Re: NM-vpn no vpn secrets

[Dan Williams <dcbw redhat com>]

On Thu, 2009-12-03 at 12:34 +0100, Alexander Sack wrote:
> On Wed, Dec 02, 2009 at 07:17:46PM -0500, Neal Becker wrote:
> > On Wednesday 02 December 2009, Dan Williams wrote:
> > > What appears to be the issue here is that you haven't set any secrets in
> > > the connection editor the VPN.  That means passwords, shared keys, etc.
> > > Or that the secrets didn't pass validation.  When you open the
> > > connection editor, are your passwords still there?  If you're not
> > > entering any, are you asked for a password when you connect?
> > > 
> > > Dan
> > > 
> > 
> > I entered the certificates.  Same as I use to start openvpn manually.  No 
> > password is needed, and none is entered into 'Private key password' field (if 
> > that's what you mean).
> > 
> > I don't know if it's a permission issue.  The private key can only be read as 
> > root (but of course, that's normal).
> 
> I remember that there was a bug about not being able to configure VPNs
> that have no password. maybe thats the case here? Maybe just an overly
> strict settings verify?

NetworkManager in general does not support unencrypted private keys
because these configurations are not secure.  You'll want to encrypt
your private key using openssl and provide a private key password.  Your
private key password is stored securely in the keyring.

I've recently added some UI to nm-applet/nm-connection-editor that warn
you if the private key is not encrypted, and we should probably add that
same UI to nm-openvpn.  In any case, nm-openvpn should not enable the
Apply button unless a private key is entered, which doesn't seem to be
the case.  I'll fix that.

Dan