https://bugs.kde.org/show_bug.cgi?id=439612
Bug ID: 439612
Summary: Applet does not prompt for login when connecting to
GlobalProtect VPN
Product: plasma-nm
Version: 5.21.5
Platform: Archlinux Packages
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: jgrul...@redhat.com
Reporter: mason2...@gmail.com
Target Milestone: ---
Created attachment 139926
--> https://bugs.kde.org/attachment.cgi?id=139926&action=edit
Screenshot of kdialog missing the username and password fields
SUMMARY
When connecting to a global protect vpn via the plasma-nm applet, the auth
dialog appears, but does not have fields for username and password. If the
connect button next to the selected gateway is pressed, an error appears
stating 'Unexpected 200 result'.
I've done some debugging, and it appears that the problem is that Network
Manager (verified with nmcli) does not run the authenticate step of openconnect
and just asks for the gateway, certificate, and cookie (the results of an
openconnect --authenticate command).
I'm not sure if this would be considered a Network Manager bug, but I think
that the plasma applet should account for this to insulate the user from the
technical login process, even if network manager and nmcli are not
user-friendly.
Note that I am able to connect to the vpn using a script (see ADDITIONAL
INFORMATION), so the openconnect system is working. The problem is that the
applet (and nmcli) do not perform the intermediate authentication steps that
the user shouldn't have to worry about.
STEPS TO REPRODUCE
1. Install plasma-nm 5.21.5-1, networkmanager-openconnect 1.2.7, and
networkmanager 1.30.4-3 (these are the current versions in a Manjaro system)
2. Add a vpn connection via the plasma network settings, set to globalprotect
3. Attempt to connect to the new vpn connection
OBSERVED RESULT
The authentication dialog appears with no fields for username and password
EXPECTED RESULT
The authentication dialog should have fields to enter a username and password,
to be passed to the command `openconnect --authenticate`, whose output would be
passed to network manager
SOFTWARE/OS VERSIONS
Manjaro Linux 5.10.42-1-MANJARO
KDE Plasma Version: 5.21.5
KDE Frameworks Version: 5.82.0
Qt Version: 5.15.2
ADDITIONAL INFORMATION
The following script properly connects to the vpn as expected:
#!/usr/bin/env bash
tmp=$(mktemp)
chmod 600 "$tmp"
eval "$(ksshaskpass | openconnect --protocol=gp --authenticate --user=me
vpn.domain --passwd-on-stdin)"
cat <<EOF > "$tmp"
vpn.secrets.cookie:$COOKIE
vpn.secrets.gwcert:$FINGERPRINT
vpn.secrets.gateway:$HOST
EOF
nmcli --ask con up connection-name passwd-file "$tmp"
rm "$tmp"
--
You are receiving this mail because:
You are watching all bug changes.
