all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* Getting network-manager-openconnect to work
@ 2019-09-10  9:57 Divan Santana
  2019-09-10 11:21 ` pelzflorian (Florian Pelz)
  0 siblings, 1 reply; 28+ messages in thread
From: Divan Santana @ 2019-09-10  9:57 UTC (permalink / raw)
  To: Help guix

Hi Guix,

I'm glad openconnect and network-manager-openconnect are now in Guix!

It would be nice to get it to work via network-manager, though I suppose
it's not essential.

Using openconnect directly works for me.

$ sudo openconnect vpn.somewhere.com

Trying to get it work via network-manager gives an error like so:

$ sudo nmcli con up vpn-fnb --ask
Error: openconnect failed: Could not find "openconnect" binary
A password is required to connect to 'vpn-fnb'.
Gateway (vpn.secrets.gateway):

Even though my services configuration has this vpn-plugins set.

(modify-services %desktop-services
                 (network-manager-service-type
                  config => (network-manager-configuration
                             (inherit config)
                             (dns "dnsmasq")
                             (vpn-plugins (list network-manager-openconnect))
                             ))

Anyone else seen this?

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Getting network-manager-openconnect to work
  2019-09-10  9:57 Getting network-manager-openconnect to work Divan Santana
@ 2019-09-10 11:21 ` pelzflorian (Florian Pelz)
  2019-09-11  7:38   ` bug#37369: " Efraim Flashner
                     ` (6 more replies)
  0 siblings, 7 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-10 11:21 UTC (permalink / raw)
  To: Divan Santana; +Cc: bug-guix, Help guix

[-- Attachment #1: Type: text/plain, Size: 1774 bytes --]

On Tue, Sep 10, 2019 at 11:57:11AM +0200, Divan Santana wrote:
> Hi Guix,
> 
> I'm glad openconnect and network-manager-openconnect are now in Guix!
> 
> It would be nice to get it to work via network-manager, though I suppose
> it's not essential.
> 
> Using openconnect directly works for me.
> 
> $ sudo openconnect vpn.somewhere.com
> 
> Trying to get it work via network-manager gives an error like so:
> 
> $ sudo nmcli con up vpn-fnb --ask
> Error: openconnect failed: Could not find "openconnect" binary
> A password is required to connect to 'vpn-fnb'.
> Gateway (vpn.secrets.gateway):
> 
> Even though my services configuration has this vpn-plugins set.
> 
> (modify-services %desktop-services
>                  (network-manager-service-type
>                   config => (network-manager-configuration
>                              (inherit config)
>                              (dns "dnsmasq")
>                              (vpn-plugins (list network-manager-openconnect))
>                              ))
> 
> Anyone else seen this?

Cc’ing bug-guix@gnu.org

I suspect something like the attached patch would help (and expand the
closure of network-manager to always include openconnect).

To test, follow section “Building from Git” from the manual or Laura’s
video 04-packaging-part-one.webm from
<https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00249.html>,
but after the initial clone command, do

  git apply the-attached.patch

Then after make, do

  sudo -E ./pre-inst-env guix system reconfigure /etc/config.scm

(or whatever your configuration file is called).  I cannot test right
now and have never used openconnect.  It is quite possible I made a
mistake.

Regards,
Florian

[-- Attachment #2: 0001-gnu-network-manager-Enable-openconnect-helper.patch --]
[-- Type: text/plain, Size: 1520 bytes --]

From 8de7675a2dc2c1385d312e35136f8fa9eb4f9825 Mon Sep 17 00:00:00 2001
From: Florian Pelz <pelzflorian@pelzflorian.de>
Date: Tue, 10 Sep 2019 12:59:19 +0200
Subject: [PATCH] gnu: network-manager: Enable openconnect helper.

* gnu/packages/gnome.scm (network-manager): Add openconnect input.
Patch source to use it instead of searching /usr/bin.
---
 gnu/packages/gnome.scm | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index efe5206e53..a6ea09d8f6 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -5372,6 +5372,13 @@ users.")
                (("src/devices/tests/test-lldp") " ")
                (("src/tests/test-route-manager-linux") " "))
              #t))
+         (add-after 'unpack 'patch-source
+           (lambda* (#:key inputs #:allow-other-keys)
+             (begin
+               (substitute* "clients/common/nm-vpn-helpers.c"
+                 (("\\\"/usr/sbin/openconnect\\\"")
+                  (string-append openconnect "\"/bin/openconnect\"")))
+               #t)))
          (add-after 'unpack 'delete-failing-tests
            (lambda _
              ;; FIXME: These four tests fail for unknown reasons.
@@ -5434,6 +5441,7 @@ users.")
        ("libsoup" ,libsoup)
        ("modem-manager" ,modem-manager)
        ("newt" ,newt)                       ;for the 'nmtui' console interface
+       ("openconnect" ,openconnect)
        ("polkit" ,polkit)
        ("ppp" ,ppp)
        ("readline" ,readline)
-- 
2.23.0


^ permalink raw reply related	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-10 11:21 ` pelzflorian (Florian Pelz)
@ 2019-09-11  7:38   ` Efraim Flashner
  2019-09-11  7:38   ` Efraim Flashner
                     ` (5 subsequent siblings)
  6 siblings, 0 replies; 28+ messages in thread
From: Efraim Flashner @ 2019-09-11  7:38 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 37369, Divan Santana, help-guix

[-- Attachment #1: Type: text/plain, Size: 361 bytes --]

Instead of adding openconnect to network-manager, would it be enough to

(substitute* "the-file"
  (("/usr/sbin/openconnect") "openconnect"))


-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: bug#37369: Getting network-manager-openconnect to work
  2019-09-10 11:21 ` pelzflorian (Florian Pelz)
  2019-09-11  7:38   ` bug#37369: " Efraim Flashner
@ 2019-09-11  7:38   ` Efraim Flashner
  2019-09-11 11:39     ` pelzflorian (Florian Pelz)
  2019-09-11 11:39     ` pelzflorian (Florian Pelz)
  2019-09-11 20:46   ` Ludovic Courtès
                     ` (4 subsequent siblings)
  6 siblings, 2 replies; 28+ messages in thread
From: Efraim Flashner @ 2019-09-11  7:38 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 37369, Divan Santana, help-guix

[-- Attachment #1: Type: text/plain, Size: 361 bytes --]

Instead of adding openconnect to network-manager, would it be enough to

(substitute* "the-file"
  (("/usr/sbin/openconnect") "openconnect"))


