OpenConnect 4.06 + Fedora17

David Woodhouse dwmw2 at infradead.org
Fri Aug 31 18:38:13 EDT 2012


On Fri, 2012-08-31 at 17:30 -0400, Dan Kane wrote:
> I can successfully connect to my VPN via the cmdline using:
> 
> sudo openconnect -c certfile.p12 vpn.mydomain.com
> 
> It asks for the PKCS#12 pass phrase, then username/password and I'm in
> like a dirty shirt  ;)
> 
> Yet when I try to configure a VPN connection using the Fedora17
> NetworkManager UI - having converted my PKCS#12 into a .pem file - it
> always fails to connect, saying "The VPN connection 'VPN' failed because
> there were no valid VPN secrets".
> 
> FWIW, I converted my .p12 into a .pem using (OpenSSL 1.0.0j-fips):
> 
> openssl pkcs12 -nodes -in certfile.p12 -out certfile.pem
> 
> I use certfile.pem as my "User Certificate" in the NM UI.

That seems sane. I take it your certfile.pem also works from the command
line?

> Perhaps this is really a Fedora forum question, but I figured that you
> would have experience of how openconnect can fail in various
> environments. Any ideas why? 

Absolutely *not* a Fedora forum question; thanks for asking it here. The
other appropriate place would be Fedora bugzilla, but definitely not the
forum.

NetworkManager's error handling is extremely poor here. It gives that
'no valid VPN secrets' for many circumstances, but the most likely I
suspect is that there is no "agent" registered to handle the
authentication requests for VPN connections. I think GNOME shell is
supposed to handle this... but often doesn't. Can you try running
'nm-applet' from a terminal, and then try connecting?

Or if you're using KDE, make sure the
kde-plasma-networkmanagement-openconnect package is installed.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120831/ed04bc30/attachment-0001.bin>


More information about the openconnect-devel mailing list