Bug #1247682 “Regression: openconnect VPN does not work anymore” : Bugs : network-manager-openconnect package : Ubuntu

Revision history for this message

Dima Ryazanov (dima-gmail) wrote on 2013-11-03:

#1

Dependencies.txt Edit (4.7 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (103 bytes, text/plain; charset="utf-8")

Revision history for this message

Mike Miller (mtmiller) wrote on 2013-11-03:

#2

Thank you for taking the time to report this bug and helping to make Ubuntu better. Can you test connecting to your VPN with openconnect on the command line to help identify if this is the same as other similar bugs reported recently?

1. Can you connect with "sudo openconnect -v VPN-URL", tell us whether it succeeds or not, and paste the output here? You can sanitize the output to remove IP addresses and host names if you want.

2. Can you connect with "sudo openconnect -v --no-xmlpost VPN-URL" and report the same as above?

See also bug #1202204, #1225276, and #1229195.

Changed in network-manager-openconnect (Ubuntu):
status:	New → Incomplete

Revision history for this message

Dima Ryazanov (dima-gmail) wrote on 2013-11-03:

#3

I don't think it succeeded; it's complaining about a username and password. I don't actually have those; I have a certificate and a key .pem files, but don't know how to specify them. Also, I gave it a --cafile option cause it was complaining about the server certificate otherwise.

1.

POST https://[HOSTNAME]/
Attempting to connect to server [IP]:443
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Sun, 03 Nov 2013 23:26:07 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
Server requested SSL client certificate; none was configured
POST https://[HOSTNAME]/
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Sun, 03 Nov 2013 23:26:07 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML response has no "auth" node
GET https://[HOSTNAME]/
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Sun, 03 Nov 2013 23:26:07 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length: (0)
GET https://[HOSTNAME]/+webvpn+/index.html
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Certificate Validation Failure
Failed to obtain WebVPN cookie

2.

GET https://[HOSTNAME]/
Attempting to connect to server [IP]:443
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Sun, 03 Nov 2013 23:32:22 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length: (0)
GET https://[HOSTNAME]/+webvpn+/index.html
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Certificate Validation Failure
Failed to obtain WebVPN cookie

I don't think it succeeded; it's complaining about a username and password. I don't actually have those; I have a certificate and a key .pem files, but don't know how to specify them. Also, I gave it a --cafile option cause it was complaining about the server certificate otherwise.

1.

POST https://[HOSTNAME]/
Attempting to connect to server [IP]:443
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Sun, 03 Nov 2013 23:26:07 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
Server requested SSL client certificate; none was configured
POST https://[HOSTNAME]/
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Sun, 03 Nov 2013 23:26:07 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML response has no "auth" node
GET https://[HOSTNAME]/
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Sun, 03 Nov 2013 23:26:07 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://[HOSTNAME]/+webvpn+/index.html
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Certificate Validation Failure
Failed to obtain WebVPN cookie

2.

GET https://[HOSTNAME]/
Attempting to connect to server [IP]:443
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Sun, 03 Nov 2013 23:32:22 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://[HOSTNAME]/+webvpn+/index.html
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Certificate Validation Failure
Failed to obtain WebVPN cookie

Revision history for this message

Mike Miller (mtmiller) wrote on 2013-11-03:

#4

OK, see "man openconnect" for the options for certificate files.

Use the option -c CERTFILE for your user certificate and -k KEYFILE for your private key. Add those options to the ones above to try to connect both with and without the --no-xmlpost option.

Revision history for this message

Dima Ryazanov (dima-gmail) wrote on 2013-11-05:

#5

Download full text (5.8 KiB)

Thanks, that worked! (Both with and without --no-xmlpost).

So I'm guessing the bug is just the NetworkManager failing to talk to KDE's applet? (At least, I've seen it fail in other ways - when asking for wifi password, etc.)

1.

POST https://[HOSTNAME]/
Attempting to connect to server [IP]:443
Using certificate file Documents/myvpncert.pem
Using private key file Documents/myvpnkey.pem
Enter PEM pass phrase:
Using client certificate 'dima'
Adding supporting CA '[...]'
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Tue, 05 Nov 2013 07:30:12 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML POST enabled
Please enter your username and password.
Username:dima
Password:
POST https://[HOSTNAME]/
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Tue, 05 Nov 2013 07:30:18 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
Enter your Google Authenticator Code:
Response:
POST https://[HOSTNAME]/
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Tue, 05 Nov 2013 07:30:25 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500
Got CONNECT response: HTTP/1.1 200 OK
X-CSTP-Version: 1
X-CSTP-Address: 172.16.70.103
X-CSTP-Netmask: 255.255.255.0
X-CSTP-DNS: 172.16.128.6
X-CSTP-DNS: 172.17.8.6
X-CSTP-Lease-Duration: 86400
X-CSTP-Session-Timeout: 86400
X-CSTP-Idle-Timeout: 3600
X-CSTP-Disconnected-Timeout: 3600
X-CSTP-Default-Domain: [...]
X-CSTP-Split-Include: [...]
X-CSTP-Keep: true
X-CSTP-Tunnel-All-DNS: false
X-CSTP-DPD: 30
X-CSTP-Keepalive: 15
X-CSTP-MSIE-Proxy-Lockdown: true
X-CSTP-Smartcard-Removal-Disconnect: true
X-DTLS-Session-ID: 8F18733B5600E14033EB94C391F2B88A1725CCDB92A148E76F83484DA8C74087
X-DTLS-Port: 443
X-DTLS-Keepalive: 15
X-DTLS-DPD: 30
X-CSTP-MTU: 1355
X-DTLS-CipherSuite: AES128-SHA
X-CSTP-Routing-Filtering-Ignore: false
X-CSTP-Quarantine: false
X-CSTP-Disable-Always-On-VPN: false
X-CSTP-TCP-Keepalive: true
X-CSTP-Post-Auth-XML: <elided>
CSTP connected. DPD 30, Keepalive 15
DTLS option X-DTLS-Session-ID : 8F18733B5600E14033EB94C391F2B88A1725CCDB92A148E76F83484DA8C74087
DTLS option X-DTLS-Port : 443
DTLS option X-DTLS-Keepalive : 15
DTLS option X-DTLS-DPD : 30
DTLS option X-DTLS-CipherSuite : AES128-SHA
DTLS initialised. DPD 30, Keepalive 15
Connected tun0 as 172.16.70.103, using SSL

2.

GET https://[HOSTNAME]/
Attempting to connect to server [IP]:443
Using certificate file Documents/myvpncert.pem
Using private key file Documents/myvpnkey.pem
Enter PEM pass phrase:
Using client certificate 'dima'
Adding supporting CA '[...]'
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 05 Nov 2013 07:34:10 GMT
L...

Thanks, that worked! (Both with and without --no-xmlpost).

So I'm guessing the bug is just the NetworkManager failing to talk to KDE's applet? (At least, I've seen it fail in other ways - when asking for wifi password, etc.)

1.