-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-11  7:38   ` Efraim Flashner
  2019-09-11 11:39     ` pelzflorian (Florian Pelz)
@ 2019-09-11 11:39     ` pelzflorian (Florian Pelz)
  1 sibling, 0 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-11 11:39 UTC (permalink / raw)
  To: Efraim Flashner; +Cc: 37369, Divan Santana, help-guix

On Wed, Sep 11, 2019 at 10:38:22AM +0300, Efraim Flashner wrote:
> Instead of adding openconnect to network-manager, would it be enough to
> 
> (substitute* "the-file"
>   (("/usr/sbin/openconnect") "openconnect"))
> 
> 

No, at least the comment documenting nm_utils_file_search_in_paths says:

/**
 * nm_utils_file_search_in_paths:
 * […]
 * @try_first: (allow-none): a custom path to try first before searching.
 *   It is silently ignored if it is empty or not an absolute path.
 * […]

I do not know if my patch works though.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: bug#37369: Getting network-manager-openconnect to work
  2019-09-11  7:38   ` Efraim Flashner
@ 2019-09-11 11:39     ` pelzflorian (Florian Pelz)
  2019-09-11 11:39     ` pelzflorian (Florian Pelz)
  1 sibling, 0 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-11 11:39 UTC (permalink / raw)
  To: Efraim Flashner; +Cc: 37369, Divan Santana, help-guix

On Wed, Sep 11, 2019 at 10:38:22AM +0300, Efraim Flashner wrote:
> Instead of adding openconnect to network-manager, would it be enough to
> 
> (substitute* "the-file"
>   (("/usr/sbin/openconnect") "openconnect"))
> 
> 

No, at least the comment documenting nm_utils_file_search_in_paths says:

/**
 * nm_utils_file_search_in_paths:
 * […]
 * @try_first: (allow-none): a custom path to try first before searching.
 *   It is silently ignored if it is empty or not an absolute path.
 * […]

I do not know if my patch works though.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: Getting network-manager-openconnect to work
  2019-09-10 11:21 ` pelzflorian (Florian Pelz)
  2019-09-11  7:38   ` bug#37369: " Efraim Flashner
  2019-09-11  7:38   ` Efraim Flashner
@ 2019-09-11 20:46   ` Ludovic Courtès
  2019-09-12  5:34     ` pelzflorian (Florian Pelz)
  2019-09-16 11:53   ` pelzflorian (Florian Pelz)
                     ` (3 subsequent siblings)
  6 siblings, 1 reply; 28+ messages in thread
From: Ludovic Courtès @ 2019-09-11 20:46 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: Help guix, Divan Santana, bug-guix

Hi Florian,

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:

> From 8de7675a2dc2c1385d312e35136f8fa9eb4f9825 Mon Sep 17 00:00:00 2001
> From: Florian Pelz <pelzflorian@pelzflorian.de>
> Date: Tue, 10 Sep 2019 12:59:19 +0200
> Subject: [PATCH] gnu: network-manager: Enable openconnect helper.
>
> * gnu/packages/gnome.scm (network-manager): Add openconnect input.
> Patch source to use it instead of searching /usr/bin.
> ---
>  gnu/packages/gnome.scm | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
> index efe5206e53..a6ea09d8f6 100644
> --- a/gnu/packages/gnome.scm
> +++ b/gnu/packages/gnome.scm
> @@ -5372,6 +5372,13 @@ users.")
>                 (("src/devices/tests/test-lldp") " ")
>                 (("src/tests/test-route-manager-linux") " "))
>               #t))
> +         (add-after 'unpack 'patch-source
> +           (lambda* (#:key inputs #:allow-other-keys)
> +             (begin
> +               (substitute* "clients/common/nm-vpn-helpers.c"
> +                 (("\\\"/usr/sbin/openconnect\\\"")
> +                  (string-append openconnect "\"/bin/openconnect\"")))
> +               #t)))
>           (add-after 'unpack 'delete-failing-tests
>             (lambda _
>               ;; FIXME: These four tests fail for unknown reasons.
> @@ -5434,6 +5441,7 @@ users.")
>         ("libsoup" ,libsoup)
>         ("modem-manager" ,modem-manager)
>         ("newt" ,newt)                       ;for the 'nmtui' console interface
> +       ("openconnect" ,openconnect)

Something I don’t get: why does NM itself know about openconnect?

There’s a network-manager-openconnect plugin, so I would expect
everything openconnect to happen there.  Do you know why it’s not that
way?

Thanks,
Ludo’.

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: Getting network-manager-openconnect to work
  2019-09-11 20:46   ` Ludovic Courtès
@ 2019-09-12  5:34     ` pelzflorian (Florian Pelz)
  2019-09-16 15:57       ` Ludovic Courtès
  0 siblings, 1 reply; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-12  5:34 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Help guix, Divan Santana, bug-guix

On Wed, Sep 11, 2019 at 10:46:56PM +0200, Ludovic Courtès wrote:
> Something I don’t get: why does NM itself know about openconnect?
> 
> There’s a network-manager-openconnect plugin, so I would expect
> everything openconnect to happen there.  Do you know why it’s not that
> way?
> 
> Thanks,
> Ludo’.

I don’t know.  The patch addresses (if it works) a function called
nm_vpn_openconnect_authenticate_helper within the code for
NetworkManager clients like nmtui, probably also nm-connection-editor,
that calls openconnect --authenticate.

Perhaps the network manager service could symlink the openconnect
binary to the plugins directory when used and NetworkManager could be
made to look there, but it would be nice to know if the current patch
works.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-10 11:21 ` pelzflorian (Florian Pelz)
                     ` (2 preceding siblings ...)
  2019-09-11 20:46   ` Ludovic Courtès
@ 2019-09-16 11:53   ` pelzflorian (Florian Pelz)
  2019-09-16 11:53   ` pelzflorian (Florian Pelz)
                     ` (2 subsequent siblings)
  6 siblings, 0 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-16 11:53 UTC (permalink / raw)
  To: Divan Santana; +Cc: 37369, help-guix

On Tue, Sep 10, 2019 at 01:21:20PM +0200, pelzflorian (Florian Pelz) wrote:
> I suspect something like the attached patch would help (and expand the
> closure of network-manager to always include openconnect).
> 

Sorry, my old patch did not even build.  A friend lent me her
AnyConnect credentials so I can test.  I will test now and send a
working patch.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: bug#37369: Getting network-manager-openconnect to work
  2019-09-10 11:21 ` pelzflorian (Florian Pelz)
                     ` (3 preceding siblings ...)
  2019-09-16 11:53   ` pelzflorian (Florian Pelz)
@ 2019-09-16 11:53   ` pelzflorian (Florian Pelz)
  2020-04-12 19:46   ` divan
  2020-05-04 19:43   ` bug#37369: (no subject) Divan Santana via web
  6 siblings, 0 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-16 11:53 UTC (permalink / raw)
  To: Divan Santana; +Cc: 37369, help-guix

