Re: OpenVpn plugin NeedSecret



[SOLVED]

I've solved the problem. Thanks a lot to Dan for his support.

I've added all secrets into /etc/NetworkManager/system-connection/VPNconn...below the correct structure:

[connection]
id=VPNconn
uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e
type=vpn
autoconnect=FALSE

[ipv4]
method=auto

[vpn]
name=openvpn
service-type=org.freedesktop.NetworkManager.openvpn
connection-type=tls
remote=xxxxxx.xxxx.xxxxxx.it
proto-tcp=no
reneg-seconds=0
port=1194
ca=/etc/openvpn/certs/cacert.crt
cert=/etc/openvpn/certs/xxxxxxxxx.pem
key=/etc/openvpn/certs/xxxxxxxxxx-key.pem
comp-lzo=yes


[ipv6]
method=ignore

Reagards

On Thu, Nov 3, 2011 at 4:43 PM, Dan Williams <dcbw redhat com> wrote:
On Thu, 2011-11-03 at 16:03 +0100, Francesco Andrisani wrote:
> Thanks a lot. But i'm not able to know all parameter to intert into
> my /etc/NetworkManager/system-connections/VPNconnection.
>
> For example keyfile, certficate, ecc
>
> Please can you tell me how to find these informations (all
> parameters)?

At the moment the best way to do this is to edit the connection with
nm-connection-editor; otherwise it's a bit byzantine but the list of
acceptable parameters is here:

http://git.gnome.org/browse/network-manager-openvpn/tree/src/nm-openvpn-service.h

and the values that these keys can contain are in the code, but it's
probably non-trivial to pull them out.  I can see where documenting  the
acceptable values in the header there would be a nice thing to do.
Otherwise, if you have a config file you're importing from that would
work, or I can help you figure out what to use if you can describe your
VPN setup more.  Or nm-connection-editor.

