#977842 network-manager-openconnect: Fails to save password in my VPN account

Package:
network-manager-openconnect
Source:
network-manager-openconnect
Description:
network management framework (OpenConnect plugin core)
Submitter:
Pavlos Ponos
Date:
2020-12-28 08:39:03 UTC
Severity:
normal
#977842#5
Date:
2020-12-21 19:00:09 UTC
From:
To:
Hello,

This is something that used to work, but since last week it doesn't anymore.

Some months ago I created a VPN connection using the 'Cisco Anyconnect' option. When I setup the connection I chose to store
the username and password. This worked perfectly find until last week. Since then, every time I enable the VPN connection I have
to type the password, despite the fact that the 'save passwords' option is enabled.

If this is a 'network-manager-openconnect' issue, feel free to tag it differently.

Thanks for checking.
Pavlos

#977842#10
Date:
2020-12-21 19:49:44 UTC
From:
To:
reassign 977842 network-manager-openconnect
retitle 977842 network-manager-openconnect: Fails to save password in my VPN account
thanks

I've reassigned to nm-openconnect for now. If you use nm-openconnect-gnome, it may be their issue instead. A couple questions:

1. If you look at /etc/NetworkManager/system-connections/[your VPN].nmconnection (as root), you should see a section labeled [vpn-secrets]. Is there a line that sets save_passwords to yes?
2. Can you take some debug logs from NetworkManager/syslog while attempting to connect? Here's how: https://wiki.gnome.org/Projects/NetworkManager/Debugging#Other_NetworkManager_Debugging ; feel free to redact credentials etc.


Thanks,
Josh


On Mon, 21 Dec 2020 21:00:09 +0200 Pavlos Ponos <pavlos.ponos@gmail.com> wrote:

 > Package: openconnect
 > Version: 8.10-1
 > Severity: normal
 > X-Debbugs-Cc: pavlos.ponos@gmail.com
 >
 > Hello,
 >
 > This is something that used to work, but since last week it doesn't anymore.
 >
 > Some months ago I created a VPN connection using the 'Cisco Anyconnect' option. When I setup the connection I chose to store
 > the username and password. This worked perfectly find until last week. Since then, every time I enable the VPN connection I have
 > to type the password, despite the fact that the 'save passwords' option is enabled.
 >
 > If this is a 'network-manager-openconnect' issue, feel free to tag it differently.
 >
 > Thanks for checking.
 > Pavlos
 >
 >
 > -- System Information:
 > Debian Release: bullseye/sid
 > APT prefers testing
 > APT policy: (500, 'testing')
 > Architecture: amd64 (x86_64)
 >
 > Kernel: Linux 5.9.0-4-amd64 (SMP w/2 CPU threads)
 > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
 > Shell: /bin/sh linked to /usr/bin/dash
 > Init: systemd (via /run/systemd/system)
 > LSM: AppArmor: enabled
 >
 > Versions of packages openconnect depends on:
 > ii libc6 2.31-5
 > ii libgnutls30 3.6.15-4
 > ii libopenconnect5 8.10-1
 > ii libproxy1v5 0.4.16-2
 > ii libxml2 2.9.10+dfsg-6.3+b1
 > ii vpnc-scripts 0.1~git20200930-1
 >
 > Versions of packages openconnect recommends:
 > ii python3 3.9.0-4
 > ii python3-asn1crypto 1.4.0-1
 > ii python3-mechanize 1:0.4.5-2
 > ii python3-netifaces 0.10.9-0.2+b3
 >
 > Versions of packages openconnect suggests:
 > ii bash-completion 1:2.11-2
 >
 > -- no debconf information
 >
 >

#977842#21
Date:
2020-12-22 16:37:58 UTC
From:
To:
Submitter replied directly to me; forwarding to the BTS. Please make sure to reply-all.



Hello Josh,

Thanks for looking into this.

To answer your questions.

    1.
    [vpn-secrets]
    certificate:xxxxx
    form:main:group_list=XXX
    form:main:username=XXX
    lasthost=XXX
    save_passwords=yes

    2.
    please find the log attached herewith


Let me know if this is of any help to you.

