FS#74555 - [networkmanager-fortisslvpn] GUI/applet not working (CLI ok!)

Attached to Project: Community Packages
Opened by Emil Vatai (vatai) - Monday, 25 April 2022, 08:58 GMT
Last edited by Toolybird (Toolybird) - Monday, 08 May 2023, 21:41 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Maxime Gauduin (Alucryd)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:

I can use `openfortivpn` from the command-line, but it fails from NetworkManager GUI.

The logs show:

4月 25 17:45:44 silencio NetworkManager[196010]: <info> [1650876344.3705] vpn[0x5634fe8ec610,640e1d3e-6acf-483a-a8d6-5fbcead4b78a,"RIKEN-RCCS"]: starting fortisslvpn
4月 25 17:45:44 silencio NetworkManager[196010]: <info> [1650876344.3707] audit: op="connection-activate" uuid="640e1d3e-6acf-483a-a8d6-5fbcead4b78a" name="RIKEN-RCCS" pid=187028 uid=1000 result="success"
4月 25 17:45:44 silencio NetworkManager[197152]: INFO: Connected to gateway.
4月 25 17:45:44 silencio NetworkManager[197152]: ERROR: Could not authenticate to gateway. Please check the password, client certificate, etc.
4月 25 17:45:44 silencio NetworkManager[197152]: INFO: Closed connection to gateway.
4月 25 17:45:44 silencio NetworkManager[197152]: INFO: Logged out.
4月 25 17:45:44 silencio NetworkManager[196010]: <warn> [1650876344.6741] vpn[0x5634fe8ec610,640e1d3e-6acf-483a-a8d6-5fbcead4b78a,"RIKEN-RCCS"]: dbus: failure: connect-failed (1)
4月 25 17:45:44 silencio NetworkManager[196010]: <warn> [1650876344.6741] vpn[0x5634fe8ec610,640e1d3e-6acf-483a-a8d6-5fbcead4b78a,"RIKEN-RCCS"]: dbus: failure: connect-failed (1)


Additional info:

* package version(s)

$ pacman -Q networkmanager-fortisslvpn
networkmanager-fortisslvpn 1.4.0-2

$ openfortivpn --version
1.12.0
# from git@github.com:jdomke/openfortivpn.git

* config and/or log files etc.

I need:
1. host:port,
2. username,
3. password,
4. User certificate,
5. User private key
6. Trusted certificate

* link to upstream bug report, if any

Steps to reproduce:

Set the above 6 items and try to connect which fails with the above log message showing in journalctl, try the same with openfortivpn from the command line (with equivalent CLI options) and it runs.
This task depends upon

Closed by  Toolybird (Toolybird)
Monday, 08 May 2023, 21:41 GMT
Reason for closing:  No response
Comment by Emil Vatai (vatai) - Monday, 25 April 2022, 09:02 GMT
Forgot to add that: it seems fishy that some of the settings don't save properly. The user cert/user priv key, don't seem to be set, the "One time password" switch always appears turned ON (i.e. I change these settings click Apply, when I re open the dialog to check, all 3 of these settings are back the state before they were modified).
Comment by Emil Vatai (vatai) - Monday, 25 April 2022, 09:42 GMT
Double checked with a colleague. It seems the the "User certificate" and "User private key" fields are not being saved (i.e. on other, working systems, the values stay after clicking the Apply button). But for me, these values are not being saved.
Comment by Emil Vatai (vatai) - Monday, 25 April 2022, 10:06 GMT
Further investigation: After downgrading to networkmanager-fortisslvpn-1.4.0-1-x86_64.pkg.tar.zst it works again! So something seems to be broken in this package!

It seems the borked 1.4.0-2 (gtk4) version for some reason doesn't save cert and key in [vpn] section of /etc/NetworkManager/system-connections/*.nmconnection files.
Comment by Maxime Gauduin (Alucryd) - Monday, 31 October 2022, 14:34 GMT
Sounds like an upstream issue, we don't patch the source in any way. Did you try reporting it upstream?

Loading...