POST https://[HOSTNAME]/
Attempting to connect to server [IP]:443
Using certificate file Documents/myvpncert.pem
Using private key file Documents/myvpnkey.pem
Enter PEM pass phrase:
Using client certificate 'dima'
Adding supporting CA '[...]'
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Tue, 05 Nov 2013 07:30:12 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML POST enabled
Please enter your username and password.
Username:dima
Password:
POST https://[HOSTNAME]/
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Tue, 05 Nov 2013 07:30:18 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
Enter your Google Authenticator Code:
Response:
POST https://[HOSTNAME]/
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Tue, 05 Nov 2013 07:30:25 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500
Got CONNECT response: HTTP/1.1 200 OK
X-CSTP-Version: 1
X-CSTP-Address: 172.16.70.103
X-CSTP-Netmask: 255.255.255.0
X-CSTP-DNS: 172.16.128.6
X-CSTP-DNS: 172.17.8.6
X-CSTP-Lease-Duration: 86400
X-CSTP-Session-Timeout: 86400
X-CSTP-Idle-Timeout: 3600
X-CSTP-Disconnected-Timeout: 3600
X-CSTP-Default-Domain: [...]
X-CSTP-Split-Include: [...]
X-CSTP-Keep: true
X-CSTP-Tunnel-All-DNS: false
X-CSTP-DPD: 30
X-CSTP-Keepalive: 15
X-CSTP-MSIE-Proxy-Lockdown: true
X-CSTP-Smartcard-Removal-Disconnect: true
X-DTLS-Session-ID: 8F18733B5600E14033EB94C391F2B88A1725CCDB92A148E76F83484DA8C74087
X-DTLS-Port: 443
X-DTLS-Keepalive: 15
X-DTLS-DPD: 30
X-CSTP-MTU: 1355
X-DTLS-CipherSuite: AES128-SHA
X-CSTP-Routing-Filtering-Ignore: false
X-CSTP-Quarantine: false
X-CSTP-Disable-Always-On-VPN: false
X-CSTP-TCP-Keepalive: true
X-CSTP-Post-Auth-XML: <elided>
CSTP connected. DPD 30, Keepalive 15
DTLS option X-DTLS-Session-ID : 8F18733B5600E14033EB94C391F2B88A1725CCDB92A148E76F83484DA8C74087
DTLS option X-DTLS-Port : 443
DTLS option X-DTLS-Keepalive : 15
DTLS option X-DTLS-DPD : 30
DTLS option X-DTLS-CipherSuite : AES128-SHA
DTLS initialised. DPD 30, Keepalive 15
Connected tun0 as 172.16.70.103, using SSL

2.

GET https://[HOSTNAME]/
Attempting to connect to server [IP]:443
Using certificate file Documents/myvpncert.pem
Using private key file Documents/myvpnkey.pem
Enter PEM pass phrase:
Using client certificate 'dima'
Adding supporting CA '[...]'
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 05 Nov 2013 07:34:10 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://[HOSTNAME]/+webvpn+/index.html
SSL negotiation with [HOSTNAME]
Connected to HTTPS on [HOSTNAME]
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
Set-Cookie: tg=0DefaultWEBVPNGroup; path=/; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Username:dima
Password:
POST https://[HOSTNAME]/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
X-Transcend-Version: 1
HTTP body chunked (-2)
Enter your Google Authenticator Code:
Response:
POST https://[HOSTNAME]/+webvpn+/login/challenge.html
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn=<elided>; path=/; secure
Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&ch:84C0E006194B69A3DA8068E3A1E5E37FBDB2CB0A&sh:545953497D0DDC13C2A70FF813CE72480F56A527&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest; path=/; secure
Set-Cookie: webvpnx=
Set-Cookie: webvpnaac=1; path=/; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500
Got CONNECT response: HTTP/1.1 200 OK
X-CSTP-Version: 1
X-CSTP-Address: 172.16.70.114
X-CSTP-Netmask: 255.255.255.0
X-CSTP-DNS: 172.16.128.6
X-CSTP-DNS: 172.17.8.6
X-CSTP-Lease-Duration: 86400
X-CSTP-Session-Timeout: 86400
X-CSTP-Idle-Timeout: 3600
X-CSTP-Disconnected-Timeout: 3600
X-CSTP-Default-Domain: [...]
X-CSTP-Split-Include: [...]
X-CSTP-Keep: true
X-CSTP-Tunnel-All-DNS: true
X-CSTP-DPD: 30
X-CSTP-Keepalive: 15
X-CSTP-MSIE-Proxy-Lockdown: true
X-CSTP-Smartcard-Removal-Disconnect: true
X-DTLS-Session-ID: EF7A1E93470FABDC14391621087D25D03DD7C40A5346D32CF516D26EEB2DD66B
X-DTLS-Port: 443
X-DTLS-Keepalive: 15
X-DTLS-DPD: 30
X-CSTP-MTU: 1355
X-DTLS-CipherSuite: AES128-SHA
X-CSTP-Routing-Filtering-Ignore: false
X-CSTP-Quarantine: false
X-CSTP-Disable-Always-On-VPN: false
X-CSTP-TCP-Keepalive: true
CSTP connected. DPD 30, Keepalive 15
DTLS option X-DTLS-Session-ID : EF7A1E93470FABDC14391621087D25D03DD7C40A5346D32CF516D26EEB2DD66B
DTLS option X-DTLS-Port : 443
DTLS option X-DTLS-Keepalive : 15
DTLS option X-DTLS-DPD : 30
DTLS option X-DTLS-CipherSuite : AES128-SHA
DTLS initialised. DPD 30, Keepalive 15
Connected tun0 as 172.16.70.114, using SSL

Revision history for this message

Mike Miller (mtmiller) wrote on 2013-11-06:

#6

Yes, most likely. Unfortunately I don't have a Kubuntu setup to test with at the moment so I can't try this for myself, perhaps someone else can.

Were you able to configure your user certificate and key file in the KDE applet properly when setting up the connection?

You might try getting some debug logs out of NetworkManager while attempting to connect to your VPN using the information at https://wiki.ubuntu.com/DebuggingNetworkManager.

Revision history for this message

Funky Future (funky-future) wrote on 2013-11-13:

#7

Download full text (13.4 KiB)

I experience the same using network-manager-openconnect-gnome within Cinnamon 2.0.12. another difference in my case is, i use no certificate, but user/password-credentials to authentificate.
connecting with openconnect as suggested in comment #2 works.

