From: divan@santanas.co.za
To: Help guix <help-guix@gnu.org>
Subject: Getting network-manager-openconnect to work
Date: Wed, 22 Apr 2020 14:25:52 +0200 [thread overview]
Message-ID: <878sin671r.fsf@swift.i-did-not-set--mail-host-address--so-tickle-me> (raw)
Hi Guixers,
There is also a bug report about this query.
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37369
I'm not having any luck getting network-manager-openconnect to work for
me.
For one, using nm-connection-editor on cli or via exwm program launcher,
and creating a new connection tells me:
Insufficient privileges
Apr 12 21:32:20 swift NetworkManager[385]: <info> [1586719940.8362] audit: op="connection-add" pid=2616 uid=1000 result="fail" reason="Insufficient privileges."
$ id
uid=1000(ds) gid=998(users) groups=998(users),972(docker),975(libvirt),978(adbusers),984(kvm),986(cdrom),989(lp),990(netdev),991(audio),992(video),993(input),999(wheel)
Full system config is pasted below[1].
My groups appear fine. Perhaps some issue with polkit?
polkit is running though.
polkitd 864 1 0 12:33 ? 00:00:00 /gnu/store/mw57n9nj3y20bfm9ijcbpm16gpsik6sg-polkit-0.116/lib/polkit-1/polkitd --no-debug
Not sure if it's the way my desktop is started with exwm.
I am able to up / down connections via "nmcli con up id" and without
sudo.
I know others have sometimes complained about network manager
permissions as a user. It seems it works for some but not others.
Secondly, upping a openconnect network manager connection file which is
known to work on another distro results in this:
$ nmcli con up id my-vpn-2fa --ask
Error: openconnect failed: Could not find "openconnect" binary
A password is required to connect to 'my-vpn-2fa.
Gateway (vpn.secrets.gateway):
I notice that after about a minute the GUI form pops up. I then prompts
me for my 2FA meaning it passed the 1st authentication bit. After I
approve, it then dissapears and seems to disconnect.
Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.6929] agent-manager: req[0x1043510, :1.159/nmcli-connect/1000]: agent registered
Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.6976] audit: op="connection-activate" uuid="40441d34-5290-4631-8796-5fb57d0f1bf2" name="vpn-fnb-2fa" pid=12530 uid=1000 result="success"
Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.7034] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Started the VPN service, PID 12536
Apr 12 21:18:38 swift NetworkManager[360]: <info> [1586719118.7117] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Saw the service appear; activating connection
Apr 12 21:20:33 swift NetworkManager[360]: <info> [1586719233.2173] settings-connection[0xecac80,40441d34-5290-4631-8796-5fb57d0f1bf2]: write: successfully committed (keyfile: update /etc/NetworkManager/system-connections/vpn-fnb-2fa (40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa"))
Apr 12 21:20:33 swift NetworkManager[360]: <error> [1586719233.2192] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: final secrets request failed to provide sufficient secrets
Apr 12 21:20:33 swift NetworkManager[360]: <info> [1586719233.2234] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: VPN plugin: state changed: stopped (6)
Creating a new connecting via sudo and the starting it results in the
same.
Any idea?
[1]: (trimmed slightly)
--8<---------------cut here---------------start------------->8---
(use-modules
(gnu)
(gnu packages admin)
(gnu packages android) ;for android-udev-rules
(gnu packages certs)
(gnu packages cups)
(gnu packages gnome)
(gnu packages gnupg)
(gnu packages haskell-apps)
(gnu packages linux)
(gnu packages shells)
(gnu packages suckless)
(gnu packages virtualization)
(gnu packages wm)
(gnu packages xorg)
(gnu services avahi)
(gnu services cups)
(gnu services desktop)
(gnu services dns)
(gnu services docker)
(gnu services monitoring)
(gnu services networking)
(gnu services pm)
(gnu services shepherd)
(gnu services sound)
(gnu services ssh)
(gnu services sysctl)
(gnu services virtualization)
(gnu services xorg)
(gnu system nss)
(gnu system shadow) ;for user-group
(guix build-system trivial)
(guix download) ;for url-fetch
(guix git-download)
(guix packages) ;for origin
(nongnu packages linux)
(srfi srfi-1) ;for 'remove'
)
(define %extra-linux-modules
'("fuse" ; for sshfs
"nbd" ; to mount qcow2 images
))
(operating-system
(host-name "swift")
(timezone "Africa/Johannesburg")
(locale "en_US.utf8")
(locale-libcs (list glibc-2.28 (canonical-package glibc)))
(hosts-file (local-file "/home/ds/src/ds-config/.config/guix/etc/hosts"))
(sudoers-file (local-file "/home/ds/src/ds-config/.config/guix/etc/sudoers"))
(kernel-arguments
(list
(string-append "resume_offset=106602496")
(string-append "modprobe.blacklist=" "pcspkr,snd_pcsp")
(string-append "net.ifnames=0")
(string-append "kvm_intel.nested=1")))
(kernel linux-4.19)
(firmware (cons* linux-firmware %base-firmware))
(initrd (lambda (fs . args)
(apply base-initrd fs