On Tue, Sep 10, 2019 at 01:21:20PM +0200, pelzflorian (Florian Pelz) wrote:
> I suspect something like the attached patch would help (and expand the
> closure of network-manager to always include openconnect).
> 

Sorry, my old patch did not even build.  A friend lent me her
AnyConnect credentials so I can test.  I will test now and send a
working patch.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: Getting network-manager-openconnect to work
  2019-09-12  5:34     ` pelzflorian (Florian Pelz)
@ 2019-09-16 15:57       ` Ludovic Courtès
  2019-09-16 16:06         ` pelzflorian (Florian Pelz)
  0 siblings, 1 reply; 28+ messages in thread
From: Ludovic Courtès @ 2019-09-16 15:57 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: Help guix, Divan Santana, bug-guix

Hi Florian,

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:

> On Wed, Sep 11, 2019 at 10:46:56PM +0200, Ludovic Courtès wrote:
>> Something I don’t get: why does NM itself know about openconnect?
>> 
>> There’s a network-manager-openconnect plugin, so I would expect
>> everything openconnect to happen there.  Do you know why it’s not that
>> way?
>> 
>> Thanks,
>> Ludo’.
>
> I don’t know.  The patch addresses (if it works) a function called
> nm_vpn_openconnect_authenticate_helper within the code for
> NetworkManager clients like nmtui, probably also nm-connection-editor,
> that calls openconnect --authenticate.

So I guess we first need someone to tell us whether the patch “works”,
as you wrote, right?  :-)

Ludo’.

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: Getting network-manager-openconnect to work
  2019-09-16 15:57       ` Ludovic Courtès
@ 2019-09-16 16:06         ` pelzflorian (Florian Pelz)
  2019-09-27 16:37           ` bug#37369: " pelzflorian (Florian Pelz)
  0 siblings, 1 reply; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-16 16:06 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Help guix, Divan Santana, bug-guix

[-- Attachment #1: Type: text/plain, Size: 328 bytes --]

On Mon, Sep 16, 2019 at 05:57:51PM +0200, Ludovic Courtès wrote:
> So I guess we first need someone to tell us whether the patch “works”,
> as you wrote, right?  :-)
> 
> Ludo’.

Currently I have built the attached patch, but NetworkManager
segfaults when connecting, and I try to debug why.

Regards,
Florian

[-- Attachment #2: 0001-gnu-network-manager-Enable-openconnect-helper.patch --]
[-- Type: text/plain, Size: 1571 bytes --]

From 1efadd4619f397429d5fae024b46cd8100870c42 Mon Sep 17 00:00:00 2001
From: Florian Pelz <pelzflorian@pelzflorian.de>
Date: Mon, 16 Sep 2019 15:27:01 +0200
Subject: [PATCH] gnu: network-manager: Enable openconnect helper.

* gnu/packages/gnome.scm (network-manager): Add openconnect input.
Patch source to use it instead of searching /usr/bin.
---
 gnu/packages/gnome.scm | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 5dc18b3bb5..a8ba00965d 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -5374,6 +5374,13 @@ users.")
                (("src/devices/tests/test-lldp") " ")
                (("src/tests/test-route-manager-linux") " "))
              #t))
+         (add-after 'unpack 'patch-source
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((openconnect (assoc-ref inputs "openconnect")))
+               (substitute* "clients/common/nm-vpn-helpers.c"
+                 (("\\\"/usr/sbin/openconnect\\\"")
+                  (string-append "\"" openconnect "/sbin/openconnect\"")))
+               #t)))
          (add-after 'unpack 'delete-failing-tests
            (lambda _
              ;; FIXME: These four tests fail for unknown reasons.
@@ -5436,6 +5443,7 @@ users.")
        ("libsoup" ,libsoup)
        ("modem-manager" ,modem-manager)
        ("newt" ,newt)                       ;for the 'nmtui' console interface
+       ("openconnect" ,openconnect)
        ("polkit" ,polkit)
        ("ppp" ,ppp)
        ("readline" ,readline)
-- 
2.23.0


^ permalink raw reply related	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-16 16:06         ` pelzflorian (Florian Pelz)
@ 2019-09-27 16:37           ` pelzflorian (Florian Pelz)
  2019-09-28 14:00             ` Divan Santana
                               ` (3 more replies)
  0 siblings, 4 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-27 16:37 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 37369, divan, help-guix

Hello!

There might be a workaround:

NetworkManager stopped segfaulting for me after I “edited” the
openconnect VPN connection in nm-connection-editor without making any
changes to the connection.  Apparently this fixed get_secrets_done_cb
being passed what GDB calls an “<incomplete type>” as the connection
and crashing in nm_connection_get_setting_by_name.  I need to repeat
this nm-connection-editor editing after every reboot.

Does editing the VPN connection in nm-connection-editor fix the
problem for you, Divan Santana?

No patch at all is required for me.  nmtui works fine without the patch.

This issue is not present in Arch Linux using the more recent
NetworkManager 1.20.2.  I have not yet attempted to upgrade Guix’
NetworkManager to a more recent version.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-27 16:37           ` bug#37369: " pelzflorian (Florian Pelz)
  2019-09-28 14:00             ` Divan Santana
@ 2019-09-28 14:00             ` Divan Santana
  2019-09-28 14:16             ` Divan Santana
  2019-09-28 14:16             ` Divan Santana
  3 siblings, 0 replies; 28+ messages in thread
From: Divan Santana @ 2019-09-28 14:00 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 37369, help-guix

pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de> writes:

> Hello!
>
> There might be a workaround:
>
> NetworkManager stopped segfaulting for me after I “edited” the
> openconnect VPN connection in nm-connection-editor without making any
> changes to the connection.  Apparently this fixed get_secrets_done_cb
> being passed what GDB calls an “<incomplete type>” as the connection
> and crashing in nm_connection_get_setting_by_name.  I need to repeat
> this nm-connection-editor editing after every reboot.
>
> Does editing the VPN connection in nm-connection-editor fix the
> problem for you, Divan Santana?

I'll let you know.


> No patch at all is required for me.  nmtui works fine without the patch.

> This issue is not present in Arch Linux using the more recent
> NetworkManager 1.20.2.  I have not yet attempted to upgrade Guix’
> NetworkManager to a more recent version.

