https://bugs.kde.org/show_bug.cgi?id=439612

            Bug ID: 439612
           Summary: Applet does not prompt for login when connecting to
                    GlobalProtect VPN
           Product: plasma-nm
           Version: 5.21.5
          Platform: Archlinux Packages
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: jgrul...@redhat.com
          Reporter: mason2...@gmail.com
  Target Milestone: ---

Created attachment 139926
  --> https://bugs.kde.org/attachment.cgi?id=139926&action=edit
Screenshot of kdialog missing the username and password fields

SUMMARY

When connecting to a global protect vpn via the plasma-nm applet, the auth
dialog appears, but does not have fields for username and password. If the
connect button next to the selected gateway is pressed, an error appears
stating 'Unexpected 200 result'.

I've done some debugging, and it appears that the problem is that Network
Manager (verified with nmcli) does not run the authenticate step of openconnect
and just asks for the gateway, certificate, and cookie (the results of an
openconnect --authenticate command).

I'm not sure if this would be considered a Network Manager bug, but I think
that the plasma applet should account for this to insulate the user from the
technical login process, even if network manager and nmcli are not
user-friendly.

Note that I am able to connect to the vpn using a script (see ADDITIONAL
INFORMATION), so the openconnect system is working. The problem is that the
applet (and nmcli) do not perform the intermediate authentication steps that
the user shouldn't have to worry about.


STEPS TO REPRODUCE
1. Install plasma-nm 5.21.5-1, networkmanager-openconnect 1.2.7, and
networkmanager 1.30.4-3 (these are the current versions in a Manjaro system)
2. Add a vpn connection via the plasma network settings, set to globalprotect
3. Attempt to connect to the new vpn connection

OBSERVED RESULT
The authentication dialog appears with no fields for username and password

EXPECTED RESULT
The authentication dialog should have fields to enter a username and password,
to be passed to the command `openconnect --authenticate`, whose output would be
passed to network manager

SOFTWARE/OS VERSIONS
Manjaro Linux 5.10.42-1-MANJARO
KDE Plasma Version: 5.21.5
KDE Frameworks Version: 5.82.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION
The following script properly connects to the vpn as expected:
#!/usr/bin/env bash
tmp=$(mktemp)
chmod 600 "$tmp"
eval "$(ksshaskpass | openconnect --protocol=gp --authenticate --user=me
vpn.domain --passwd-on-stdin)"
cat <<EOF > "$tmp"
vpn.secrets.cookie:$COOKIE
vpn.secrets.gwcert:$FINGERPRINT
vpn.secrets.gateway:$HOST
EOF
nmcli --ask con up connection-name passwd-file "$tmp"
rm "$tmp"

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to