here's the part of the syslog, when i fail to connect:
Nov 13 13:53:52 hostname NetworkManager[1218]: <info> logging: level 'DEBUG' domains 'PLATFORM,RFKILL,ETHER,WIFI,BT,MB,DHCP4,DHCP6,PPP,IP4,IP6,AUTOIP4,DNS,VPN,SHARING,SUPPLICANT,AGENTS,SETTINGS,SUSPEND,CORE,DEVICE,OLPC,WIMAX,INFINIBAND,FIREWALL,ADSL,BOND,VLAN,BRIDGE'
Nov 13 13:53:58 hostname NetworkManager[1218]: <info> Starting VPN service 'openconnect'...
Nov 13 13:53:58 hostname NetworkManager[1218]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 21155
Nov 13 13:53:58 hostname NetworkManager[1218]: <info> VPN service 'openconnect' appeared; activating connections
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429080] [nm-vpn-connection.c:1413] get_secrets(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) requesting VPN secrets pass #1
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429231] [nm-agent-manager.c:1058] nm_agent_manager_get_secrets(): Secrets requested for connection /org/freedesktop/NetworkManager/Settings/0 (vpn)
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429268] [nm-settings-connection.c:864] nm_settings_connection_get_secrets(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:1) secrets requested flags 0x80000004 hint '(null)'
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429819] [nm-agent-manager.c:973] get_start(): (0x10e6a50/vpn) system settings secrets sufficient
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429841] [nm-settings-connection.c:721] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:1) existing secrets returned
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429852] [nm-settings-connection.c:727] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:1) secrets request completed
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.431959] [nm-settings-connection.c:767] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:1) new agent secrets processed
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.431995] [nm-vpn-connection.c:1379] get_secrets_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) asking service if additional secrets are required
Nov 13 13:53:58 hostname NetworkManager[1218]: <info> VPN plugin state changed: init (1)
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.433939] [nm-vpn-connection.c:1340] plugin_need_secrets_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) service indicated additional secrets required
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.433986] [nm-vpn-connection.c:1413] get_secrets(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) requesting VPN secrets pass #2
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.434133] [nm-agent-manager.c:1058] nm_agent_ma...

I experience the same using network-manager-openconnect-gnome within Cinnamon 2.0.12. another difference in my case is, i use no certificate, but user/password-credentials to authentificate.
connecting with openconnect as suggested in comment #2 works.

here's the part of the syslog, when i fail to connect:
Nov 13 13:53:52 hostname NetworkManager[1218]: <info> logging: level 'DEBUG' domains 'PLATFORM,RFKILL,ETHER,WIFI,BT,MB,DHCP4,DHCP6,PPP,IP4,IP6,AUTOIP4,DNS,VPN,SHARING,SUPPLICANT,AGENTS,SETTINGS,SUSPEND,CORE,DEVICE,OLPC,WIMAX,INFINIBAND,FIREWALL,ADSL,BOND,VLAN,BRIDGE'
Nov 13 13:53:58 hostname NetworkManager[1218]: <info> Starting VPN service 'openconnect'...
Nov 13 13:53:58 hostname NetworkManager[1218]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 21155
Nov 13 13:53:58 hostname NetworkManager[1218]: <info> VPN service 'openconnect' appeared; activating connections
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429080] [nm-vpn-connection.c:1413] get_secrets(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) requesting VPN secrets pass #1
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429231] [nm-agent-manager.c:1058] nm_agent_manager_get_secrets(): Secrets requested for connection /org/freedesktop/NetworkManager/Settings/0 (vpn)
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429268] [nm-settings-connection.c:864] nm_settings_connection_get_secrets(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:1) secrets requested flags 0x80000004 hint '(null)'
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429819] [nm-agent-manager.c:973] get_start(): (0x10e6a50/vpn) system settings secrets sufficient
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429841] [nm-settings-connection.c:721] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:1) existing secrets returned
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.429852] [nm-settings-connection.c:727] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:1) secrets request completed
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.431959] [nm-settings-connection.c:767] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:1) new agent secrets processed
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.431995] [nm-vpn-connection.c:1379] get_secrets_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) asking service if additional secrets are required
Nov 13 13:53:58 hostname NetworkManager[1218]: <info> VPN plugin state changed: init (1)
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.433939] [nm-vpn-connection.c:1340] plugin_need_secrets_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) service indicated additional secrets required
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.433986] [nm-vpn-connection.c:1413] get_secrets(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) requesting VPN secrets pass #2
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.434133] [nm-agent-manager.c:1058] nm_agent_manager_get_secrets(): Secrets requested for connection /org/freedesktop/NetworkManager/Settings/0 (vpn)
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.434364] [nm-agent-manager.c:577] request_add_agent(): (:1.53/org.freedesktop.nm-applet/1000) agent allowed for secrets request 0x10e7870/vpn
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.434398] [nm-settings-connection.c:864] nm_settings_connection_get_secrets(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:2) secrets requested flags 0x4 hint '(null)'
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.434798] [nm-agent-manager.c:979] get_start(): (0x10e7870/vpn) system settings secrets insufficient, asking agents
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.434814] [nm-agent-manager.c:652] next_generic(): (:1.53/org.freedesktop.nm-applet/1000) agent getting secrets for request 0x10e7870/vpn
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.434823] [nm-agent-manager.c:912] get_next_cb(): (0x10e7870/vpn) request has system secrets; checking agent :1.53 for MODIFY
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.438855] [nm-agent-manager.c:843] get_agent_modify_auth_cb(): (0x10e7870/vpn) agent MODIFY check result 1
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.476972] [nm-agent-manager.c:719] get_done_cb(): (:1.53/org.freedesktop.nm-applet/1000) agent returned secrets for request 0x10e7870/vpn
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.477112] [nm-settings-connection.c:684] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:2) secrets returned from agent :1.53
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.477125] [nm-settings-connection.c:727] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:2) secrets request completed
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.477921] [nm-settings-connection.c:767] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:2) new agent secrets processed
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.477939] [nm-vpn-connection.c:1379] get_secrets_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) asking service if additional secrets are required
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.479366] [nm-vpn-connection.c:1340] plugin_need_secrets_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) service indicated additional secrets required
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.479397] [nm-vpn-connection.c:1413] get_secrets(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) requesting VPN secrets pass #3
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.479464] [nm-agent-manager.c:1058] nm_agent_manager_get_secrets(): Secrets requested for connection /org/freedesktop/NetworkManager/Settings/0 (vpn)
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.479587] [nm-agent-manager.c:577] request_add_agent(): (:1.53/org.freedesktop.nm-applet/1000) agent allowed for secrets request 0x10ee020/vpn
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.479607] [nm-settings-connection.c:864] nm_settings_connection_get_secrets(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:3) secrets requested flags 0x5 hint '(null)'
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.479898] [nm-agent-manager.c:979] get_start(): (0x10ee020/vpn) system settings secrets insufficient, asking agents
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.479912] [nm-agent-manager.c:652] next_generic(): (:1.53/org.freedesktop.nm-applet/1000) agent getting secrets for request 0x10ee020/vpn
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.479919] [nm-agent-manager.c:912] get_next_cb(): (0x10ee020/vpn) request has system secrets; checking agent :1.53 for MODIFY
Nov 13 13:53:58 hostname NetworkManager[1218]: <debug> [1384347238.486329] [nm-agent-manager.c:843] get_agent_modify_auth_cb(): (0x10ee020/vpn) agent MODIFY check result 1
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.940321] [nm-agent-manager.c:719] get_done_cb(): (:1.53/org.freedesktop.nm-applet/1000) agent returned secrets for request 0x10ee020/vpn
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.940534] [nm-settings-connection.c:684] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:3) secrets returned from agent :1.53
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.940612] [nm-settings-connection.c:727] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:3) secrets request completed
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.942948] [nm-settings-connection.c:760] agent_secrets_done_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn:3) saving new secrets to backing storage
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.947386] [nm-vpn-connection.c:1379] get_secrets_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) asking service if additional secrets are required
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.953937] [nm-vpn-connection.c:1349] plugin_need_secrets_cb(): (8958a0b8-5894-4920-883e-1451d1cc8c52/vpn-provider) service indicated no additional secrets required
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.958106] [nm-ip6-manager.c:1340] netlink_notification(): netlink event type 16
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.958137] [nm-ip6-manager.c:1301] process_newlink(): ignoring netlink message family 0
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.958176] [nm-netlink-monitor.c:164] link_msg_handler(): netlink link message: iface idx 4 flags 0x1090
Nov 13 13:54:22 hostname NetworkManager[1218]: <info> VPN plugin state changed: starting (3)
Nov 13 13:54:22 hostname NetworkManager[1218]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/vpn0, iface: vpn0)
Nov 13 13:54:22 hostname NetworkManager[1218]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/vpn0, iface: vpn0): no ifupdown configuration found.
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.959198] [nm-udev-manager.c:563] handle_uevent(): UDEV event: action 'add' subsys 'net' device 'vpn0'
Nov 13 13:54:22 hostname NetworkManager[1218]: <warn> /sys/devices/virtual/net/vpn0: couldn't determine device driver; ignoring...
Nov 13 13:54:22 hostname NetworkManager[1218]: <debug> [1384347262.959427] [nm-udev-manager.c:216] recheck_killswitches(): WiFi rfkill switch rfkill0 state now 0/1
Nov 13 13:54:22 hostname NetworkManager[1218]: <info> VPN connection 'vpn-provider' (Connect) reply received.
Nov 13 13:54:23 hostname openconnect[21555]: Verbindungsversuch mit Server 130.149.5.50:443
Nov 13 13:54:23 hostname openconnect[21555]: SSL-Verhandlung mit vpn.provider.com
Nov 13 13:54:23 hostname openconnect[21555]: Verbunden mit HTTPS auf vpn.provider.com
Nov 13 13:54:23 hostname openconnect[21555]: Unpassende HTTP CONNECT-Antwort erhalten: HTTP/1.1 401 Unauthorized
Nov 13 13:54:23 hostname avahi-daemon[1213]: Withdrawing workstation service for vpn0.
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.397130] [nm-ip6-manager.c:1340] netlink_notification(): netlink event type 17
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.397341] [nm-netlink-monitor.c:164] link_msg_handler(): netlink link message: iface idx 4 flags 0x1090
Nov 13 13:54:23 hostname NetworkManager[1218]:    SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/vpn0, iface: vpn0)
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.398846] [nm-udev-manager.c:563] handle_uevent(): UDEV event: action 'remove' subsys 'net' device 'vpn0'
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.399048] [nm-udev-manager.c:216] recheck_killswitches(): WiFi rfkill switch rfkill0 state now 0/1
Nov 13 13:54:23 hostname NetworkManager[1218]: <warn> VPN plugin failed: 0
Nov 13 13:54:23 hostname NetworkManager[1218]: <info> VPN plugin state changed: stopped (6)
Nov 13 13:54:23 hostname NetworkManager[1218]: <info> VPN plugin state change reason: 10
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.427566] [nm-dns-manager.c:1017] nm_dns_manager_begin_updates(): (vpn_connection_deactivated): queueing DNS updates (1)
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.427586] [nm-dns-manager.c:1017] nm_dns_manager_begin_updates(): (update_routing_and_dns): queueing DNS updates (2)
Nov 13 13:54:23 hostname NetworkManager[1218]: <info> Policy set 'Kabelnetzwerkverbindung 1' (eth0) as default for IPv4 routing and DNS.
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.427817] [nm-dns-manager.c:1035] nm_dns_manager_end_updates(): (nm_dns_manager_end_updates): DNS configuration did not change
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.427833] [nm-dns-manager.c:1039] nm_dns_manager_end_updates(): (update_routing_and_dns): no DNS changes to commit (1)
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.427856] [nm-dns-manager.c:1035] nm_dns_manager_end_updates(): (nm_dns_manager_end_updates): DNS configuration did not change
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.427869] [nm-dns-manager.c:1039] nm_dns_manager_end_updates(): (vpn_connection_deactivated): no DNS changes to commit (0)
Nov 13 13:54:23 hostname NetworkManager[1218]: <debug> [1384347263.427890] [nm-policy.c:1008] process_secondaries(): Secondary connection 'vpn-provider' FAILED; active path '/org/freedesktop/NetworkManager/ActiveConnection/1'
Nov 13 13:54:23 hostname NetworkManager[1218]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Nov 13 13:54:23 hostname NetworkManager[1218]:    keyfile: updating /etc/NetworkManager/system-connections/vpn-provider
Nov 13 13:54:29 hostname NetworkManager[1218]: <info> VPN service 'openconnect' disappeared
Nov 13 13:54:31 hostname NetworkManager[1218]: <debug> [1384347271.140889] [nm-vpn-service.c:274] ensure_killed(): waiting for VPN service pid 21155 to exit
Nov 13 13:54:31 hostname NetworkManager[1218]: <debug> [1384347271.140988] [nm-vpn-service.c:276] ensure_killed(): VPN service pid 21155 cleaned up