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: bug#37369: Getting network-manager-openconnect to work
  2019-09-27 16:37           ` bug#37369: " pelzflorian (Florian Pelz)
@ 2019-09-28 14:00             ` Divan Santana
  2019-09-28 14:00             ` Divan Santana
                               ` (2 subsequent siblings)
  3 siblings, 0 replies; 28+ messages in thread
From: Divan Santana @ 2019-09-28 14:00 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 37369, help-guix

pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de> writes:

> Hello!
>
> There might be a workaround:
>
> NetworkManager stopped segfaulting for me after I “edited” the
> openconnect VPN connection in nm-connection-editor without making any
> changes to the connection.  Apparently this fixed get_secrets_done_cb
> being passed what GDB calls an “<incomplete type>” as the connection
> and crashing in nm_connection_get_setting_by_name.  I need to repeat
> this nm-connection-editor editing after every reboot.
>
> Does editing the VPN connection in nm-connection-editor fix the
> problem for you, Divan Santana?

I'll let you know.


> No patch at all is required for me.  nmtui works fine without the patch.

> This issue is not present in Arch Linux using the more recent
> NetworkManager 1.20.2.  I have not yet attempted to upgrade Guix’
> NetworkManager to a more recent version.

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-27 16:37           ` bug#37369: " pelzflorian (Florian Pelz)
  2019-09-28 14:00             ` Divan Santana
  2019-09-28 14:00             ` Divan Santana
@ 2019-09-28 14:16             ` Divan Santana
  2019-09-28 14:16             ` Divan Santana
  3 siblings, 0 replies; 28+ messages in thread
From: Divan Santana @ 2019-09-28 14:16 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 37369, help-guix

pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de> writes:

> Hello!
>
> There might be a workaround:
>
> NetworkManager stopped segfaulting for me after I “edited” the
> openconnect VPN connection in nm-connection-editor without making any
> changes to the connection.  Apparently this fixed get_secrets_done_cb
> being passed what GDB calls an “<incomplete type>” as the connection
> and crashing in nm_connection_get_setting_by_name.  I need to repeat
> this nm-connection-editor editing after every reboot.
>
> Does editing the VPN connection in nm-connection-editor fix the
> problem for you, Divan Santana?

So firstly I can't edit the connection as my user, without sudo. Not
sure if I need to be in some group to do that?

I then edited something like so:

ds@swift ~ $ sudo nm-connection-editor
Password:

(nm-connection-editor:1990): Gtk-WARNING **: 16:01:57.175: Could not find the icon 'pan-down-symbolic-ltr'. The 'hicolor' theme
was not found either, perhaps you need to install it.
You can get a copy from:
        http://icon-theme.freedesktop.org/releases

(nm-connection-editor:1990): Gtk-WARNING **: 16:02:01.028: Could not load a pixbuf from /org/gtk/libgtk/theme/Adwaita/assets/check-symbolic.svg.
This may indicate that pixbuf loaders or the mime database could not be found.
GLib-GIO-Message: 16:02:08.131: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.

Once I edited the connection and tried to connect it still fails for me
like this:

ds@swift ~ $ sudo nmcli con up vpn-example --ask
Error: openconnect failed: Could not find "openconnect" binary
A password is required to connect to 'vpn-example'.
Gateway (vpn.secrets.gateway): ^Cds@swift ~ $

On arch, with the same connection file, it works on CLI with above
command.

I then tried starting nm-applet and then running:

ds@swift ~ $ sudo nmcli con up vpn-example

It then brings up the GUI and shows me a certificate for remote
gateway. Asks me to select my group and enter username and password. So
it appears like it's working. It then fails to auth for some reason.

Sep 28 16:07:16 localhost NetworkManager[506]: <info>  [1569679636.8722] vpn-connection[0x1cae420,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: VPN service disappeared
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0578] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/10)
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0847] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0860] keyfile: add connection in-memory (3a679fd7-0450-43ef-8e48-63850b1f0798,"tun0")
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0871] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0878] device (tun0): Activation: starting connection 'tun0' (3a679fd7-0450-43ef-8e48-63850b1f0798)
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0882] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0886] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0888] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0889] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0891] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0893] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost nscd: 464 monitored file `/etc/resolv.conf` was written to
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.1084] device (tun0): Activation: successful, device activated.
Sep 28 16:11:34 localhost ntpd[507]: Listen normally on 11 tun0 10.7.246.164:123
Sep 28 16:11:34 localhost ntpd[507]: Listen normally on 12 tun0 [fe80::60db:5ddd:b445:60e9%11]:123
Sep 28 16:11:36 localhost nscd: 464 monitored file `/etc/resolv.conf` was moved into place, adding watch
Sep 28 16:11:47 localhost NetworkManager[506]: <info>  [1569679907.3367] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Sep 28 16:11:48 localhost ntpd[507]: Deleting interface #11 tun0, 10.7.246.164#123, interface stats: received=0, sent=0, dropped=0, active_time=14 secs
Sep 28 16:11:48 localhost ntpd[507]: Deleting interface #12 tun0, fe80::60db:5ddd:b445:60e9%11#123, interface stats: received=0, sent=0, dropped=0, active_time=14 secs
Sep 28 16:12:02 localhost NetworkManager[506]: <info>  [1569679922.9339] audit: op="connection-activate" uuid="ed432bd4-9078-493d-a9c3-fb7ac4199917" name="vpn-example" pid=2986 uid=1000 result="success"
Sep 28 16:12:02 localhost NetworkManager[506]: <info>  [1569679922.9371] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: Started the VPN service, PID 2992
Sep 28 16:12:02 localhost NetworkManager[506]: <info>  [1569679922.9439] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: Saw the service appear; activating connection
Sep 28 16:12:13 localhost ntpd[507]: Soliciting pool server 196.10.54.57
Sep 28 16:12:28 localhost NetworkManager[506]: <info>  [1569679948.1291] settings-connection[0x1b091c0,ed432bd4-9078-493d-a9c3-fb7ac4199917]: write: successfully commited (keyfile: update /etc/NetworkManager/system-connections/vpn-example (ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example"))
Sep 28 16:12:28 localhost NetworkManager[506]: <error> [1569679948.1318] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: final secrets request failed to provide sufficient secrets
Sep 28 16:12:28 localhost NetworkManager[506]: <info>  [1569679948.1343] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: VPN service disappeared
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0102] error requesting auth for org.freedesktop.NetworkManager.wifi.share.protected: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0107] error requesting auth for org.freedesktop.NetworkManager.wifi.share.open: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0110] error requesting auth for org.freedesktop.NetworkManager.settings.modify.system: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0114] error requesting auth for org.freedesktop.NetworkManager.settings.modify.own: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0118] error requesting auth for org.freedesktop.NetworkManager.settings.modify.hostname: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0120] error requesting auth for org.freedesktop.NetworkManager.settings.modify.global-dns: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0124] error requesting auth for org.freedesktop.NetworkManager.reload: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0127] error requesting auth for org.freedesktop.NetworkManager.checkpoint-rollback: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0130] error requesting auth for org.freedesktop.NetworkManager.enable-disable-statistics: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0133] error requesting auth for org.freedesktop.NetworkManager.enable-disable-connectivity-check: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: bug#37369: Getting network-manager-openconnect to work
  2019-09-27 16:37           ` bug#37369: " pelzflorian (Florian Pelz)
                               ` (2 preceding siblings ...)
  2019-09-28 14:16             ` Divan Santana
@ 2019-09-28 14:16             ` Divan Santana
  2019-09-28 15:34               ` pelzflorian (Florian Pelz)
                                 ` (3 more replies)
  3 siblings, 4 replies; 28+ messages in thread
From: Divan Santana @ 2019-09-28 14:16 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 37369, help-guix

pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de> writes:

> Hello!
>
> There might be a workaround:
>
> NetworkManager stopped segfaulting for me after I “edited” the
> openconnect VPN connection in nm-connection-editor without making any
> changes to the connection.  Apparently this fixed get_secrets_done_cb
> being passed what GDB calls an “<incomplete type>” as the connection
> and crashing in nm_connection_get_setting_by_name.  I need to repeat
> this nm-connection-editor editing after every reboot.
>
> Does editing the VPN connection in nm-connection-editor fix the
> problem for you, Divan Santana?

So firstly I can't edit the connection as my user, without sudo. Not
sure if I need to be in some group to do that?

I then edited something like so:

ds@swift ~ $ sudo nm-connection-editor
Password:

(nm-connection-editor:1990): Gtk-WARNING **: 16:01:57.175: Could not find the icon 'pan-down-symbolic-ltr'. The 'hicolor' theme
was not found either, perhaps you need to install it.
You can get a copy from:
        http://icon-theme.freedesktop.org/releases

(nm-connection-editor:1990): Gtk-WARNING **: 16:02:01.028: Could not load a pixbuf from /org/gtk/libgtk/theme/Adwaita/assets/check-symbolic.svg.
This may indicate that pixbuf loaders or the mime database could not be found.
GLib-GIO-Message: 16:02:08.131: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.

Once I edited the connection and tried to connect it still fails for me
like this:

ds@swift ~ $ sudo nmcli con up vpn-example --ask
Error: openconnect failed: Could not find "openconnect" binary
A password is required to connect to 'vpn-example'.
Gateway (vpn.secrets.gateway): ^Cds@swift ~ $

On arch, with the same connection file, it works on CLI with above
command.

I then tried starting nm-applet and then running:

ds@swift ~ $ sudo nmcli con up vpn-example

It then brings up the GUI and shows me a certificate for remote
gateway. Asks me to select my group and enter username and password. So
it appears like it's working. It then fails to auth for some reason.

Sep 28 16:07:16 localhost NetworkManager[506]: <info>  [1569679636.8722] vpn-connection[0x1cae420,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: VPN service disappeared
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0578] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/10)
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0847] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0860] keyfile: add connection in-memory (3a679fd7-0450-43ef-8e48-63850b1f0798,"tun0")
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0871] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0878] device (tun0): Activation: starting connection 'tun0' (3a679fd7-0450-43ef-8e48-63850b1f0798)
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0882] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0886] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0888] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0889] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0891] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.0893] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Sep 28 16:11:33 localhost nscd: 464 monitored file `/etc/resolv.conf` was written to
Sep 28 16:11:33 localhost NetworkManager[506]: <info>  [1569679893.1084] device (tun0): Activation: successful, device activated.
Sep 28 16:11:34 localhost ntpd[507]: Listen normally on 11 tun0 10.7.246.164:123
Sep 28 16:11:34 localhost ntpd[507]: Listen normally on 12 tun0 [fe80::60db:5ddd:b445:60e9%11]:123
Sep 28 16:11:36 localhost nscd: 464 monitored file `/etc/resolv.conf` was moved into place, adding watch
Sep 28 16:11:47 localhost NetworkManager[506]: <info>  [1569679907.3367] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Sep 28 16:11:48 localhost ntpd[507]: Deleting interface #11 tun0, 10.7.246.164#123, interface stats: received=0, sent=0, dropped=0, active_time=14 secs
Sep 28 16:11:48 localhost ntpd[507]: Deleting interface #12 tun0, fe80::60db:5ddd:b445:60e9%11#123, interface stats: received=0, sent=0, dropped=0, active_time=14 secs
Sep 28 16:12:02 localhost NetworkManager[506]: <info>  [1569679922.9339] audit: op="connection-activate" uuid="ed432bd4-9078-493d-a9c3-fb7ac4199917" name="vpn-example" pid=2986 uid=1000 result="success"
Sep 28 16:12:02 localhost NetworkManager[506]: <info>  [1569679922.9371] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: Started the VPN service, PID 2992
Sep 28 16:12:02 localhost NetworkManager[506]: <info>  [1569679922.9439] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: Saw the service appear; activating connection
Sep 28 16:12:13 localhost ntpd[507]: Soliciting pool server 196.10.54.57
Sep 28 16:12:28 localhost NetworkManager[506]: <info>  [1569679948.1291] settings-connection[0x1b091c0,ed432bd4-9078-493d-a9c3-fb7ac4199917]: write: successfully commited (keyfile: update /etc/NetworkManager/system-connections/vpn-example (ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example"))
Sep 28 16:12:28 localhost NetworkManager[506]: <error> [1569679948.1318] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: final secrets request failed to provide sufficient secrets
Sep 28 16:12:28 localhost NetworkManager[506]: <info>  [1569679948.1343] vpn-connection[0x1cae220,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: VPN service disappeared
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0102] error requesting auth for org.freedesktop.NetworkManager.wifi.share.protected: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0107] error requesting auth for org.freedesktop.NetworkManager.wifi.share.open: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0110] error requesting auth for org.freedesktop.NetworkManager.settings.modify.system: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0114] error requesting auth for org.freedesktop.NetworkManager.settings.modify.own: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0118] error requesting auth for org.freedesktop.NetworkManager.settings.modify.hostname: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0120] error requesting auth for org.freedesktop.NetworkManager.settings.modify.global-dns: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0124] error requesting auth for org.freedesktop.NetworkManager.reload: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0127] error requesting auth for org.freedesktop.NetworkManager.checkpoint-rollback: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0130] error requesting auth for org.freedesktop.NetworkManager.enable-disable-statistics: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory
Sep 28 16:12:46 localhost NetworkManager[506]: <warn>  [1569679966.0133] error requesting auth for org.freedesktop.NetworkManager.enable-disable-connectivity-check: Authorization check failed: Failed to open file “/proc/3076/status”: No such file or directory

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-28 14:16             ` Divan Santana
  2019-09-28 15:34               ` pelzflorian (Florian Pelz)
@ 2019-09-28 15:34               ` pelzflorian (Florian Pelz)
  2019-09-28 16:47               ` pelzflorian (Florian Pelz)
  2019-09-28 16:47               ` pelzflorian (Florian Pelz)
  3 siblings, 0 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-28 15:34 UTC (permalink / raw)
  To: Divan Santana; +Cc: 37369, help-guix

For me, before editing the connection, NetworkManager crashed with a
segfault and restarted after attempting to connect with a faulty VPN
connection.  The same may be what happens to you.