Regards
Pavlos

*Pavlos Ponos*

Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos> and my blog <https://pavlosponosblog.wordpress.com/>
------------------------------------------------------------------------------------------------
Privacy isn't about hiding bad things.
It's about protecting what defines us as human beings.
Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/>
Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/>
------------------------------------------------------------------------------------------------

#977842#26
Date:
2020-12-22 16:48:38 UTC
From:
To:
Thanks for your efforts thus far. This log is almost complete, but it looks like it's not including the communication between NetworkManager and the VPN plugin. Can you add the following to /etc/NetworkManager/NetworkManager.conf, restart NM, and try connecting again?

[logging]
domains= VPN:DEBUG VPN_PLUGIN:DEBUG


Note that this log is more likely to contain sensitive information than the previous, so you'll want to be certain to redact it as necessary.

Thanks,
Josh


On Tue, 22 Dec 2020 11:37:58 -0500 Josh Anders <opensource@cybiko123.com> wrote:
 > Submitter replied directly to me; forwarding to the BTS. Please make sure to reply-all.
 >
 > -Josh
 >
 >
 >
 > -------- Forwarded Message --------
 > Subject: Re: Bug#977842: openconnect: Fails to save password in my VPN account
 > Date: Tue, 22 Dec 2020 18:28:17 +0200
 > From: Pavlos Ponos <pavlos.ponos@gmail.com>
 > Reply-To: 977842@bugs.debian.org, control@bugs.debian.org
 > To: opensource@cybiko123.com
 >
 >
 >
 > Hello Josh,
 >
 > Thanks for looking into this.
 >
 > To answer your questions.
 >
 > 1.
 > [vpn-secrets]
 > certificate:xxxxx
 > form:main:group_list=XXX
 > form:main:username=XXX
 > lasthost=XXX
 > save_passwords=yes
 >
 > 2.
 > please find the log attached herewith
 >
 >
 > Let me know if this is of any help to you.
 >
 > Regards
 > Pavlos
 >
 > *Pavlos Ponos*
 >
 > Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos> and my blog <https://pavlosponosblog.wordpress.com/>
 >
 > ------------------------------------------------------------------------------------------------
 > Privacy isn't about hiding bad things.
 > It's about protecting what defines us as human beings.
 > Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/>
 > Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/>
 > ------------------------------------------------------------------------------------------------
 >
 > On 12/21/20 9:00 PM, Pavlos Ponos wrote:
 > > Package: openconnect
 > > Version: 8.10-1
 > > Severity: normal
 > > X-Debbugs-Cc:pavlos.ponos@gmail.com
 > >
 > > Hello,
 > >
 > > This is something that used to work, but since last week it doesn't anymore.
 > >
 > > Some months ago I created a VPN connection using the 'Cisco Anyconnect' option. When I setup the connection I chose to store

#977842#29
Date:
2020-12-22 16:48:38 UTC
From:
To:
Thanks for your efforts thus far. This log is almost complete, but it looks like it's not including the communication between NetworkManager and the VPN plugin. Can you add the following to /etc/NetworkManager/NetworkManager.conf, restart NM, and try connecting again?

[logging]
domains= VPN:DEBUG VPN_PLUGIN:DEBUG


Note that this log is more likely to contain sensitive information than the previous, so you'll want to be certain to redact it as necessary.

Thanks,
Josh


On Tue, 22 Dec 2020 11:37:58 -0500 Josh Anders <opensource@cybiko123.com> wrote:
 > Submitter replied directly to me; forwarding to the BTS. Please make sure to reply-all.
 >
 > -Josh
 >
 >
 >
 > -------- Forwarded Message --------
 > Subject: Re: Bug#977842: openconnect: Fails to save password in my VPN account
 > Date: Tue, 22 Dec 2020 18:28:17 +0200
 > From: Pavlos Ponos <pavlos.ponos@gmail.com>
 > Reply-To: 977842@bugs.debian.org, control@bugs.debian.org
 > To: opensource@cybiko123.com
 >
 >
 >
 > Hello Josh,
 >
 > Thanks for looking into this.
 >
 > To answer your questions.
 >
 > 1.
 > [vpn-secrets]
 > certificate:xxxxx
 > form:main:group_list=XXX
 > form:main:username=XXX
 > lasthost=XXX
 > save_passwords=yes
 >
 > 2.
 > please find the log attached herewith
 >
 >
 > Let me know if this is of any help to you.
 >
 > Regards
 > Pavlos
 >
 > *Pavlos Ponos*
 >
 > Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos> and my blog <https://pavlosponosblog.wordpress.com/>
 >
 > ------------------------------------------------------------------------------------------------
 > Privacy isn't about hiding bad things.
 > It's about protecting what defines us as human beings.
 > Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/>
 > Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/>
 > ------------------------------------------------------------------------------------------------
 >
 > On 12/21/20 9:00 PM, Pavlos Ponos wrote:
 > > Package: openconnect
 > > Version: 8.10-1
 > > Severity: normal
 > > X-Debbugs-Cc:pavlos.ponos@gmail.com
 > >
 > > Hello,
 > >
 > > This is something that used to work, but since last week it doesn't anymore.
 > >
 > > Some months ago I created a VPN connection using the 'Cisco Anyconnect' option. When I setup the connection I chose to store