Changed in network-manager-openconnect (Ubuntu):
status:	Incomplete → New

Revision history for this message

Mike Miller (mtmiller) wrote on 2013-11-20:

#8

@Funky, which command in comment #2 works for you, or do both commands work?

Changed in network-manager-openconnect (Ubuntu):
status:	New → Incomplete

Revision history for this message

Dima Ryazanov (dima-gmail) wrote on 2013-12-22:

#9

Actually, it works again... I guess an update to NetworkManager or KDE or something fixed it.

Revision history for this message

Mike Miller (mtmiller) wrote on 2014-01-12:

#10

This bug report is being closed due to your last comment regarding this being fixed with an update. For future reference you can manage the status of your own bugs by clicking on the current status in the yellow line and then choosing a new status in the revealed drop down box. You can learn more about bug statuses at https://wiki.ubuntu.com/Bugs/Status. Thank you again for taking the time to report this bug and helping to make Ubuntu better. Please submit any future bugs you may find.

Changed in network-manager-openconnect (Ubuntu):
status:	Incomplete → Invalid

Revision history for this message

Jaceq (dzacek83) wrote on 2014-01-13:

#11

This is still the case for me.

In logs I get:
Jan 13 10:01:38 HP NetworkManager[879]: <info> Starting VPN service 'openconnect'...
Jan 13 10:01:38 HP NetworkManager[879]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 3799
Jan 13 10:01:38 HP NetworkManager[879]: <info> VPN service 'openconnect' appeared; activating connections
Jan 13 10:01:50 HP NetworkManager[879]: <error> [1389603710.602692] [nm-vpn-connection.c:1374] get_secrets_cb(): Failed to request VPN secrets #3: (6) No agents were available for this request.

I can connect on console with: sudo openconnect -v <URL> --no-xmlpost
I just did full update now, I have:
openconnect: 5.01-1
network-manager-openconnect: 0.9.8.0-1ubuntu2

Jaceq (dzacek83) on 2014-01-13

Changed in network-manager-openconnect (Ubuntu):
status:	Invalid → Incomplete
status:	Incomplete → New

Revision history for this message

Mike Miller (mtmiller) wrote on 2014-01-13:

#12

Hi Jaceq, are you able to connect on the console with

sudo openconnect -v <URL>

without the --no-xmlpost option?