Dan


> Thanks and regards
>
> On Thu, Nov 3, 2011 at 3:51 PM, Dan Williams <dcbw redhat com> wrote:
>         On Thu, 2011-11-03 at 10:26 +0100, Francesco Andrisani wrote:
>         > Anothe DEBUG info:
>         >
>         > debian:/etc/NetworkManager# /usr/libexec/nm-openvpn-service
>         --debug
>         > ** Message: nm-openvpn-service (version 0.9.0) starting...
>         > ** Message: real_need_secrets: connection
>         > -------------------------------------
>         > connection
>         >     name : "connection"
>         >     id : "VPNconnection" (s)
>         >     uuid : "355653c0-34d3-4777-ad25-f9a498b7ef8e" (s)
>         >     type : "vpn" (s)
>         >     permissions : [] (sd)
>         >     autoconnect : FALSE (s)
>         >     timestamp : 0 (sd)
>         >     read-only : FALSE (sd)
>         >
>         >
>         > ipv4
>         >     name : "ipv4"
>         >     method : "auto" (s)
>         >     dns : [] (s)
>         >     dns-search : [] (sd)
>         >     addresses : [] (s)
>         >     routes : [] (s)
>         >     ignore-auto-routes : FALSE (sd)
>         >     ignore-auto-dns : FALSE (sd)
>         >     dhcp-client-id : NULL (sd)
>         >     dhcp-send-hostname : TRUE (sd)
>         >     dhcp-hostname : NULL (sd)
>         >     never-default : FALSE (sd)
>         >     may-fail : FALSE (sd)
>         >
>         >
>         > ipv6
>         >     name : "ipv6"
>         >     method : "ignore" (s)
>         >     dns : [] (s)
>         >     dns-search : [] (sd)
>         >     addresses : [] (s)
>         >     routes : [] (s)
>         >     ignore-auto-routes : FALSE (sd)
>         >     ignore-auto-dns : FALSE (sd)
>         >     never-default : FALSE (sd)
>         >     may-fail : TRUE (sd)
>         >
>         >
>         > vpn
>         >     name : "vpn"
>         >     service-type :
>         "org.freedesktop.NetworkManager.openvpn" (s)
>         >     user-name : NULL (sd)
>         >     data : [ { 'name': openvpn }, ] (s)
>         >     secrets : [ ] (s)
>
>
>         So here's the problem; the [vpn] setting isn't completely
>         specified.
>         Did you import this connection from an openvpn config file?
>          Unless this
>         was changed at some point (or there's a bug in the editor)
>         this
>         connection was never valid since it doesn't have the required
>         connection
>         type field and a few other things.  Here's what it *should*
>         look like:
>
>         [vpn]
>         service-type=org.freedesktop.NetworkManager.openvpn
>         connection-type=password
>         password-flags=3
>         remote=ovpn.mycompany.com
>         cipher=AES-256-CBC
>         proto-tcp=yes
>         reneg-seconds=0
>         port=443
>         username=dcbw
>         ca=/home/dcbw/MyCA.pem
>
>         or something along those lines.  If you imported it from a
>         config file,
>         can you try doing that again?  If it still looks like this,
>         can you send
>         me the config file so I can see what's going wrong?
>
>         Dan
>
>         > Regards
>         >
>         >
>         > On Thu, Nov 3, 2011 at 10:12 AM, Francesco Andrisani
>         > <francesco andrisani acotel com> wrote:
>         >         OK.
>         >
>         >         So i've installed openvpn client on my workstation
>         with
>         >         certificate authentication and...it work fine.
>         >         About NetworkManager-openvpn i've installed (from
>         sources)
>         >         0.9.0 version, the same of NetworkManager (it also
>         installed
>         >         from sources).
>         >
>         >         A clarification...i use the system without X server
>         (no gnome,
>         >         no kde).
>         >         Below my NetworkManager and NetworkManager-openvpn
>         >         configuration files.
>         >
>         >         debian:/etc/NetworkManager# cat
>         >         system-connections/VPNconnection
>         >         [connection]
>         >         id=VPNconnection
>         >         uuid=355653c0-34d3-4777-ad25-f9a498b7ef8e
>         >         type=vpn
>         >         autoconnect=FALSE
>         >
>         >         [ipv4]
>         >         method=auto
>         >
>         >         [vpn]
>         >         name=openvpn
>         >         service-type=org.freedesktop.NetworkManager.openvpn
>         >
>         >         [ipv6]
>         >         method=ignore
>         >
>         >         I've no secrets specified here, Is it correct? I've
>         no
>         >         password for start opevpn client manually. Only
>         certificate
>         >         authentication.
>         >
>         >         debian:/etc/NetworkManager# cat
>         VPN/nm-openvpn-service.name
>         >         [VPN Connection]
>         >         name=openvpn
>         >         service=org.freedesktop.NetworkManager.openvpn
>         >         program=/usr/libexec/nm-openvpn-service
>         >
>         >         Regards
>         >
>         >
>         >
>         >         On Thu, Nov 3, 2011 at 2:25 AM, Dan Williams
>         <dcbw redhat com>
>         >         wrote:
>         >                 On Wed, 2011-11-02 at 10:21 +0100, Francesco
>         Andrisani
>         >                 wrote:
>         >                 >
>         (355653c0-34d3-4777-ad25-f9a498b7ef8e/VPNconnection)
>         >                 plugin
>         >                 > NeedSecrets
>         >                 > request #1 failed: dbus-glib-error-quark
>         Invalid
>         >                 connection type.
>         >
>         >
>         >                 This part is the problem.  Any chance you
>         could paste
>         >                 in your vpn
>         >                 connection file
>         >                 from /etc/NetworkManager/system-connections
>         for us to
>         >                 look at?  Remove any passwords and XXXX out
>         any
>         >                 sensitive information
>         >                 before doing so.
>         >
>         >                 Any idea what version of
>         NetworkManager-openvpn you've
>         >                 got installed?
>         >
>         >                 Dan
>         >
>         >
>         >