#:extra-modules %extra-linux-modules
args)))
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(target "/boot/efi")
))
(mapped-devices (list (mapped-device
(source (uuid "3e7beb3b-1037-4ee8-9048-5e048afafbd0"))
(target "crypt")
(type luks-device-mapping))))
(file-systems (cons* (file-system
(device "/dev/nvme0n1p1")
(type "msdos")
(mount-point "/boot/efi"))
(file-system
(device "/dev/mapper/crypt")
(mount-point "/")
(type "ext4")
(dependencies mapped-devices))
%base-file-systems))
(swap-devices '("/mnt/swapfile"))
(users (cons (user-account
(name "ds")
(comment "Divan Santana")
(group "users")
(supplementary-groups
'("adbusers" ;for adb
"wheel" "kvm" "audio" "video" "lp"
"docker"
"libvirt"
"input"
;; "lpadmin"
"cdrom" "netdev"))
(home-directory "/home/ds"))
%base-user-accounts))
(groups (cons (user-group (system? #t) (name "adbusers"))
%base-groups))
(packages
(append (map specification->package
'(
"bash-completion"
"binutils"
"bridge-utils"
"dmidecode"
"dnsmasq"
"docker"
"docker-cli"
"docker-compose"
"dosfstools"
"dtach"
"ethtool"
"font-adobe-source-code-pro"
"font-adobe-source-sans-pro"
"font-adobe-source-serif-pro"
"font-adobe100dpi"
"font-adobe75dpi"
"font-awesome"
"font-bitstream-vera"
"font-dejavu"
"font-fantasque-sans"
"font-fira-code"
"font-fira-mono"
"font-fira-sans"
"font-gnu-freefont-ttf"
"font-google-roboto"
"font-hack"
"font-inconsolata"
"font-iosevka"
"font-liberation"
"font-misc-misc"
"font-tamzen"
"font-ubuntu"
;; "font-symbola" ;; missing
"git"
;; "arc-theme" ;; fixme, should be in core only
"gnome-themes-standard" ;; fixme, should be in core only
"iptables"
"light"
"lsof"
"mlocate"
"mobile-broadband-provider-info"
"modem-manager"
"neovim"
"netcat"
"network-manager-applet"
"network-manager-openconnect"
"network-manager-vpnc"
"net-tools"
"nss" ;; FIXME: is not providing certutil
"nss-certs"
"ntfs-3g"
"openconnect"
"openssh"
"parted"
"qemu"
"rsync"
"setxkbmap"
"slock"
"usb-modeswitch"
"usb-modeswitch-data"
"udiskie"
"xcape"
"xdotool" ;; simulate keyboard/mouse presses
"xev"
"xf86-input-libinput"
"xf86-input-synaptics"
"xf86-input-wacom"
"xf86-video-fbdev"
"xinit"
"xmodmap"
"xorg-server"
"xrandr"
"xrdb"
"xsel"
"xset"
"kmonad"
"xss-lock"
"xterm"
"xf86-video-intel"
))
%base-packages))
(setuid-programs (cons (file-append qemu "/libexec/qemu-bridge-helper")
%setuid-programs))
(services (cons*
(service openssh-service-type
(openssh-configuration
(port-number 8444)
(permit-root-login 'without-password)
))
(service tor-service-type)
(simple-service 'store-my-config
etc-service-type
`(("config.scm"
,(local-file (assoc-ref
(current-source-location)
'filename)))))
(service cups-service-type
(cups-configuration
(web-interface? #t)
(extensions
(list cups-filters hplip))))
(screen-locker-service slock "slock")
(service tlp-service-type
(tlp-configuration
;; TODO: enable autosuspend and blacklist certian
;; usb devices.
(usb-autosuspend? #f)))
(service thermald-service-type)
(service gpm-service-type)
(service docker-service-type)
(service libvirt-service-type
(libvirt-configuration
(unix-sock-group "libvirt")))
(service virtlog-service-type)
(service sysctl-service-type
(sysctl-configuration
(settings '(
("net.ipv4.ip_forward" . "1")
("vm.swappiness" . "05")
))))
(extra-special-file "/usr/bin/env"
(file-append coreutils "/bin/env"))
firewall-service
(service prometheus-node-exporter-service-type
(prometheus-node-exporter-configuration
(web-listen-address ":9100")))
(service slim-service-type
(slim-configuration
(auto-login? #t)
(default-user "ds")
;; (auto-login-session #f)
(xorg-configuration
(xorg-configuration
(drivers '("modesetting"))
))
))
(remove (lambda (service)
(eq? (service-kind service) avahi-service-type))
(remove (lambda (service)
(eq? (service-kind service) gdm-service-type))
(modify-services %desktop-services
(network-manager-service-type
config => (network-manager-configuration
(inherit config)
(dns "dnsmasq")
(vpn-plugins (list network-manager-openconnect))
))
(udev-service-type
config => (udev-configuration
(inherit config)
(rules (append (udev-configuration-rules config)
(list %backlight-udev-rule android-udev-rules kmonad)))))
(login-service-type
config => (login-configuration
(inherit config)
(motd %motd)))))))))
--8<---------------cut here---------------end--------------->8---
next reply other threads:[~2020-04-22 12:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-22 12:25 divan [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-09-10 9:57 Getting network-manager-openconnect to work Divan Santana
2019-09-10 11:21 ` pelzflorian (Florian Pelz)
2019-09-11 20:46 ` Ludovic Courtès
2019-09-12 5:34 ` pelzflorian (Florian Pelz)
2019-09-16 15:57 ` Ludovic Courtès
2019-09-16 16:06 ` pelzflorian (Florian Pelz)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878sin671r.fsf@swift.i-did-not-set--mail-host-address--so-tickle-me \
--to=divan@santanas.co.za \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).