If you are able to connect both with and without --no-xmlpost, then please also report whether you are using nm-applet, gnome-shell, or KDE's plasma-widget-networkmanagement.

If you are able to connect with --no-xmlpost but not without that option, then please see bug #1229195 which is specifically about the error you are having.

Changed in network-manager-openconnect (Ubuntu):
status:	New → Incomplete

Revision history for this message

Jaceq (dzacek83) wrote on 2014-01-13:

#13

Hi,

I am unable to connect without --no-xmlpost

I am using KDE;s plastma-widget-networkmanagemnt

I have browsed linked bug and it seems that this is my problem.
I will try to find package 5.02-1 ( I have 5.01-1).

Thanks!

Revision history for this message

Mike Miller (mtmiller) wrote on 2014-01-13:

#14

Thanks for replying and confirming that bug #1229195 describes the problem you are having. I'm setting this bug status back to invalid since the original reporter's problem has been resolved by upgrades or configuration changes.

Changed in network-manager-openconnect (Ubuntu):
status:	Incomplete → Invalid

Revision history for this message

Anton Anikin (anton-anikin) wrote on 2014-01-21:

#15

I have the same problem on Ubuntu 14.04...

Revision history for this message

Anton Anikin (anton-anikin) wrote on 2014-01-21:

#16

openconnect:amd64/trusty 5.02-1
network-manager:amd64/trusty 0.9.8.8

Changed in network-manager-openconnect (Ubuntu):
status:	Invalid → Confirmed

Revision history for this message

Mike Miller (mtmiller) wrote on 2014-01-21:

#17

Hi Anton, you say you have the same problem. Do you mean that you are unable to connect with openconnect using the KDE networking VPN widget, but you are able to connect with openconnect on the command line? Please clarify the specific symptoms that you are experiencing that lead you to believe that this bug is still present? Thanks.

Changed in network-manager-openconnect (Ubuntu):
status:	Confirmed → Incomplete

Revision history for this message

Jaceq (dzacek83) wrote on 2014-01-23:

#18

And I am back here.
So the --no-xmlpost has been resolved, and now I can connect on console without --no-xmlpost option....
Yet, I am unable to connect via UI (in KDE / plasma).
I get following log entries:

With GUI I get this in log:
POST https://XXX/
Attempting to connect to server XXX:443
SSL negotiation with XXX
Connected to HTTPS on XXX
XML POST enabled

In syslog I have:
Jan 22 14:31:05 HP NetworkManager[844]: <info> Starting VPN service 'openconnect'...
Jan 22 14:31:05 HP NetworkManager[844]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 6997
Jan 22 14:31:05 HP NetworkManager[844]: <info> VPN service 'openconnect' appeared; activating connections
Jan 22 14:31:05 HP NetworkManager[844]: <info> VPN plugin state changed: init (1)
Jan 22 14:31:36 HP NetworkManager[844]: <error> [1390397496.727336] [nm-vpn-connection.c:1374] get_secrets_cb(): Failed to request VPN secrets #3: (6) No agents were available for this request.
Jan 22 14:31:36 HP NetworkManager[844]: <info> Policy set 'DHCP' (eth0) as default for IPv4 routing and DNS.
Jan 22 14:31:41 HP NetworkManager[844]: <info> VPN service 'openconnect' disappeared

My packages:
dpkg -l | grep openconnect
ii libopenconnect2:amd64 5.02-1 amd64 open client for Cisco AnyConnect VPN - shared library
ii network-manager-openconnect 0.9.8.0-1ubuntu2 amd64 network management framework (OpenConnect plugin)
ii openconnect 5.02-1 amd64 open client for Cisco AnyConnect VPN

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-03-25:

#19

[Expired for network-manager-openconnect (Ubuntu) because there has been no activity for 60 days.]

Changed in network-manager-openconnect (Ubuntu):
status:	Incomplete → Expired

Revision history for this message

Jaceq (dzacek83) wrote on 2014-04-04:

#20

This seems to still exist, anyone else having this issue?

Changed in network-manager-openconnect (Ubuntu):
status:	Expired → New

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-04-04:

#21

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openconnect (Ubuntu):
status:	New → Confirmed

Revision history for this message

kouakou (kj684258) wrote on 2014-04-19:

#22

Started having this issue after upgrading to 14.04.

Revision history for this message

Mike Miller (mtmiller) wrote on 2014-04-19:

#23

Are all the users confirming this connection failure using KDE / Kubuntu and using the KDE Plasma widget to connect with OpenConnect?

Revision history for this message

Tobias Kuhn (tkuhn) wrote on 2014-04-22:

#24

I am having the same problem. It appeared after upgrading to 14.04. I am using the standard VPN under Unity...

Tobias Kuhn (tkuhn) on 2014-04-22

tags:

added: trusty

Revision history for this message

Mike Miller (mtmiller) wrote on 2014-04-22:

#25

So @tkuhn you are able to connect to your VPN using openconnect on the command line and the VPN connection works? It only fails to connect when using the NM GUI in the Unity menu bar? See comment #2. The command will be something like "sudo openconnect -v [certificate options] vpn-host".

Revision history for this message

Tobias Kuhn (tkuhn) wrote on 2014-04-22:

#26

Now, it's working again for me! Could be because I installed the latest Ubuntu updates today, or because I am in a different wireless network now... I have to try it again tomorrow in the other network.

Revision history for this message

Tobias Kuhn (tkuhn) wrote on 2014-04-23:

#27

I am no longer affected. It works now for me, no matter which network I am in. Yesterday it didn't, even after restarting Ubuntu. Could it be that yesterday's Ubuntu update solved the issue?

Revision history for this message

Paul Streitman (rtmpaul) wrote on 2014-04-24:

#28

I have this issue after upgrading to Trusty from Saucy with either XFCE or Gnome 3. I can connect to the VPN manually from the command line but it fails when I try to do it through the network manager applet.

Revision history for this message

vaivaswatha (vaivaswatha) wrote on 2014-04-25:

#29

I have this issue on lubuntu through the standard network-manager applet. It works fine on command line.

Revision history for this message

Nikola Vidovic (dzany) wrote on 2014-04-27:

#30

I have the same problem as vaivaswatha.

Revision history for this message

Sami Pietila (sampie) wrote on 2014-05-08:

#32

On my ubuntu 14.04 desktop, running following commands cured the problem:
1. "sudo apt-get remove --purge network-manager-gnome"
reboot
2. "sudo apt-get install network-manager-gnome"
logout/login

Revision history for this message

Christianus Pistorius (carbeck) wrote on 2014-05-09:

#33

I have a completely new installation of Kubuntu 14.04 here, and Gnome dependencies for Network Manager aren't installed. In so far, I can't have any faulty old configuration files. Also compare http://forum.ubuntuusers.de/topic/openconnect-mit-nm-plasma-fuehrt-zu-segfault-i/ – the OP is in German, but I included a lot of console output that will hopefully be helpful.

Revision history for this message

Olivier Godart (olivier-godart-gmail) wrote on 2014-05-16:

#34

Sami, your workaround (#32) works, but doesn't survive a reboot: problem reoccurs.