>         >
>         >
>         >
>         >         --
>         >         ____________________________________________________
>         >         Francesco Andrisani
>         >         mailto:francesco andrisani acotel com
>         >         Acotel Spa
>         >         http://www.acotel.com
>         >         Via della Valle dei Fontanili, 29
>         >         00168 Roma
>         >         Tel +390661141200
>         >         Fax +39066149936
>         >         ____________________________________________________
>         >
>         >
>         >           Le informazioni contenute nella comunicazione che
>         precede
>         >              possono essere riservate e sono, comunque,
>         destinate
>         >            esclusivamente alla persona o all’ente
>         sopraindicati. La
>         >          diffusione, distribuzione e/o copiatura non
>         autorizzata del
>         >         documento trasmesso da parte di qualsiasi soggetto è
>         proibita.
>         >              La sicurezza e la correttezza dei messaggi di
>         posta
>         >          elettronica non possono essere garantite. Se avete
>         ricevuto
>         >            questo messaggio per errore, Vi preghiamo di
>         contattarci
>         >                            immediatamente. Grazie.
>         >
>         >            This message is for the named person's use only.
>         It may
>         >            contain confidential, proprietary or legally
>         privileged
>         >         information. No confidentiality or privilege is
>         waived or lost
>         >           by any transmission. If you receive this message
>         in error,
>         >          please immediately delete it and all copies of it
>         from your
>         >          system, destroy any hard copies of it and notify
>         the sender.
>         >              You must not, directly or indirectly, use,
>         disclose,
>         >         distribute, print, or copy any part of this message
>         if you are
>         >                       not the intended recipient. Thanks
>         >
>         >
>         >
>         >
>         >
>         >
>         > --
>         > ____________________________________________________
>         > Francesco Andrisani
>         > mailto:francesco andrisani acotel com
>         > Acotel Spa
>         > http://www.acotel.com
>         > Via della Valle dei Fontanili, 29
>         > 00168 Roma
>         > Tel +390661141200
>         > Fax +39066149936
>         > ____________________________________________________
>         >
>         >
>         >   Le informazioni contenute nella comunicazione che precede
>         possono
>         >    essere riservate e sono, comunque, destinate
>         esclusivamente alla
>         >   persona o all’ente sopraindicati. La diffusione,
>         distribuzione e/o
>         >     copiatura non autorizzata del documento trasmesso da
>         parte di
>         >    qualsiasi soggetto è proibita. La sicurezza e la
>         correttezza dei
>         >  messaggi di posta elettronica non possono essere garantite.
>         Se avete
>         >   ricevuto questo messaggio per errore, Vi preghiamo di
>         contattarci
>         >                        immediatamente. Grazie.
>         >
>         >    This message is for the named person's use only. It may
>         contain
>         >    confidential, proprietary or legally privileged
>         information. No
>         > confidentiality or privilege is waived or lost by any
>         transmission. If
>         >  you receive this message in error, please immediately
>         delete it and
>         >  all copies of it from your system, destroy any hard copies
>         of it and
>         >     notify the sender. You must not, directly or indirectly,
>         use,
>         >  disclose, distribute, print, or copy any part of this
>         message if you
>         >                 are not the intended recipient. Thanks
>         >
>         >
>
>
>
>
>
>
> --
> ____________________________________________________
> Francesco Andrisani
> mailto:francesco andrisani acotel com
> Acotel Spa
> http://www.acotel.com
> Via della Valle dei Fontanili, 29
> 00168 Roma
> Tel +390661141200
> Fax +39066149936
> ____________________________________________________
>
>
>   Le informazioni contenute nella comunicazione che precede possono
>    essere riservate e sono, comunque, destinate esclusivamente alla
>   persona o all’ente sopraindicati. La diffusione, distribuzione e/o
>     copiatura non autorizzata del documento trasmesso da parte di
>    qualsiasi soggetto è proibita. La sicurezza e la correttezza dei
>  messaggi di posta elettronica non possono essere garantite. Se avete
>   ricevuto questo messaggio per errore, Vi preghiamo di contattarci
>                        immediatamente. Grazie.
>
>    This message is for the named person's use only. It may contain
>    confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any transmission. If
>  you receive this message in error, please immediately delete it and
>  all copies of it from your system, destroy any hard copies of it and
>     notify the sender. You must not, directly or indirectly, use,
>  disclose, distribute, print, or copy any part of this message if you
>                 are not the intended recipient. Thanks
>
>





--
____________________________________________________
Francesco Andrisani
mailto:francesco andrisani acotel com
Acotel Spa
http://www.acotel.com
Via della Valle dei Fontanili, 29
00168 Roma
Tel +390661141200
Fax +39066149936
____________________________________________________

Le informazioni contenute nella comunicazione che precede possono essere riservate e sono, comunque, destinate esclusivamente alla persona o all’ente sopraindicati. La diffusione, distribuzione e/o copiatura non autorizzata del documento trasmesso da parte di qualsiasi soggetto è proibita. La sicurezza e la correttezza dei messaggi di posta elettronica non possono essere garantite. Se avete ricevuto questo messaggio per errore, Vi preghiamo di contattarci immediatamente. Grazie.

This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any transmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Thanks




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]