround after Alekseij replied to the kde bug report (thanks!):
Code: |
cat /usr/share/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules
// Let users in plugdev group modify NetworkManager
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" && subject.isInGroup("plugdev")) {
return "yes";
}
if (action.id == "org.freedesktop.NetworkManager.settings.modify.own" && subject.isInGroup("plugdev")) {
return "yes";
}
});
|
I assume that both rules are needed (first one for system-wide connections and second one for user-only connections) but I haven't tested this. Anyway, after changing this rule plasma-nm and NetworkManager deal with saved vpn connections.
Thanks to everyone. |
|
Back to top |
|
|
drazse n00b
Joined: 30 Aug 2005 Posts: 5 Location: Poughkeepsie, NY
|
Posted: Mon Nov 14, 2016 3:43 pm Post subject: |
|
|
Thank you, that solved the problem for me, too.
In my polkit rule the system wide rule was already there, but the rule for user only connections was missing.
I had to use a workaround of stopping and restarting kded5 (kquitapp5 kded5; kstart5 kded5) before this fix. |
|
Back to top |
|
|
qu3st n00b
Joined: 25 Nov 2016 Posts: 3 Location: BTM
|
Posted: Thu Apr 18, 2019 1:43 pm Post subject: |
|
|
Thanks a lot, we have now 2019 and this problem still exists... |
|
Back to top |
|
|
|