Re: vpnc can't connect now

[Dan Williams <dcbw redhat com>]

On Tue, 2008-05-20 at 17:50 -0500, Brian Millett wrote:
> Dan Williams escribío:
> > On Tue, 2008-05-20 at 16:04 -0500, Brian Millett wrote:
> >> I'm running fedora 8 with the following packages:
> >>
> >> NetworkManager-devel-0.7.0-0.6.7.svn3370.fc8
> >> NetworkManager-vpnc-0.7.0-0.6.3.svn3109.fc8
> >> NetworkManager-glib-0.7.0-0.6.7.svn3370.fc8
> >> NetworkManager-gnome-0.7.0-0.6.7.svn3370.fc8
> >> NetworkManager-openvpn-0.7.0-8.svn3302.fc8
> >> NetworkManager-glib-devel-0.7.0-0.6.7.svn3370.fc8
> >> NetworkManager-0.7.0-0.6.7.svn3370.fc8
> > 
> > There are some updates that are about to hit f8-updates-testing that may
> > help you out here.  Except of course if your upstream authentication
> > method changes, which you have just found out.
> > 
> > I thought that the Fedora vpnc packages supported not saving the
> > passwords to the keyring, which would have the dialog come up for every
> > connect.  That would allow you to enter your OTP token in each time.
> > Maybe run gnome-keyring-manager and remove the VPN-related passwords
> > from your keyrings?
> 
> 
> Thanks Dan,
>    Sometimes, for some reason I do not understand, the rsa authentication needs to resync 
> tokens so it asks for a second token.

Hmm; that probably means that vpnc terminates, since we don't handle
interactive authentication with vpnc yet, unfortunately.  Maybe we need
to run vpnc in interactive mode and screenscrape stdin or something,
though that's really, really ugly.  Another alternative is a patch to
vpnc to give it some D-Bus capability to ask for secrets when it needs
them.

> Also the NetworkManager-vpnc seems to cache the password for a while.  If I try to 

It'll probably cache it for the duration of the connection, and the
applet may cache it after that, not sure.  If the keyring is unlocked,
you probably won't get asked again if the password gets stored there.

> reconnect, it just tries to connect, but the password is a time sensitive rsa token.  I 
> have to edit the vpn connection, just hit apply, then try to connect.  It prompts me for 
> the password then.  I do have selected only "keep group password on keyring".

Yeah, it's clear we need to do some work on the vpnc plugin to make sure
that when you don't want to save the password, it doesn't get saved, and
that it asks you every time after that.

This is the _group_ password, right?  Or is it your user password that's
tokenized?

Dan

> Thanks.  Can't wait for the updates.
> 
> >> This morning I was able to connect just fine to a system via the vpn, but now I get the 
> >> following:
> >>
> >> May 20 16:00:02 dufus NetworkManager: connection_updated_cb: assertion `old_connection != 
> >> NULL' failed
> >> May 20 16:00:11 dufus NetworkManager:last message repeated 5 times
> >> May 20 16:00:11 dufus NetworkManager: <info>  VPN service 
> >> 'org.freedesktop.NetworkManager.vpnc' exec scheduled...
> >> May 20 16:00:11 dufus NetworkManager: <info>  VPN service 
> >> 'org.freedesktop.NetworkManager.vpnc' executed (org.freedesktop.NetworkManager.vpnc), PID 6528
> >> May 20 16:00:11 dufus NetworkManager: <info>  VPN service 
> >> 'org.freedesktop.NetworkManager.vpnc' just appeared, activating connections
> >> May 20 16:00:21 dufus NetworkManager: <info>  VPN connection 'fni-stl' (Connect) reply 
> >> received.
> >> May 20 16:00:21 dufus NetworkManager: <WARN>  connection_state_changed(): Could not 
> >> process the request because no VPN connection was active.
> >>
> >>
> >> Googling shows that I need to upgrade to what is in rawhide, but can't do that.  Too many 
> >> other packages come along.
> >>
> >> Any ideads?
> >>
> >> Thanks.
> >> _______________________________________________
> >> NetworkManager-list mailing list
> >> NetworkManager-list gnome org
> >> http://mail.gnome.org/mailman/listinfo/networkmanager-list
> > 
> 
>