However, I can add a new connection with gnome-control-center or
nm-connection-editor (without using any “connection file”; GNOME asks
me for the sudo password though) and then I fill in the gateway field.
I can then use for example nmtui to activate the connection.

I noticed I have openconnect in my config.scm’s system packages, but I
believe it is not relevant.

I use:

(network-manager-service-type config =>
  (network-manager-configuration
    (inherit config)
    (dns "dnsmasq")
    (vpn-plugins (list network-manager-openconnect))))

dnsmasq is probably not required, but I do not know.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: bug#37369: Getting network-manager-openconnect to work
  2019-09-28 14:16             ` Divan Santana
@ 2019-09-28 15:34               ` pelzflorian (Florian Pelz)
  2019-09-29  7:54                 ` pelzflorian (Florian Pelz)
  2019-09-29  7:54                 ` pelzflorian (Florian Pelz)
  2019-09-28 15:34               ` pelzflorian (Florian Pelz)
                                 ` (2 subsequent siblings)
  3 siblings, 2 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-28 15:34 UTC (permalink / raw)
  To: Divan Santana; +Cc: 37369, help-guix

For me, before editing the connection, NetworkManager crashed with a
segfault and restarted after attempting to connect with a faulty VPN
connection.  The same may be what happens to you.

However, I can add a new connection with gnome-control-center or
nm-connection-editor (without using any “connection file”; GNOME asks
me for the sudo password though) and then I fill in the gateway field.
I can then use for example nmtui to activate the connection.

I noticed I have openconnect in my config.scm’s system packages, but I
believe it is not relevant.

I use:

(network-manager-service-type config =>
  (network-manager-configuration
    (inherit config)
    (dns "dnsmasq")
    (vpn-plugins (list network-manager-openconnect))))

dnsmasq is probably not required, but I do not know.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-28 14:16             ` Divan Santana
                                 ` (2 preceding siblings ...)
  2019-09-28 16:47               ` pelzflorian (Florian Pelz)
@ 2019-09-28 16:47               ` pelzflorian (Florian Pelz)
  3 siblings, 0 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-28 16:47 UTC (permalink / raw)
  To: Divan Santana; +Cc: 37369, help-guix

On Sat, Sep 28, 2019 at 04:16:40PM +0200, Divan Santana wrote:
> So firstly I can't edit the connection as my user, without sudo. Not
> sure if I need to be in some group to do that?
> 

P.S. I use

 (users (cons (user-account
               (name "florian")
               (comment "Florian Pelz")
               (group "users")
               (supplementary-groups '("wheel" "netdev"
                                       "audio" "video"
                                       "httpd" "kvm"))
               (home-directory "/home/florian"))
              %base-user-accounts))

which is the default when installing Guix with the GNOME desktop plus
unrelated httpd and kvm.
netdev group seems relevant.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: bug#37369: Getting network-manager-openconnect to work
  2019-09-28 14:16             ` Divan Santana
  2019-09-28 15:34               ` pelzflorian (Florian Pelz)
  2019-09-28 15:34               ` pelzflorian (Florian Pelz)
@ 2019-09-28 16:47               ` pelzflorian (Florian Pelz)
  2019-10-03 11:51                 ` Divan Santana
  2019-10-03 11:51                 ` Divan Santana
  2019-09-28 16:47               ` pelzflorian (Florian Pelz)
  3 siblings, 2 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-28 16:47 UTC (permalink / raw)
  To: Divan Santana; +Cc: 37369, help-guix

On Sat, Sep 28, 2019 at 04:16:40PM +0200, Divan Santana wrote:
> So firstly I can't edit the connection as my user, without sudo. Not
> sure if I need to be in some group to do that?
> 

P.S. I use

 (users (cons (user-account
               (name "florian")
               (comment "Florian Pelz")
               (group "users")
               (supplementary-groups '("wheel" "netdev"
                                       "audio" "video"
                                       "httpd" "kvm"))
               (home-directory "/home/florian"))
              %base-user-accounts))

which is the default when installing Guix with the GNOME desktop plus
unrelated httpd and kvm.
netdev group seems relevant.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-28 15:34               ` pelzflorian (Florian Pelz)
@ 2019-09-29  7:54                 ` pelzflorian (Florian Pelz)
  2019-09-29  7:54                 ` pelzflorian (Florian Pelz)
  1 sibling, 0 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-29  7:54 UTC (permalink / raw)
  To: Divan Santana; +Cc: 37369, help-guix

Regarding openconnect, no workarounds are necessary anymore for me on
core-updates, which uses a more recent network-manager@1.14.4 and will
soon be on Guix master.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: bug#37369: Getting network-manager-openconnect to work
  2019-09-28 15:34               ` pelzflorian (Florian Pelz)
  2019-09-29  7:54                 ` pelzflorian (Florian Pelz)
@ 2019-09-29  7:54                 ` pelzflorian (Florian Pelz)
  1 sibling, 0 replies; 28+ messages in thread
From: pelzflorian (Florian Pelz) @ 2019-09-29  7:54 UTC (permalink / raw)
  To: Divan Santana; +Cc: 37369, help-guix

Regarding openconnect, no workarounds are necessary anymore for me on
core-updates, which uses a more recent network-manager@1.14.4 and will
soon be on Guix master.

