- Package:
- network-manager-openvpn
- Source:
- network-manager-openvpn
- Description:
- network management framework (OpenVPN plugin core)
- Submitter:
- Date:
- 2015-04-27 16:09:04 UTC
- Severity:
- important
The content of /etc/dbus-1/system.d/nm-openvpn-service.conf as provided does not appear sufficient to allow the openvpn functionality in network manager to work in a useful way. Adding an 'at_console' policy seems to fix things for me: --- nm-openvpn-service.conf.orig 2011-05-09 09:47:31.484513417 -0600 +++ nm-openvpn-service.conf 2011-05-09 09:53:55.314350004 -0600 @@ -6,6 +6,10 @@ <allow own="org.freedesktop.NetworkManager.openvpn"/> <allow send_destination="org.freedesktop.NetworkManager.openvpn"/> </policy> + <policy user="at_console"> + <allow own="org.freedesktop.NetworkManager.openvpn"/> + <allow send_destination="org.freedesktop.NetworkManager.openvpn"/> + </policy> <policy context="default"> <deny own="org.freedesktop.NetworkManager.openvpn"/> <deny send_destination="org.freedesktop.NetworkManager.openvpn"/> Could this be fixed in the default configuration, please? Bdale
Hi Am 09.05.2011 18:28, schrieb Bdale Garbee: Could you elaborate on that, please. What is your setup, what is the error message. See [1] for debugging tips. Adding an 'at_console' policy seems to fix things for me: This opens a security hole, so I'd rather not do that and first try to understand what your actual problem is. Only root should be able to own that bus name. Michael [1] http://live.gnome.org/NetworkManager/Debugging
employer. This means I'm filling in a username but no password in the configuration dialog and expect to be prompted for an OTP on connection establishment. With the provided nm-openvpn-service.conf content, an attempt to establish a VPN connection does not result in the expected password entry dialog box. In fact, there is no visible activity on the desktop at all. However, the following shows up in syslog: May 9 09:22:14 rover NetworkManager[3149]: <info> Starting VPN service 'openvpn'... May 9 09:22:14 rover NetworkManager[3149]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 17457 May 9 09:22:14 rover NetworkManager[3149]: <info> VPN service 'openvpn' appeared; activating connections May 9 09:22:14 rover NetworkManager[3149]: <error> [1304954534.441698] [nm-vpn-connection.c:819] connection_need_secrets_cb(): NeedSecrets failed: dbus-glib-error-quar k Rejected send message, 1 matched rules; type="method_call", sender=":1.3" (uid=0 pid=3149 comm="/usr/sbin/NetworkManager ") interface="org.freedesktop.NetworkManager. VPN.Plugin" member="NeedSecrets" error name="(unset)" requested_reply=0 destination="org.freedesktop.NetworkManager.openvpn" (uid=0 pid=17457 comm="/usr/lib/NetworkMana ger/nm-openvpn-service ")) May 9 09:22:14 rover NetworkManager[3149]: <warn> error disconnecting VPN: Rejected send message, 1 matched rules; type="method_call", sender=":1.3" (uid=0 pid=3149 co mm="/usr/sbin/NetworkManager ") interface="org.freedesktop.NetworkManager.VPN.Plugin" member="Disconnect" error name="(unset)" requested_reply=0 destination="org.freede sktop.NetworkManager.openvpn" (uid=0 pid=17457 comm="/usr/lib/NetworkManager/nm-openvpn-service ")) Chasing the symptoms, I found a post by an Ubuntu user with the same problem who worked around it with the at_console policy addition that I included. With that, things work as expected. If there's a better fix, I'd be happy to know it. Bdale
Am 09.05.2011 19:15, schrieb Bdale Garbee: trying connect to the OpenVPN server? Do you have a /var/run/console/root state file? Does it help if you close all root sessions, ie there is no more /var/run/console/root Michael
I do not. No. Bdale
Am 09.05.2011 19:57, schrieb Bdale Garbee: Ok, then I'll need to setup a test system to debug this further. Thanks for the input so far, Michael
My pleasure. And of course I'll be happy to try things for you if/when that would be useful. Bdale
Hi, Just to be sure, is that stable or wheezy/sid? Do you have anything in the syslog? The dbus messages might be a red herring and your problems are somewhere else, [1] has some debugging tips. What desktop environment do you use? What does ck-list-sessions say. I've CCed #626180, so we this conversation archived. Michael [1] https://live.gnome.org/NetworkManager/Debugging/
Hello I'm in a situation similar to Bdale (albeit in May...). I'd like to use NetworkManager to setup openvpn with my company's network. Thing is, I cannot reproduce Bdale's issue: when setting up VPN, I can see the popup window asking me for a password after I ask for a new VPN connection through the GUI (and KDE) Unfortunately, the connection authentication fails, but that's another problem. HTH
Hello I've resolved the certificate problem that plagued me. I can now confirm that network-manager + OpenVPN is working fine on Debian/sid *without* the work- around provided by Bdale. All the best
Hi Bdale, Do you still encounter this problem with an up-to-date sid system? What's the output of "ck-list-sessions" when that problem happens? Michael
Hi Bdale, I'm going through some old bug reports and notice we got stuck here somehow. Can you install the latest version from jessie and test if that version works for you now?