#977842#32
Date:
2020-12-22 16:37:58 UTC
From:
To:
Submitter replied directly to me; forwarding to the BTS. Please make sure to reply-all.



Hello Josh,

Thanks for looking into this.

To answer your questions.

    1.
    [vpn-secrets]
    certificate:xxxxx
    form:main:group_list=XXX
    form:main:username=XXX
    lasthost=XXX
    save_passwords=yes

    2.
    please find the log attached herewith


Let me know if this is of any help to you.

Regards
Pavlos

*Pavlos Ponos*

Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos> and my blog <https://pavlosponosblog.wordpress.com/>
------------------------------------------------------------------------------------------------
Privacy isn't about hiding bad things.
It's about protecting what defines us as human beings.
Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/>
Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/>
------------------------------------------------------------------------------------------------

#977842#37
Date:
2020-12-22 17:51:37 UTC
From:
To:
Thanks for your response.

It's really hard to remove sensitive information from 1k lines, before
sending the log to you. What exactly you are looking in the log file?

*Pavlos Ponos*

Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos>
and my blog <https://pavlosponosblog.wordpress.com/>
------------------------------------------------------------------------------------------------ Privacy isn't about hiding bad things. It's about protecting what defines us as human beings. Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/> Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/> ------------------------------------------------------------------------------------------------
#977842#42
Date:
2020-12-22 17:51:37 UTC
From:
To:
Thanks for your response.

It's really hard to remove sensitive information from 1k lines, before
sending the log to you. What exactly you are looking in the log file?

*Pavlos Ponos*

Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos>
and my blog <https://pavlosponosblog.wordpress.com/>
------------------------------------------------------------------------------------------------ Privacy isn't about hiding bad things. It's about protecting what defines us as human beings. Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/> Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/> ------------------------------------------------------------------------------------------------
#977842#45
Date:
2020-12-22 17:51:37 UTC
From:
To:
Thanks for your response.

It's really hard to remove sensitive information from 1k lines, before
sending the log to you. What exactly you are looking in the log file?

*Pavlos Ponos*

Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos>
and my blog <https://pavlosponosblog.wordpress.com/>
------------------------------------------------------------------------------------------------ Privacy isn't about hiding bad things. It's about protecting what defines us as human beings. Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/> Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/> ------------------------------------------------------------------------------------------------
#977842#50
Date:
2020-12-22 18:25:23 UTC
From:
To:
If you set NM's default log level back to info (dbus-send --system --print-reply --dest=org.freedesktop.NetworkManager /org/freedesktop/NetworkManager org.freedesktop.NetworkManager.SetLogging string:"info" string:""), and only debug VPN and VPN_PLUGIN in the config file, starting the VPN should only result in about 200 lines.

In any case, on my system, the process looks something like this...

