Re: NM-vpn no vpn secrets



I confirm this issue.

However in my sometimes NM connects to the vpn (openvpn) without problems and sometimes is doesn't. This does not depend on the openvpn server as other machines work fine,as well a previous version of nm-applet.

I my case I have a CA cert, a certificate and a key cert (which does not need a password).

It may be a problem with the state machine of the networkwork manager?


--
Ferry Toth

-----Oorspronkelijke bericht-----
Van: Dan Williams <dcbw redhat com>
Aan: Alexander Sack <asac ubuntu com>
Cc: Neal Becker <ndbecker2 gmail com>, networkmanager-list gnome org
Onderwerp: Re: NM-vpn no vpn secrets
Datum: Fri, 04 Dec 2009 12:24:13 -0800
Nieuwsgroepen: gmane.linux.network.networkmanager.devel

On Thu, 2009-12-03 at 12:34 +0100, Alexander Sack wrote:
> On Wed, Dec 02, 2009 at 07:17:46PM -0500, Neal Becker wrote:
> > On Wednesday 02 December 2009, Dan Williams wrote:
> > > What appears to be the issue here is that you haven't set any secrets in
> > > the connection editor the VPN.  That means passwords, shared keys, etc.
> > > Or that the secrets didn't pass validation.  When you open the
> > > connection editor, are your passwords still there?  If you're not
> > > entering any, are you asked for a password when you connect?
> > > 
> > > Dan
> > > 
> > 
> > I entered the certificates.  Same as I use to start openvpn manually.  No 
> > password is needed, and none is entered into 'Private key password' field (if 
> > that's what you mean).
> > 
> > I don't know if it's a permission issue.  The private key can only be read as 
> > root (but of course, that's normal).
> 
> I remember that there was a bug about not being able to configure VPNs
> that have no password. maybe thats the case here? Maybe just an overly
> strict settings verify?

NetworkManager in general does not support unencrypted private keys
because these configurations are not secure.  You'll want to encrypt
your private key using openssl and provide a private key password.  Your
private key password is stored securely in the keyring.

I've recently added some UI to nm-applet/nm-connection-editor that warn
you if the private key is not encrypted, and we should probably add that
same UI to nm-openvpn.  In any case, nm-openvpn should not enable the
Apply button unless a private key is entered, which doesn't seem to be
the case.  I'll fix that.

Dan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]