Revision history for this message

Christianus Pistorius (carbeck) wrote on 2014-06-04:

#35

Tried #32 with plasma-nm instead of network-manager-gnome on Kubuntu 14.04 (32-bit), but it still doesn't work for me.

Revision history for this message

Steve O (stratus-ss) wrote on 2014-09-11:

#36

I am posting here because I do not have a problem with network-manager-vpnc. My issue is that on 2 computers which were *fresh* installs and not upgrades, if I go to try and launch an openconnect session, it dies almost immediately. If I use "sudo openconnect <hostname>" I connect just fine.

Log files to follow later

Revision history for this message

Steve O (stratus-ss) wrote on 2014-09-11:

#37

Couldnt edit the original post: These are both Ubuntu-Gnome 14.04 64 Bit releases

Revision history for this message

Trent Lloyd (lathiat) wrote on 2015-06-02:

#38

Possibly related?
https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1440009

Revision history for this message

cyberwill (wilson-g) wrote on 2015-10-16:

#39

Hello!
I´ve got the same problem using 15.04 Ubuntu version. It worked well until yesterday. Only using my broadband.

Revision history for this message

Vasili Burdo (vburdo) wrote on 2016-07-27:

#40

Download full text (25.4 KiB)

Hi, same problem after upgrade to Xenial.
Sometimes VPN connect succeeds, but most often it fails.
Using openconnect from command line always works.

Here are debug logs for both failed and successful and connection attempts:

-------------------------FAILED ATTEMPT:BEGIN------------------------
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5877] active-connection[0x293b400]: set device "eno1" [0x28db5f0]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5877] device[0x28db5f0] (eno1): add_pending_action (1): 'activation::0x293b400'
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5877] active-connection[0x293b400]: constructed (NMVpnConnection, version-id 10)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5878] auth: call[435]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=12623, uid=1000, start=23699935]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5885] auth: call[435]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5889] active-connection[0x293b400]: set state activating (was unknown)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5889] active-connection[0x293b400]: check-master-ready: not signalling (state activating, no master)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <info> [1469615162.5890] audit: op="connection-activate" uuid="ab76ecac-1eab-4b32-86c7-6524528c5f89" name="Testvpn.CISCO" pid=12623 uid=1000 result="success"
Jul 27 13:26:02 myubuntu NetworkManager[856]: <info> [1469615162.5969] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: Started the VPN service, PID 2409
Jul 27 13:26:02 myubuntu NetworkManager[856]: <info> [1469615162.6027] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: Saw the service appear; activating connection
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6028] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: requesting VPN secrets pass #1
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6031] Secrets requested for connection /org/freedesktop/NetworkManager/Settings/2 (Testvpn.CISCO/vpn)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6032] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2a421b0) secrets requested flags 0x80000004 hints '(none)'
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6035] agent-manager: ([0x2a421b0/"Testvpn.CISCO"/"vpn"]) system settings secrets sufficient
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6038] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x28ec700) existing secrets returned
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6039] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x28ec700) secrets request completed
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6044] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-652...

Hi, same problem after upgrade to Xenial.
Sometimes VPN connect succeeds, but most often it fails.
Using openconnect from command line always works.

Here are debug logs for both failed and successful and connection attempts:

-------------------------FAILED ATTEMPT:BEGIN------------------------
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5877] active-connection[0x293b400]: set device "eno1" [0x28db5f0]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5877] device[0x28db5f0] (eno1): add_pending_action (1): 'activation::0x293b400'
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5877] active-connection[0x293b400]: constructed (NMVpnConnection, version-id 10)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5878] auth: call[435]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=12623, uid=1000, start=23699935]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5885] auth: call[435]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5889] active-connection[0x293b400]: set state activating (was unknown)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.5889] active-connection[0x293b400]: check-master-ready: not signalling (state activating, no master)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <info>  [1469615162.5890] audit: op="connection-activate" uuid="ab76ecac-1eab-4b32-86c7-6524528c5f89" name="Testvpn.CISCO" pid=12623 uid=1000 result="success"
Jul 27 13:26:02 myubuntu NetworkManager[856]: <info>  [1469615162.5969] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: Started the VPN service, PID 2409
Jul 27 13:26:02 myubuntu NetworkManager[856]: <info>  [1469615162.6027] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: Saw the service appear; activating connection
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6028] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: requesting VPN secrets pass #1
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6031] Secrets requested for connection /org/freedesktop/NetworkManager/Settings/2 (Testvpn.CISCO/vpn)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6032] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2a421b0) secrets requested flags 0x80000004 hints '(none)'
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6035] agent-manager: ([0x2a421b0/"Testvpn.CISCO"/"vpn"]) system settings secrets sufficient
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6038] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x28ec700) existing secrets returned
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6039] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x28ec700) secrets request completed
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6044] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x28ec700) new agent secrets processed
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6046] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: asking service if additional secrets are required
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6065] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: service indicated additional secrets required
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6066] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: requesting VPN secrets pass #2
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6069] Secrets requested for connection /org/freedesktop/NetworkManager/Settings/2 (Testvpn.CISCO/vpn)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6069] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent allowed for secrets request [0x2a42090/"Testvpn.CISCO"/"vpn"]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6069] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2a42090) secrets requested flags 0x4 hints '(none)'
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6071] agent-manager: ([0x2a42090/"Testvpn.CISCO"/"vpn"]) system settings secrets insufficient, asking agents
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6072] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent getting secrets for request [0x2a42090/"Testvpn.CISCO"/"vpn"]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6073] agent-manager: ([0x2a42090/"Testvpn.CISCO"/"vpn"]) request has system secrets; checking agent :1.682 for MODIFY
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6073] auth: call[436]: CheckAuthorization(org.freedesktop.NetworkManager.settings.modify.own), subject=unix-process[pid=12623, uid=1000, start=23699935]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6079] auth: call[436]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6079] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent [0x2a42090/"Testvpn.CISCO"/"vpn"] MODIFY check result YES
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6518] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent returned secrets for request [0x2a42090/"Testvpn.CISCO"/"vpn"]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6522] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x7fde10003880) secrets returned from agent :1.682
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6522] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x7fde10003880) secrets request completed
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6527] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x7fde10003880) new agent secrets processed
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6531] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: asking service if additional secrets are required
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6552] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: service indicated additional secrets required
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6552] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: requesting VPN secrets pass #3
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6555] Secrets requested for connection /org/freedesktop/NetworkManager/Settings/2 (Testvpn.CISCO/vpn)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6555] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent allowed for secrets request [0x2a42000/"Testvpn.CISCO"/"vpn"]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6555] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2a42000) secrets requested flags 0x5 hints '(none)'
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6557] agent-manager: ([0x2a42000/"Testvpn.CISCO"/"vpn"]) system settings secrets insufficient, asking agents
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6558] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent getting secrets for request [0x2a42000/"Testvpn.CISCO"/"vpn"]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6558] agent-manager: ([0x2a42000/"Testvpn.CISCO"/"vpn"]) request has system secrets; checking agent :1.682 for MODIFY
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6558] auth: call[437]: CheckAuthorization(org.freedesktop.NetworkManager.settings.modify.own), subject=unix-process[pid=12623, uid=1000, start=23699935]
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6564] auth: call[437]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
Jul 27 13:26:02 myubuntu NetworkManager[856]: <debug> [1469615162.6564] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent [0x2a42000/"Testvpn.CISCO"/"vpn"] MODIFY check result YES
Jul 27 13:26:27 myubuntu NetworkManager[856]: <debug> [1469615187.6804] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent failed secrets request [0x2a42000/"Testvpn.CISCO"/"vpn"]: Timeout was reached
Jul 27 13:26:27 myubuntu NetworkManager[856]: <debug> [1469615187.6805] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x293d400) secrets request error: No agents were available for this request.
Jul 27 13:26:27 myubuntu NetworkManager[856]: <error> [1469615187.6805] vpn-connection[0x293b400,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: Failed to request VPN secrets #3: No agents were available for this request.
Jul 27 13:26:27 myubuntu NetworkManager[856]: <debug> [1469615187.6806] active-connection[0x293b400]: set state deactivated (was activating)
Jul 27 13:26:27 myubuntu NetworkManager[856]: <debug> [1469615187.6807] active-connection[0x293b400]: check-master-ready: not signalling (state deactivated, no master)
Jul 27 13:26:27 myubuntu NetworkManager[856]: <debug> [1469615187.6807] device[0x28db5f0] (eno1): remove_pending_action (0): 'activation::0x293b400'
Jul 27 13:26:27 myubuntu NetworkManager[856]: <debug> [1469615187.6846] active-connection[0x293b400]: disposing
-------------------------FAILED ATTEMPT:END--------------------------