Dec 22 12:59:45 hostname NetworkManager[32838]: <info> [1608659985.1851] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: Saw the service appear; activating connection
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.1852] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: requesting VPN secrets pass #1
Dec 22 12:59:45 hostname kernel: [58036.381956] tun: Universal TUN/TAP device driver, 1.6
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.1874] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: asking service if additional secrets are required
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.1886] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: service indicated additional secrets required
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.1886] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: requesting VPN secrets pass #2
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.2234] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: asking service if additional secrets are required
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.2245] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: service indicated additional secrets required
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.2245] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: requesting VPN secrets pass #3
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.8075] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: asking service if additional secrets are required
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.8085] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: service indicated no additional secrets required
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.8089] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: Allowing interactive secrets as all agents have that capability
Dec 22 12:59:45 hostname NetworkManager[32838]: <info> [1608659985.8098] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: VPN connection: (ConnectInteractive) reply received
Dec 22 12:59:45 hostname NetworkManager[32838]: <debug> [1608659985.8098] vpn-connection[0xyyyyyyyyyyyy,yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy,"XXX",0]: VPN connection: falling back to non-interactive connect
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'autoconnect-flags' unknown
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'certsigs-flags' unknown
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'cookie-flags' unknown
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'gateway-flags' unknown
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'gwcert-flags' unknown
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'lasthost-flags' unknown
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'xmlconfig-flags' unknown
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'autoconnect' unknown
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'lasthost' unknown
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'save_passwords' unknown
Dec 22 12:59:45 hostname NetworkManager[32925]: nm-openconnect[32925] <warn>  property 'xmlconfig' unknown

... followed by a list of the parameters to be sent to nm-openconnect. If your log looks different, or has (additional) warnings/errors, that would be helpful to know. Admittedly, I'm using PAN GlobalProtect rather than Cisco AnyConnect, so there may be a few irrelevant variations.

#977842#55
Date:
2020-12-22 18:40:56 UTC
From:
To:
Here are the steps I followed this time (see the log1.txt):

1. set NM's default log back to info as you mentioned
2. enable my VPN
3. run 'journalctl -u NetworkManager' to get the log

The reason I'm using Cisco's VPN is because the company I work for uses
this :) So there is no other option, I'm afraid.

*Pavlos Ponos*

Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos>
and my blog <https://pavlosponosblog.wordpress.com/>
------------------------------------------------------------------------------------------------ Privacy isn't about hiding bad things. It's about protecting what defines us as human beings. Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/> Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/> ------------------------------------------------------------------------------------------------
#977842#60
Date:
2020-12-22 19:14:55 UTC
From:
To:
That's fine. I don't have a choice in the matter, either :)

It seems as though it's not *failing* to use a saved secret; it's not even trying to. Unfortunately, without an error message, and an otherwise normal log, I don't have much else to go on, sorry. You can wait for a response from the maintainer/others here, or try #debian-next on irc.oftc.net if you want more immediate feedback. Thank you for helping to improve Debian.

#977842#65
Date:
2020-12-23 16:11:23 UTC
From:
To:
Hello Josh,

I think this is want you are looking for, aren't you? See log2.txt.

Line 53 reads:

Dec 23 09:54:32 debian-testing NetworkManager[3990]: secrets :
{'certificate:xxx.xxx.xxx.xxx':
'pin-sha256:gCjknF2tykskIVp8noM9EoaiXRI0Oxsa5DG/xxv7nR9U=', 'cookie':
'70CEBC@171098112@179C@45390A635E1C52F21F1F52A2B2892EAFD7084298',
'form:main:group_list': 'xxx', 'form:main:username': 'xxx', 'gateway':
'xxx.xxx.xxx.xxx', 'gwcert':
'pin-sha256:wyt1sqdnJ0Paid3idhtmAIxzM7aDqzth8cbJUpzfXt8=', 'lasthost':
'xxx', 'save_passwords': 'yes'}


*Pavlos Ponos*

Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos>
and my blog <https://pavlosponosblog.wordpress.com/>
------------------------------------------------------------------------------------------------ Privacy isn't about hiding bad things. It's about protecting what defines us as human beings. Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/> Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/> ------------------------------------------------------------------------------------------------
#977842#70
Date:
2020-12-23 18:13:27 UTC
From:
To:
Hi Pavlos,

My logs show that as well (line 52), but I was actually looking for these (lines 6-17):