Regards,
Florian

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-28 16:47               ` pelzflorian (Florian Pelz)
@ 2019-10-03 11:51                 ` Divan Santana
  2019-10-03 11:51                 ` Divan Santana
  1 sibling, 0 replies; 28+ messages in thread
From: Divan Santana @ 2019-10-03 11:51 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 37369, help-guix


pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de> writes:

> On Sat, Sep 28, 2019 at 04:16:40PM +0200, Divan Santana wrote:
>> So firstly I can't edit the connection as my user, without sudo. Not
>> sure if I need to be in some group to do that?
>>
>
> P.S. I use
>
>  (users (cons (user-account
>                (name "florian")
>                (comment "Florian Pelz")
>                (group "users")
>                (supplementary-groups '("wheel" "netdev"
>                                        "audio" "video"
>                                        "httpd" "kvm"))
>                (home-directory "/home/florian"))
>               %base-user-accounts))
>
> which is the default when installing Guix with the GNOME desktop plus
> unrelated httpd and kvm.
> netdev group seems relevant.

This is mine

 (users (cons (user-account
               (name "ds")
               (comment "Divan Santana")
               (group "users")
               (supplementary-groups
                '("adbusers"            ;for adb
                  "wheel" "kvm" "audio" "video" "lp"
                  "docker"
                  ;; "lpadmin"
                  "cdrom" "netdev"))
               ;;(shell #~(string-append #$zsh "/bin/zsh"))
               (home-directory "/home/ds"))
              %base-user-accounts))

Already had netdev. Seems same as yours. I'll look into it more
sometime.

Thanks

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Re: bug#37369: Getting network-manager-openconnect to work
  2019-09-28 16:47               ` pelzflorian (Florian Pelz)
  2019-10-03 11:51                 ` Divan Santana
@ 2019-10-03 11:51                 ` Divan Santana
  1 sibling, 0 replies; 28+ messages in thread
From: Divan Santana @ 2019-10-03 11:51 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 37369, help-guix


pelzflorian (Florian Pelz) <pelzflorian@pelzflorian.de> writes:

> On Sat, Sep 28, 2019 at 04:16:40PM +0200, Divan Santana wrote:
>> So firstly I can't edit the connection as my user, without sudo. Not
>> sure if I need to be in some group to do that?
>>
>
> P.S. I use
>
>  (users (cons (user-account
>                (name "florian")
>                (comment "Florian Pelz")
>                (group "users")
>                (supplementary-groups '("wheel" "netdev"
>                                        "audio" "video"
>                                        "httpd" "kvm"))
>                (home-directory "/home/florian"))
>               %base-user-accounts))
>
> which is the default when installing Guix with the GNOME desktop plus
> unrelated httpd and kvm.
> netdev group seems relevant.

This is mine

 (users (cons (user-account
               (name "ds")
               (comment "Divan Santana")
               (group "users")
               (supplementary-groups
                '("adbusers"            ;for adb
                  "wheel" "kvm" "audio" "video" "lp"
                  "docker"
                  ;; "lpadmin"
                  "cdrom" "netdev"))
               ;;(shell #~(string-append #$zsh "/bin/zsh"))
               (home-directory "/home/ds"))
              %base-user-accounts))

Already had netdev. Seems same as yours. I'll look into it more
sometime.

Thanks

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#37369: Getting network-manager-openconnect to work
  2019-09-10 11:21 ` pelzflorian (Florian Pelz)
                     ` (4 preceding siblings ...)
  2019-09-16 11:53   ` pelzflorian (Florian Pelz)
@ 2020-04-12 19:46   ` divan
  2020-05-04 19:43   ` bug#37369: (no subject) Divan Santana via web
  6 siblings, 0 replies; 28+ messages in thread
From: divan @ 2020-04-12 19:46 UTC (permalink / raw)
  To: 37369

Hi again,

I'm not having any luck getting network-manager-openconnect to work for
me.

For one, using nm-connection-editor on cli or via exwm program launcher,
and creating a new connection tells me:

Insufficient privileges

Apr 12 21:32:20 swift NetworkManager[385]: <info>  [1586719940.8362] audit: op="connection-add" pid=2616 uid=1000 result="fail" reason="Insufficient privileges."

$ id
uid=1000(ds) gid=998(users) groups=998(users),972(docker),975(libvirt),978(adbusers),984(kvm),986(cdrom),989(lp),990(netdev),991(audio),992(video),993(input),999(wheel)

Full system config is pasted below[1].

My groups appear fine. Perhaps some issue with polkit?

polkit is running though.

polkitd    864     1  0 12:33 ?        00:00:00 /gnu/store/mw57n9nj3y20bfm9ijcbpm16gpsik6sg-polkit-0.116/lib/polkit-1/polkitd --no-debug

Not sure if it's the way my desktop is started with exwm.

I am able to up / down connections via "nmcli con up id" and without
sudo.

Secondly, upping a openconnect network manager connection file which is
known to work on another distro results in this:

$ nmcli con up id my-vpn-2fa --ask
Error: openconnect failed: Could not find "openconnect" binary
A password is required to connect to 'my-vpn-2fa.
Gateway (vpn.secrets.gateway):

I notice that after about a minute the GUI form pops up. I then prompts
me for my 2FA meaning it passed the 1st authentication bit. After I
approve, it then dissapears and seems to disconnect.

Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.6929] agent-manager: req[0x1043510, :1.159/nmcli-connect/1000]: agent registered
Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.6976] audit: op="connection-activate" uuid="40441d34-5290-4631-8796-5fb57d0f1bf2" name="vpn-fnb-2fa" pid=12530 uid=1000 result="success"
Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.7034] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Started the VPN service, PID 12536
Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.7117] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Saw the service appear; activating connection
Apr 12 21:20:33 swift NetworkManager[360]: <info>  [1586719233.2173] settings-connection[0xecac80,40441d34-5290-4631-8796-5fb57d0f1bf2]: write: successfully committed (keyfile: update /etc/NetworkManager/system-connections/vpn-fnb-2fa (40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa"))
Apr 12 21:20:33 swift NetworkManager[360]: <error> [1586719233.2192] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: final secrets request failed to provide sufficient secrets
Apr 12 21:20:33 swift NetworkManager[360]: <info>  [1586719233.2234] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: VPN plugin: state changed: stopped (6)

Creating a new connecting via sudo and the starting it results in the
same.

Any idea?

[1]: (trimmed slightly)

--8<---------------cut here---------------start------------->8---
;; My laptop guix system configuration.