-------------------------SUCCESSFUL ATTEMPT:BEGIN--------------------
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4403] active-connection[0x293b5f0]: set device "eno1" [0x28db5f0]
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4404] device[0x28db5f0] (eno1): add_pending_action (1): 'activation::0x293b5f0'
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4405] active-connection[0x293b5f0]: constructed (NMVpnConnection, version-id 17)
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4407] auth: call[456]: CheckAuthorization(org.freedesktop.NetworkManager.network-control), subject=unix-process[pid=12623, uid=1000, start=23699935]
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4442] auth: call[456]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4457] active-connection[0x293b5f0]: set state activating (was unknown)
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4458] active-connection[0x293b5f0]: check-master-ready: not signalling (state activating, no master)
Jul 27 13:43:29 myubuntu NetworkManager[856]: <info>  [1469616209.4461] audit: op="connection-activate" uuid="ab76ecac-1eab-4b32-86c7-6524528c5f89" name="Testvpn.CISCO" pid=12623 uid=1000 result="success"
Jul 27 13:43:29 myubuntu NetworkManager[856]: <info>  [1469616209.4513] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: Saw the service appear; activating connection
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4517] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: requesting VPN secrets pass #1
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4533] Secrets requested for connection /org/freedesktop/NetworkManager/Settings/2 (Testvpn.CISCO/vpn)
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4533] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2a42000) secrets requested flags 0x80000004 hints '(none)'
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4552] agent-manager: ([0x2a42000/"Testvpn.CISCO"/"vpn"]) system settings secrets sufficient
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4572] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x293d640) existing secrets returned
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4572] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x293d640) secrets request completed
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4605] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x293d640) new agent secrets processed
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4615] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: asking service if additional secrets are required
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4721] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: service indicated additional secrets required
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4722] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: requesting VPN secrets pass #2
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4736] Secrets requested for connection /org/freedesktop/NetworkManager/Settings/2 (Testvpn.CISCO/vpn)
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4737] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent allowed for secrets request [0x2997060/"Testvpn.CISCO"/"vpn"]
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4738] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2997060) secrets requested flags 0x4 hints '(none)'
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4749] agent-manager: ([0x2997060/"Testvpn.CISCO"/"vpn"]) system settings secrets insufficient, asking agents
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4753] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent getting secrets for request [0x2997060/"Testvpn.CISCO"/"vpn"]
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4753] agent-manager: ([0x2997060/"Testvpn.CISCO"/"vpn"]) request has system secrets; checking agent :1.682 for MODIFY
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4754] auth: call[457]: CheckAuthorization(org.freedesktop.NetworkManager.settings.modify.own), subject=unix-process[pid=12623, uid=1000, start=23699935]
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4783] auth: call[457]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.4785] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent [0x2997060/"Testvpn.CISCO"/"vpn"] MODIFY check result YES
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5185] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent returned secrets for request [0x2997060/"Testvpn.CISCO"/"vpn"]
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5190] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2938980) secrets returned from agent :1.682
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5190] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2938980) secrets request completed
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5199] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2938980) new agent secrets processed
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5205] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: asking service if additional secrets are required
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5238] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: service indicated additional secrets required
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5238] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: requesting VPN secrets pass #3
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5241] Secrets requested for connection /org/freedesktop/NetworkManager/Settings/2 (Testvpn.CISCO/vpn)
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5242] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent allowed for secrets request [0x2a42510/"Testvpn.CISCO"/"vpn"]
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5242] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2a42510) secrets requested flags 0x5 hints '(none)'
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5244] agent-manager: ([0x2a42510/"Testvpn.CISCO"/"vpn"]) system settings secrets insufficient, asking agents
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5245] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent getting secrets for request [0x2a42510/"Testvpn.CISCO"/"vpn"]
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5245] agent-manager: ([0x2a42510/"Testvpn.CISCO"/"vpn"]) request has system secrets; checking agent :1.682 for MODIFY
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5245] auth: call[458]: CheckAuthorization(org.freedesktop.NetworkManager.settings.modify.own), subject=unix-process[pid=12623, uid=1000, start=23699935]
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5253] auth: call[458]: CheckAuthorization succeeded: (is_authorized=1, is_challenge=0)
Jul 27 13:43:29 myubuntu NetworkManager[856]: <debug> [1469616209.5254] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent [0x2a42510/"Testvpn.CISCO"/"vpn"] MODIFY check result YES
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8492] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent returned secrets for request [0x2a42510/"Testvpn.CISCO"/"vpn"]
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8510] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2957980) secrets returned from agent :1.682
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8512] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2957980) secrets request completed
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8538] settings-connection[0x28ad9f0,ab76ecac-1eab-4b32-86c7-6524528c5f89]: (vpn:0x2957980) saving new secrets to backing storage
Jul 27 13:43:46 myubuntu NetworkManager[856]: <info>  [1469616226.8619] keyfile: update /etc/NetworkManager/system-connections/VPN connection 1 (ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO")
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8644] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: asking service if additional secrets are required
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8721] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: service indicated no additional secrets required
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8743] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: Allowing interactive secrets as all agents have that capability
Jul 27 13:43:46 myubuntu NetworkManager[856]: <info>  [1469616226.8806] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: VPN connection: (ConnectInteractive) reply received
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8815] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: VPN connection: falling back to non-interactive connect
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8866] platform-linux: sysctl: reading '/sys/class/net/vpn0/tun_flags': '0x1801' (changed from '0x1001' on last read)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8867] platform: signal: link   added: 82: vpn0 <NOARP,DOWN;pointopoint,multicast,noarp> mtu 1500 arp 65534 tun* not-init addrgenmode eui64 driver tun
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8870] device[0x2a57e90] (vpn0): constructed (NMDeviceTun)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8870] device[0x2a57e90] (vpn0): start setup of NMDeviceTun, kernel ifindex 82
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8871] platform-linux: error reading /sys/class/net/vpn0/phys_port_id: Failed to read from file '/sys/class/net/vpn0/phys_port_id': Operation not supported
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8872] device[0x2a57e90] (vpn0): unmanaged: flags set to [platform-init,external-down=0x810/0x810/unmanaged/unrealized, set-unmanaged [external-down=0x800])
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8873] device[0x2a57e90] (vpn0): unmanaged: flags set to [platform-init,external-down,!loopback=0x810/0x818/unmanaged/unrealized, set-managed [loopback=0x8])
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8873] device[0x2a57e90] (vpn0): unmanaged: flags set to [platform-init,external-down,!loopback,!user-settings=0x810/0x858/unmanaged/unrealized, set-managed [user-settings=0x40])
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8873] device[0x2a57e90] (vpn0): unmanaged: flags set to [platform-init,external-down,!sleeping,!loopback,!user-settings=0x810/0x859/unmanaged/unrealized, set-managed [sleeping=0x1])
Jul 27 13:43:46 myubuntu NetworkManager[856]: <info>  [1469616226.8884] manager: (vpn0): new Tun device (/org/freedesktop/NetworkManager/Devices/119)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <info>  [1469616226.8889] vpn-connection[0x293b5f0,ab76ecac-1eab-4b32-86c7-6524528c5f89,"Testvpn.CISCO",0]: VPN plugin: state changed: starting (3)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8895] device[0x2a57e90] (vpn0): set IP4Config instance (/org/freedesktop/NetworkManager/IP4Config/85)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8896] dns-mgr: (device_ip4_config_changed): queueing DNS updates (1)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8897] dns-mgr: (device_ip4_config_changed): DNS configuration did not change
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8897] dns-mgr: (device_ip4_config_changed): no DNS changes to commit (0)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8901] device[0x2a57e90] (vpn0): set IP6Config instance (/org/freedesktop/NetworkManager/IP6Config/120)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8902] dns-mgr: (device_ip6_config_changed): queueing DNS updates (1)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8902] dns-mgr: (device_ip6_config_changed): DNS configuration did not change
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8902] dns-mgr: (device_ip6_config_changed): no DNS changes to commit (0)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.8906] device[0x2a57e90] (vpn0): emit RECHECK_ASSUME signal
Jul 27 13:43:46 myubuntu openconnect[6374]: Attempting to connect to server 111.222.333.444:443
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.9011] platform-linux: UDEV event: action 'add' subsys 'net' device 'vpn0' (82); seqnum=4601
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.9013] platform: signal: link changed: 82: vpn0 <NOARP,DOWN;pointopoint,multicast,noarp> mtu 1500 arp 65534 tun* init addrgenmode eui64 driver tun
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.9013] device[0x2a57e90] (vpn0): queued link change for ifindex 82
Jul 27 13:43:46 myubuntu NetworkManager[856]: <info>  [1469616226.9014] devices added (path: /sys/devices/virtual/net/vpn0, iface: vpn0)
Jul 27 13:43:46 myubuntu NetworkManager[856]: <info>  [1469616226.9014] device added (path: /sys/devices/virtual/net/vpn0, iface: vpn0): no ifupdown configuration found.
Jul 27 13:43:46 myubuntu NetworkManager[856]: <debug> [1469616226.9015] device[0x2a57e90] (vpn0): unmanaged: flags set to [external-down,!sleeping,!loopback,!platform-init,!user-settings=0x800/0x859/manageable, set-managed [platform-init=0x10], reason managed)
Jul 27 13:43:47 myubuntu openconnect[6374]: SSL negotiation with 111.222.333.444
Jul 27 13:43:47 myubuntu openconnect[6374]: Server certificate verify failed: signer not found
Jul 27 13:43:47 myubuntu openconnect[6374]: Connected to HTTPS on 111.222.333.444
Jul 27 13:43:48 myubuntu openconnect[6374]: Got CONNECT response: HTTP/1.1 200 OK
Jul 27 13:43:48 myubuntu openconnect[6374]: X-CSTP-Version: 1
Jul 27 13:43:48 myubuntu openconnect[6374]: X-CSTP-Address: 10.120.252.139
Jul 27 13:43:48 myubuntu openconnect[6374]: X-CSTP-Netmask: 255.255.255.0
Jul 27 13:43:48 myubuntu openconnect[6374]: X-CSTP-DNS: 10.120.3.10
Jul 27 13:43:48 myubuntu openconnect[6374]: X-CSTP-DNS: 10.102.3.10
-------------------------SUCCESSFUL ATTEMPT:END----------------------

