Openconnect Network Manager Interaction Ubuntu 12.04

Mcclelland, Michael B Mr CTR USN USA michael.b.mcclelland at us.army.mil
Wed Aug 15 14:45:02 EDT 2012 

Out of curiosity I put the cart in front of the horse and tried 
openconnect on quantal snapshot 3 since it has network manager 9.6 
already built for it.  Ran from command line and it worked immediately.  
So I decided to try out the network manager plugin and I got about the 
same result.  It doesn't seem I'm being asked for my smart card 
certificate when I connect even if I populate the usercert field.  Here 
is my config:

[connection]
id=cde
uuid=42368787-119e-4095-bbc1-c6f23b656d03
type=vpn
autoconnect=false

[vpn]
service-type=org.freedesktop.NetworkManager.openconnect
lasthost-flags=0
xmlconfig-flags=0
pem_passphrase_fsid=no
gwcert-flags=2
gateway-flags=2
autoconnect-flags=0
enable_csd_trojan=no
usercert:'pkcs11:token=MCCLELLAND.MICHAEL.BLAIR.1250312;id=%00%02;object=CAC%20Email%20Signature%20Certificate'
certsigs-flags=0
cookie-flags=2
gateway=myserver.mil/vpn2
authtype=password

[ipv6]
method=auto

[ipv4]
method=auto

I'm using packages from the default repositories, not the 
network-manager ppa

On 08/14/2012 11:31 AM, Mathieu Trudel-Lapierre wrote:
> On Tue, Aug 14, 2012 at 11:22 AM, Mike Miller<mtmiller at ieee.org>  wrote:
>> On Tue, Aug 14, 2012 at 10:35 AM, Mcclelland, Michael B Mr CTR USN USA wrote:
>>> Reran with debuild and but the build failed, should I be applying that
>>> linked patch even though I'm on ubuntu?  I didn't get any warnings regarding
>>> the version of network manager.
>>>
>>> here is my log:
>>> http://pastebin.com/KAZX1fW7
>> Hi Michael, your log shows that the network-manager-openconnect
>> 0.9.4.0 package is incompatible with the libopenconnect.so.2 API, this
>> was changed between openconnect 3.x and 4.x. You have 3 options:
>>
>> 1. Patch 0.9.4.0 to make it work with openconnect >= 4.00
>> 2. Backport 0.9.6.0, patch it to compile against network-manager 0.9.4.0
>> 3. Backport the entire network-manager 0.9.6.0 suite
>>
>> I had option 1 done at one point in Debian, but that work was never
>> released as an official package.
>>
>> Option 2 would be to get the network-manager-openconnect 0.9.6.0
>> Ubuntu source package and apply the patch linked to above. And as
>> noted, that may or may not be all you need to do to follow this route.
>>
> network-manager-openconnect 0.9.6.0 requires NM 0.9.6.0.
>
>> I would go with option 3, it will require building more packages but I
>> suspect fewer changes to each one as I think the interdependencies
>> between NM components are more tightly coupled than between NM and the
>> rest of the system.
> I have a PPA with the latest NetworkManager and plugins building
> automatically every day. Obviously, that means none of it is really
> tested with any kind of frequency.
>
> However, it means it's trivial to cut stable versions for the *stable*
>   PPA for Precise, now that the whole stack has been released for
> 0.9.6.0. I'll try to get that done today; but again, doesn't mean it
> will be very stable or very tested.
>
>
> Mathieu Trudel-Lapierre<mathieu.tl at gmail.com>
> Freenode: cyphermox, Jabber:mathieu.tl at gmail.com
> 4096R/EE018C93 1967 8F7D 03A1 8F38 732E  FF82 C126 33E1 EE01 8C93



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 10357 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120815/bb10b04a/attachment.p7s>

More information about the openconnect-devel mailing list