Re: OpenVpn plugin NeedSecret

[Dan Williams <dcbw redhat com>]

On Thu, 2011-11-03 at 10:26 +0100, Francesco Andrisani wrote:
> Anothe DEBUG info:
> 
> debian:/etc/NetworkManager# /usr/libexec/nm-openvpn-service --debug
> ** Message: nm-openvpn-service (version 0.9.0) starting...
> ** Message: real_need_secrets: connection
> -------------------------------------
> connection
>     name : "connection"
>     id : "VPNconnection" (s)
>     uuid : "355653c0-34d3-4777-ad25-f9a498b7ef8e" (s)
>     type : "vpn" (s)
>     permissions : [] (sd)
>     autoconnect : FALSE (s)
>     timestamp : 0 (sd)
>     read-only : FALSE (sd)
> 
> 
> ipv4
>     name : "ipv4"
>     method : "auto" (s)
>     dns : [] (s)
>     dns-search : [] (sd)
>     addresses : [] (s)
>     routes : [] (s)
>     ignore-auto-routes : FALSE (sd)
>     ignore-auto-dns : FALSE (sd)
>     dhcp-client-id : NULL (sd)
>     dhcp-send-hostname : TRUE (sd)
>     dhcp-hostname : NULL (sd)
>     never-default : FALSE (sd)
>     may-fail : FALSE (sd)
> 
> 
> ipv6
>     name : "ipv6"
>     method : "ignore" (s)
>     dns : [] (s)
>     dns-search : [] (sd)
>     addresses : [] (s)
>     routes : [] (s)
>     ignore-auto-routes : FALSE (sd)
>     ignore-auto-dns : FALSE (sd)
>     never-default : FALSE (sd)
>     may-fail : TRUE (sd)
> 
> 
> vpn
>     name : "vpn"
>     service-type : "org.freedesktop.NetworkManager.openvpn" (s)
>     user-name : NULL (sd)
>     data : [ { 'name': openvpn }, ] (s)
>     secrets : [ ] (s)

So here's the problem; the [vpn] setting isn't completely specified.
Did you import this connection from an openvpn config file?  Unless this
was changed at some point (or there's a bug in the editor) this
connection was never valid since it doesn't have the required connection
type field and a few other things.  Here's what it *should* look like:

[vpn]
service-type=org.freedesktop.NetworkManager.openvpn
connection-type=password
password-flags=3
remote=ovpn.mycompany.com
cipher=AES-256-CBC
proto-tcp=yes
reneg-seconds=0
port=443
username=dcbw
ca=/home/dcbw/MyCA.pem

or something along those lines.  If you imported it from a config file,
can you try doing that again?  If it still looks like this, can you send
me the config file so I can see what's going wrong?

Dan

> Regards
> 
> 
> On Thu, Nov 3, 2011 at 10:12 AM, Francesco Andrisani
> <francesco andrisani acotel com> wrote:
>         OK.
>         
>         So i've installed openvpn client on my workstation with
>         certificate authentication and...it work fine.
>         About NetworkManager-openvpn i've installed (from sources)
>         0.9.0 version, the same of NetworkManager (it also installed
>         from sources).
>         
>         A clarification...i use the system without X server (no gnome,
>         no kde).
>         Below my NetworkManager and NetworkManager-openvpn
>         configuration files. 
>         
>         debian:/etc/NetworkManager# cat
>         system-connections/VPNconnection 
>         [connection]
>         id=VPNconnection
>         uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e
>         type=vpn
>         autoconnect=FALSE
>         
>         [ipv4]
>         method=auto
>         
>         [vpn]
>         name=openvpn
>         service-type=org.freedesktop.NetworkManager.openvpn
>         
>         [ipv6]
>         method=ignore
>         
>         I've no secrets specified here, Is it correct? I've no
>         password for start opevpn client manually. Only certificate
>         authentication.
>         
>         debian:/etc/NetworkManager# cat VPN/nm-openvpn-service.name 
>         [VPN Connection]
>         name=openvpn
>         service=org.freedesktop.NetworkManager.openvpn
>         program=/usr/libexec/nm-openvpn-service
>         
>         Regards
>         
>         
>         
>         On Thu, Nov 3, 2011 at 2:25 AM, Dan Williams <dcbw redhat com>
>         wrote:
>                 On Wed, 2011-11-02 at 10:21 +0100, Francesco Andrisani
>                 wrote:
>                 > (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection)
>                 plugin
>                 > NeedSecrets
>                 > request #1 failed: dbus-glib-error-quark Invalid
>                 connection type.
>                 
>                 
>                 This part is the problem.  Any chance you could paste
>                 in your vpn
>                 connection file
>                 from /etc/NetworkManager/system-connections for us to
>                 look at?  Remove any passwords and XXXX out any
>                 sensitive information
>                 before doing so.
>                 
>                 Any idea what version of NetworkManager-openvpn you've
>                 got installed?
>                 
>                 Dan
>                 
>                 
>         
>         
>         
>         
>         -- 
>         ____________________________________________________
>         Francesco Andrisani
>         mailto:francesco andrisani acotel com
>         Acotel Spa
>         http://www.acotel.com
>         Via della Valle dei Fontanili, 29
>         00168 Roma
>         Tel +390661141200
>         Fax +39066149936
>         ____________________________________________________
>         
>         
>           Le informazioni contenute nella comunicazione che precede
>              possono essere riservate e sono, comunque, destinate
>            esclusivamente alla persona o all’ente sopraindicati. La
>          diffusione, distribuzione e/o copiatura non autorizzata del
>         documento trasmesso da parte di qualsiasi soggetto è proibita.
>              La sicurezza e la correttezza dei messaggi di posta
>          elettronica non possono essere garantite. Se avete ricevuto
>            questo messaggio per errore, Vi preghiamo di contattarci
>                            immediatamente. Grazie.
>         
>            This message is for the named person's use only. It may
>            contain confidential, proprietary or legally privileged
>         information. No confidentiality or privilege is waived or lost
>           by any transmission. If you receive this message in error,
>          please immediately delete it and all copies of it from your
>          system, destroy any hard copies of it and notify the sender.
>              You must not, directly or indirectly, use, disclose,
>         distribute, print, or copy any part of this message if you are
>                       not the intended recipient. Thanks
>         
>         
>         
> 
> 
> 
> -- 
> ____________________________________________________
> Francesco Andrisani
> mailto:francesco andrisani acotel com
> Acotel Spa
> http://www.acotel.com
> Via della Valle dei Fontanili, 29
> 00168 Roma
> Tel +390661141200
> Fax +39066149936
> ____________________________________________________
> 
> 
>   Le informazioni contenute nella comunicazione che precede possono
>    essere riservate e sono, comunque, destinate esclusivamente alla
>   persona o all’ente sopraindicati. La diffusione, distribuzione e/o
>     copiatura non autorizzata del documento trasmesso da parte di
>    qualsiasi soggetto è proibita. La sicurezza e la correttezza dei
>  messaggi di posta elettronica non possono essere garantite. Se avete
>   ricevuto questo messaggio per errore, Vi preghiamo di contattarci
>                        immediatamente. Grazie.
> 
>    This message is for the named person's use only. It may contain
>    confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any transmission. If
>  you receive this message in error, please immediately delete it and
>  all copies of it from your system, destroy any hard copies of it and
>     notify the sender. You must not, directly or indirectly, use,
>  disclose, distribute, print, or copy any part of this message if you
>                 are not the intended recipient. Thanks
> 
>