Dec 23 09:54:22 debian-testing NetworkManager[598]: <debug> [1608710062.3483] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: requesting VPN secrets pass #1
Dec 23 09:54:22 debian-testing NetworkManager[598]: <debug> [1608710062.3543] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: asking service if additional secrets are required
Dec 23 09:54:22 debian-testing NetworkManager[598]: <debug> [1608710062.3576] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: service indicated additional secrets required
Dec 23 09:54:22 debian-testing NetworkManager[598]: <debug> [1608710062.3580] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: requesting VPN secrets pass #2
Dec 23 09:54:22 debian-testing NetworkManager[598]: <debug> [1608710062.7125] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: asking service if additional secrets are required
Dec 23 09:54:22 debian-testing NetworkManager[598]: <debug> [1608710062.7155] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: service indicated additional secrets required
Dec 23 09:54:22 debian-testing NetworkManager[598]: <debug> [1608710062.7159] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: requesting VPN secrets pass #3
Dec 23 09:54:32 debian-testing NetworkManager[598]: <debug> [1608710072.8255] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: asking service if additional secrets are required
Dec 23 09:54:32 debian-testing NetworkManager[598]: <debug> [1608710072.8371] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: service indicated no additional secrets required
Dec 23 09:54:32 debian-testing NetworkManager[598]: <debug> [1608710072.8431] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: Allowing interactive secrets as all agents have that capability
Dec 23 09:54:32 debian-testing NetworkManager[598]: <info> [1608710072.8496] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: VPN connection: (ConnectInteractive) reply received
Dec 23 09:54:32 debian-testing NetworkManager[598]: <debug> [1608710072.8496] vpn-connection[0x5629458700d0,5700de5d-3547-4ce0-bec8-6f61e15f6cb3,"XXX",0]: VPN connection: falling back to non-interactive connect

...since they specifically mention locating/requesting secrets (your password).


Let's see if the password is actually saved and mapped to the correct connection. You'll need seahorse installed, AKA "Passwords and Keys". Once opened, you should see an entry called "OpenConnect: [name of your VPN]: _login:passwd".

Double clicking on the entry should show something like:

vpn_uuid: 5700de5d-3547-4ce0-bec8-6f61e15f6cb3
auth_id: _login
label: passwd


The vpn_uuid should match the UUID found in /etc/NetworkManager/system-connections and the corresponding logs. Did you see any anomalies, warnings, or requests for additional authentication while using seahorse?


Thanks,
Josh

#977842#75
Date:
2020-12-27 09:49:35 UTC
From:
To:
Hello Josh,

Sorry for the late response, and thanks for guiding me through this.

I've installed seahorse; and everything seems to be intact. See
'screenshot.png'. The password that is saved in seahorse is the correct one.

The whole thing should have worked, but it doesn't. IMO, this is a bug,
isn't it?

Regards
Pavlos

*Pavlos Ponos*

Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos>
and my blog <https://pavlosponosblog.wordpress.com/>
------------------------------------------------------------------------------------------------ Privacy isn't about hiding bad things. It's about protecting what defines us as human beings. Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/> Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/> ------------------------------------------------------------------------------------------------
#977842#80
Date:
2020-12-27 13:32:49 UTC
From:
To:
Yes, agreed, it's a bug.
#977842#85
Date:
2020-12-27 15:07:47 UTC
From:
To:
So? What's the next step? I see this bug as 'outstanding/unclassified'.
Can we mark it differently or inform the package maintainer?


*Pavlos Ponos*

Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos>
and my blog <https://pavlosponosblog.wordpress.com/>
------------------------------------------------------------------------------------------------ Privacy isn't about hiding bad things. It's about protecting what defines us as human beings. Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/> Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/> ------------------------------------------------------------------------------------------------
#977842#90
Date:
2020-12-27 16:52:19 UTC
From:
To:
The maintainer is automatically copied on these messages. Next step is to wait for him.
#977842#95
Date:
2020-12-28 08:35:44 UTC
From:
To:
Dear Maintainer,

Could it possible to have a look on this?

Thanks,
Pavlos

*Pavlos Ponos*

Visit my Linkedin profile <https://www.linkedin.com/in/pavlos-k-ponos>
and my blog <https://pavlosponosblog.wordpress.com/>
------------------------------------------------------------------------------------------------ Privacy isn't about hiding bad things. It's about protecting what defines us as human beings. Protect yourself by using TOR browser <https://www.torproject.org/download/>, OpenPGP encryption <https://www.openpgp.org/>, Jitsi Meet <https://meet.jit.si/> & Signal <https://www.signal.org/> Save your money by using a Linux distro <https://distrowatch.com/> & an open-source Office suite <https://www.libreoffice.org/> ------------------------------------------------------------------------------------------------