On Mon, 2016-04-04 at 22:09 -0400, Michael Welsh Duggan wrote:
I'm having some difficulties using network-manager-openconnect. If I use openconnect directly: openconnect -c cert.pfx --authgroup=[GROUP] --no-xmlpost [SERVER] everything works just fine. When I use network-manager I get the following: Server requested SSL client certificate after one was provided Certificate Validation Failure This used to work (many months ago). I don't know whether an update of nm was why things changed, or if it was a change of the VPN server at work. I am using network-manager and network-manager-openconnect from Debian unstable: network-manager 0.9.10.0-1 network-manager-openconnect 0.9.8.6-1 I'm happy to provide more debugging information if someone would tell me what to provide.
Hi, When nm-openconnect starts openconnect binary, it runs as a different user. Make sure that that user is able to access the certificate. For example, if you have SELinux enabled, it needs proper labels. Usually that means, the certificate should be in ~user/.certs directory. Try with SELinux permissive mode or search for audit warnings. Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part