OpenConnect 4.06 + Fedora17
David Woodhouse
dwmw2 at infradead.org
Fri Aug 31 18:38:13 EDT 2012
On Fri, 2012-08-31 at 17:30 -0400, Dan Kane wrote:
> I can successfully connect to my VPN via the cmdline using:
>
> sudo openconnect -c certfile.p12 vpn.mydomain.com
>
> It asks for the PKCS#12 pass phrase, then username/password and I'm in
> like a dirty shirt ;)
>
> Yet when I try to configure a VPN connection using the Fedora17
> NetworkManager UI - having converted my PKCS#12 into a .pem file - it
> always fails to connect, saying "The VPN connection 'VPN' failed because
> there were no valid VPN secrets".
>
> FWIW, I converted my .p12 into a .pem using (OpenSSL 1.0.0j-fips):
>
> openssl pkcs12 -nodes -in certfile.p12 -out certfile.pem
>
> I use certfile.pem as my "User Certificate" in the NM UI.
That seems sane. I take it your certfile.pem also works from the command
line?
> Perhaps this is really a Fedora forum question, but I figured that you
> would have experience of how openconnect can fail in various
> environments. Any ideas why?
Absolutely *not* a Fedora forum question; thanks for asking it here. The
other appropriate place would be Fedora bugzilla, but definitely not the
forum.
NetworkManager's error handling is extremely poor here. It gives that
'no valid VPN secrets' for many circumstances, but the most likely I
suspect is that there is no "agent" registered to handle the
authentication requests for VPN connections. I think GNOME shell is
supposed to handle this... but often doesn't. Can you try running
'nm-applet' from a terminal, and then try connecting?
Or if you're using KDE, make sure the
kde-plasma-networkmanagement-openconnect package is installed.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120831/ed04bc30/attachment-0001.bin>
More information about the openconnect-devel
mailing list