On Wed, Dec 07, 2016 at 10:54:10 +0200, Matti Koskimies wrote: > I have a OpenConnect VPN connection and I like to use nmcli to connect to it. > But I can't do that unless nm-applet is running. When I use the --ask option I > get a connection to the authentication, but it fails every time. After I start > nm-applet I get a GUI asking for credentials, and the connection is > established.
I can't reproduce this, but that doesn't mean it's not a bug in some component. I would suspect this is network-manager itself rather than the nm-openconnect component. Can you test with another VPN type? > $ nmcli --ask connection up HaVaVPN > POST https://*hostname removed*/restricted > Connected to *IP removed*:443 > SSL negotiation with *hostname removed* > Connected to HTTPS on *hostname removed* > XML POST enabled > Please enter your username and password. > Username:*username removed* > Password: > POST https://*hostname removed*/ > Error: Connection activation failed: unknown reason. What is the timing in this example? A couple seconds? Is it just a simple user + password login? Does connecting with openconnect directly work? Here's what I see in a completely headless environment: $ nmcli --ask con up test POST https://example.com/ Connected to [...]:443 SSL negotiation with example.com Server certificate verify failed: signer not found Certificate from VPN server "example.com" failed verification. Reason: signer not found Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on example.com XML POST enabled Please enter your username. Username:user POST https://example.com/auth Please enter your password. Password: POST https://example.com/auth VPN connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/33) -- mike