To me, most suspicious message is "Jul 27 13:26:27 myubuntu NetworkManager[856]: <debug> [1469615187.6804] agent-manager: req[0x28f8ee0, :1.682/org.freedesktop.nm-applet/1000]: agent failed secrets request [0x2a42000/"Testvpn.CISCO"/"vpn"]: Timeout was reached

Who are these agents for secrets?
How cvan I debug them?

Revision history for this message

Tom Carroll (h-thomas-carroll) wrote on 2016-10-19:

#41

increase timeout for waiting on secret input Edit (1.4 KiB, text/plain)

I disagree with the duplicate status.

From my debug logs and the above attached patches, a timeout is expiring.

The key artifact is

NetworkManager[14599]: <debug> [1476879550.3835] agent-manager: req[0xb9f6c0, :1.43/org.freedesktop.nm-applet/1000]: agent failed secrets request [0x7f13f8006270/"My VPN"/"vpn"]: Timeout was reached
NetworkManager[14599]: <debug> [1476879550.3837] settings-connection[0xb528f0,b7ea4f0f-f388-4225-ae66-536753417125]: (vpn:0xbc7180) secrets request error: No agents were available for this request.

The problem arises that the dbus timeout expires waiting for user to input username and password. This happens as the timeout includes the time for cstub to execute. The attached patch, which borrows from NetworkManager 1.4.2, increases the timeout to allow for more time for cstub to execute and the user to provide input.

Revision history for this message

Tom Carroll (h-thomas-carroll) wrote on 2016-10-19:

#42

More information:

dpkg -l network-manager
network-manager 1.2.2-0ubuntu0.16.04.3

lsb_release -a
No LSB modules are available.
Distributor ID: LinuxMint
Description: Linux Mint 18 Sarah
Release: 18
Codename: sarah

Revision history for this message

Tom Carroll (h-thomas-carroll) wrote on 2016-10-19:

#43

Default timeout is 25s, increased to 120s

Ubuntu
network-manager-openconnect package

Regression: openconnect VPN does not work anymore

Bug Description

Other bug subscribers

Patches

Bug attachments

Remote bug watches

Ubuntunetwork-manager-openconnect package

Regression: openconnect VPN does not work anymore

Bug Description

Other bug subscribers

Patches

Bug attachments

Remote bug watches

Ubuntu
network-manager-openconnect package