NetworkManager-openconnect Question...
- From: Sean <smalder73 gmail com>
- To: networkmanager-list gnome org
- Subject: NetworkManager-openconnect Question...
- Date: Mon, 17 Oct 2016 11:28:23 -0400
Hi,
Can anyone on the list tell me what the minimum version of NetworkManager-openconnect that is require to support PCKS#11 URLs in a VPN settings config file?
We're running EL7 systems (CentOS, Scientific, and some RHEL) with NetworkManager v1.0.6-31 and NetworkManager-openconnect v0.9.8.6 and when attempting to setup usercert and userkey fields with a PKCS#11 SmartCard URL, as produced from p11tool, NetworkManager's gui throws an unable to open key/certificate file error.
/etc/NetworkManager/system-connections/VPN looks something like:
[connection]
id=VPN
uuid=43297f31-e438-491e-80c0-3127a13ea176
type=vpn
autoconnect=false
permissions=user:<my username>:;
secondaries=
[vpn]
enable_csd_trojan=no
xmlconfig-flags=0
pem_passphrase_fsid=no
gwcert-flags=2
gateway-flags=2
autoconnect-flags=0
lasthost-flags=0
usercert="pkcs11:model=X;manufacturer=Y;serial=Z;id=%00%02;object-type=cert"
userkey="pkcs11:model=X;manufacturer=Y;serial=Z;id=%00%02;object-type=private"
stoken_source=disabled
certsigs-flags=0
cookie-flags=2
authtype=cert
service-type=org.freedesktop.NetworkManager.openconnect
[ipv4]
dns-search=
method=auto
[ipv6]
dns-search=
method=auto
Also, using openconnect alone from the command prompt does successfully connect to the vpn using the same PKCS#11 URLs.
If I need more recent versions of these, does anyone have any ideas on whether doing so is a manageable process on a EL 7 system? ... and by that I'm really asking is EL7 just too old to support what we're trying to do from the Gnome NetworkManager interface.
Thanks a bunch for reading and any assistance!
--Sean
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
