Ubuntu
network-manager-openvpn package

Can not use or configure VPN via NM GUI on XFC/Xubuntu

Bug #794918 reported by Andreas Siegert
34
This bug affects 6 people
Affects Status Importance Assigned to Milestone
network-manager-openvpn (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: network-manager-openvpn

When I try to import a VPN connection from an openvpn file that works on the commandline, the definitions load just fine, but I can not save it unless I enter the password for the key. Quite ridiculus, why should I need to save the password?

If I manually enter a VPN definition I can save the configuration without entering the password but trying to start it I get an error message about not being able to get the credentials (I would have expected a password prompt).

In syslog I find:
Jun 9 09:46:59 cray NetworkManager[1002]: <info> Starting VPN service 'openvpn'...
Jun 9 09:46:59 cray NetworkManager[1002]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 5677
Jun 9 09:46:59 cray NetworkManager[1002]: <info> VPN service 'openvpn' appeared; activating connections
Jun 9 09:46:59 cray NetworkManager[1002]: <error> [1307605619.833808] [nm-vpn-connection.c:833] connection_need_secrets_cb(): NeedSecrets failed: dbus-glib-error-quark Rejected send message, 1 matched rules; type="method_call", sender=":1.2" (uid=0 pid=1002 comm="NetworkManager ") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openvpn" (uid=0 pid=5677 comm="/usr/lib/network-manager-openvpn/nm-openvpn-servic"))
Jun 9 09:46:59 cray NetworkManager[1002]: <warn> error disconnecting VPN: Rejected send message, 1 matched rules; type="method_call", sender=":1.2" (uid=0 pid=1002 comm="NetworkManager ") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openvpn" (uid=0 pid=5677 comm="/usr/lib/network-manager-openvpn/nm-openvpn-servic"))

This all used to work fine before. That behaviour started to show up in Ubuntu 64bit 10.10 with XFCE and is still present in Xubuntu 11.4 (32bit).

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: network-manager-openvpn 0.8.1+git.20100810t173015.1711d04-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic-pae 2.6.38.2
Uname: Linux 2.6.38-8-generic-pae i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Thu Jun 9 10:41:59 2011
InstallationMedia: Xubuntu 11.04 "Natty Narwhal" - Release i386 (20110426.1)
SourcePackage: network-manager-openvpn
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Andreas Siegert (afx) wrote :
Revision history for this message
Iustinian T. (iustinian) wrote :

I can confirm the same bug, Even if you try to save the password the next time you open the VPN connection the passwrod is not there. Also you cannot find the password in the keyring.

Revision history for this message
Iustinian T. (iustinian) wrote :

Not sure if it is related to NM, openvpn or even dbus.

Revision history for this message
arjanw (arjan-waardenburg) wrote :

Looks like it is related to dbus configuration for the various network-manager plugins.

It seems the at_console config is missing :
working /etc/dbus-1/system.d/nm-openvpn-service.conf

<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
 <policy user="root">
  <allow own="org.freedesktop.NetworkManager.openvpn"/>
  <allow send_destination="org.freedesktop.NetworkManager.openvpn"/>
 </policy>
<policy user="at_console">
<allow own="org.freedesktop.NetworkManager.openvpn"/>
<allow send_destination="org.freedesktop.NetworkManager.openvpn"/>
</policy>
 <policy context="default">
  <deny own="org.freedesktop.NetworkManager.openvpn"/>
  <deny send_destination="org.freedesktop.NetworkManager.openvpn"/>
 </policy>
</busconfig>

Revision history for this message
Matthias Niess (mniess) wrote :

This Bug has been there for quite some releases and is also present in networkmanager under Gnome (Unity). Comment #4 fixes the problem.

Launchpad Janitor (janitor)
Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
Revision history for this message
Christer Barreholm (christer.holmer) wrote :

Had the same problem running fresh install of 11.04 Unity. Added at_console policy, which solved it for me. Can connect to OpenVPN.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

This config is just plain wrong. The fact that such a workaround fixes things has nothing to do with the actual problem, so please don't break your system by applying such suggestions.

In most cases, simply *rebooting* after installing a VPN plugin will fix this; if not, then you really should add more information as to what exactly happens *as* the connection is being imported; without even activating it before adding the info to this bug report. Ideally this would be done by starting nm-connection-editor from the command-line so as to get all the messages from .xsession-errors.

Also, all the issues here should be fixed in Oneiric soon (preparing an upload that includes secrets fixes); there is a slight difference in how passwords are saved in the keyring which should allow you to choose whether to save them immediately in the config, get asked every time, or just "not needed".

Revision history for this message
Tiger!P (ubuntu-tigerp) wrote :

Hello,

I'm using precise and also have the problem when connecting via ssh to the system, I can't bring the VPN up.

elyas:~$ nmcli con status id Capitar-VPN
Error: 'Capitar-VPN' is not an active connection.
elyas:~$ nmcli con up id Capitar-VPN
Error: Connection activation failed: Not authorized to control networking.
elyas:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.3 LTS
Release: 12.04
Codename: precise
elyas:~$

Also I'm unable to edit the VPN settings when I run nm-connection-editor via the ssh link.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.