On Mon, 2016-10-17 at 11:28 -0400, Sean wrote: > Hi, > > Can anyone on the list tell me what the minimum version of > NetworkManager-openconnect that is require to support PCKS#11 URLs in > a VPN settings config file? > > We're running EL7 systems (CentOS, Scientific, and some RHEL) with > NetworkManager v1.0.6-31 and NetworkManager-openconnect v0.9.8.6 and > when attempting to setup usercert and userkey fields with a PKCS#11 > SmartCard URL, as produced from p11tool, NetworkManager's gui throws > an unable to open key/certificate file error. > > /etc/NetworkManager/system-connections/VPN looks something like: > > [connection] > id=VPN > uuid=43297f31-e438-491e-80c0-3127a13ea176 > type=vpn > autoconnect=false > permissions=user:<my username>:; > secondaries= > > [vpn] > enable_csd_trojan=no > xmlconfig-flags=0 > pem_passphrase_fsid=no > gwcert-flags=2 > gateway-flags=2 > autoconnect-flags=0 > lasthost-flags=0 > usercert="pkcs11:model=X;manufacturer=Y;serial=Z;id=%00%02;object- > type=cert" > userkey="pkcs11:model=X;manufacturer=Y;serial=Z;id=%00%02;object- > type=private" > stoken_source=disabled > certsigs-flags=0 > cookie-flags=2 > gateway=vpn.example.com > authtype=cert > service-type=org.freedesktop.NetworkManager.openconnect > > [ipv4] > dns-search= > method=auto > > [ipv6] > dns-search= > method=auto > > Also, using openconnect alone from the command prompt does > successfully connect to the vpn using the same PKCS#11 URLs. > > If I need more recent versions of these, does anyone have any ideas > on whether doing so is a manageable process on a EL 7 system? ... > and by that I'm really asking is EL7 just too old to support what > we're trying to do from the Gnome NetworkManager interface. > > Thanks a bunch for reading and any assistance!
Hi Sean, AFAIK neither NetworkManager nor the nm-openconnect plugin support specifying PKCS#11 URLs yet. It's on the todo list, and obviously important. Thomas
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list firstname.lastname@example.org https://mail.gnome.org/mailman/listinfo/networkmanager-list