(use-modules
 (gnu)
 (gnu packages admin)
 (gnu packages android)                 ;for android-udev-rules
 (gnu packages certs)
 (gnu packages cups)
 (gnu packages gnome)
 (gnu packages gnupg)
 (gnu packages haskell-apps)
 (gnu packages linux)
 (gnu packages shells)
 (gnu packages suckless)
 (gnu packages virtualization)
 (gnu packages wm)
 (gnu packages xorg)
 (gnu services avahi)
 (gnu services cups)
 (gnu services desktop)
 (gnu services dns)
 (gnu services docker)
 (gnu services monitoring)
 (gnu services networking)
 (gnu services pm)
 (gnu services shepherd)
 (gnu services sound)
 (gnu services ssh)
 (gnu services sysctl)
 (gnu services virtualization)
 (gnu services xorg)
 (gnu system nss)
 (gnu system shadow)                    ;for user-group
 (guix build-system trivial)
 (guix download)                        ;for url-fetch
 (guix git-download)
 (guix packages)                        ;for origin
 (nongnu packages linux)
 (srfi srfi-1)                          ;for 'remove'
 )

(define %extra-linux-modules
  '("fuse"                      ; for sshfs
    "nbd"                       ; to mount qcow2 images
    ))

(operating-system
 (host-name "swift")
 (timezone "Africa/Johannesburg")
 (locale "en_US.utf8")
 (locale-libcs (list glibc-2.28 (canonical-package glibc)))

 (hosts-file (local-file "/home/ds/src/ds-config/.config/guix/etc/hosts"))
 (sudoers-file (local-file "/home/ds/src/ds-config/.config/guix/etc/sudoers"))

 (kernel-arguments
  (list
   (string-append "resume_offset=106602496")
   (string-append "modprobe.blacklist=" "pcspkr,snd_pcsp")
   (string-append "net.ifnames=0")
   (string-append "kvm_intel.nested=1")))

 (kernel linux-4.19)
 (firmware (cons* linux-firmware %base-firmware))

 (initrd (lambda (fs . args)
           (apply base-initrd fs
                  #:extra-modules %extra-linux-modules
                  args)))

 (bootloader (bootloader-configuration
              (bootloader grub-efi-bootloader)
              (target "/boot/efi")
              ))

 (mapped-devices (list (mapped-device
                        (source (uuid "3e7beb3b-1037-4ee8-9048-5e048afafbd0"))
                        (target "crypt")
                        (type luks-device-mapping))))

 (file-systems (cons* (file-system
                       (device "/dev/nvme0n1p1")
                       (type "msdos")
                       (mount-point "/boot/efi"))
                      (file-system
                       (device "/dev/mapper/crypt")
                       (mount-point "/")
                       (type "ext4")
                       ;; this is breaking
                       ;; (options "noatime,nodiratime")
                       (dependencies mapped-devices))
                      %base-file-systems))

 (swap-devices '("/mnt/swapfile"))

 (users (cons (user-account
               (name "ds")
               (comment "Divan Santana")
               (group "users")
               (supplementary-groups
                '("adbusers"            ;for adb
                  "wheel" "kvm" "audio" "video" "lp"
                  "docker"
                  "libvirt"
                  "input"
                  ;; "lpadmin"
                  "cdrom" "netdev"))
               (home-directory "/home/ds"))
              %base-user-accounts))

 (groups (cons (user-group (system? #t) (name "adbusers"))
               %base-groups))

 (packages
  (append (map specification->package
               '(
                 "bash-completion"
                 "binutils"
                 "bridge-utils"
                 "dmidecode"
                 "dnsmasq"
                 "docker"
                 "docker-cli"
                 "docker-compose"
                 "dosfstools"
                 "dtach"
                 "ethtool"
                 "font-adobe-source-code-pro"
                 "font-adobe-source-sans-pro"
                 "font-adobe-source-serif-pro"
                 "font-adobe100dpi"
                 "font-adobe75dpi"
                 "font-awesome"
                 "font-bitstream-vera"
                 "font-dejavu"
                 "font-fantasque-sans"
                 "font-fira-code"
                 "font-fira-mono"
                 "font-fira-sans"
                 "font-gnu-freefont-ttf"
                 "font-google-roboto"
                 "font-hack"
                 "font-inconsolata"
                 "font-iosevka"
                 "font-liberation"
                 "font-misc-misc"
                 "font-tamzen"
                 "font-ubuntu"
                 ;; "font-symbola" ;; missing
                 "git"
                 ;; "arc-theme" ;; fixme, should be in core only
                 "gnome-themes-standard" ;; fixme, should be in core only
                 "iptables"
                 "light"
                 "lsof"
                 "mlocate"
                 "mobile-broadband-provider-info"
                 "modem-manager"
                 "neovim"
                 "netcat"
                 "network-manager-applet"
                 "network-manager-openconnect"
                 "network-manager-vpnc"
                 "net-tools"
                 "nss" ;; FIXME: is not providing certutil
                 "nss-certs"
                 "ntfs-3g"
                 "openconnect"
                 "openssh"
                 "parted"
                 "qemu"
                 "rsync"
                 "setxkbmap"
                 "slock"
                 "usb-modeswitch"
                 "usb-modeswitch-data"
                 "udiskie"
                 "xcape"
                 "xdotool" ;; simulate keyboard/mouse presses
                 "xev"
                 "xf86-input-libinput"
                 "xf86-input-synaptics"
                 "xf86-input-wacom"
                 "xf86-video-fbdev"
                 "xinit"
                 "xmodmap"
                 "xorg-server"
                 "xrandr"
                 "xrdb"
                 "xsel"
                 "xset"
                 "kmonad"
                 "xss-lock"
                 "xterm"
                 "xf86-video-intel"
                 ))
          %base-packages))

 (setuid-programs (cons (file-append qemu "/libexec/qemu-bridge-helper")
                        %setuid-programs))

 (services (cons*

            (service openssh-service-type
                     (openssh-configuration
                      (port-number 8444)
                      (permit-root-login 'without-password)
                      ))

            (service tor-service-type)

            (simple-service 'store-my-config
                            etc-service-type
                            `(("config.scm"
                               ,(local-file (assoc-ref
                                             (current-source-location)
                                             'filename)))))

            (service cups-service-type
                     (cups-configuration
                      (web-interface? #t)
                      (extensions
                       (list cups-filters hplip))))

            (screen-locker-service slock "slock")

            (service tlp-service-type
                     (tlp-configuration
                      ;; TODO: enable autosuspend and blacklist certian
                      ;; usb devices.
                      (usb-autosuspend? #f)))

            (service thermald-service-type)

            (service gpm-service-type)
            (service docker-service-type)

            (service libvirt-service-type
                     (libvirt-configuration
                      (unix-sock-group "libvirt")))

            (service virtlog-service-type)

            (service sysctl-service-type
                     (sysctl-configuration
                      (settings '(
                                  ("net.ipv4.ip_forward" . "1")
                                  ("vm.swappiness" . "05")
                                  ))))

            (extra-special-file "/usr/bin/env"
                                (file-append coreutils "/bin/env"))

            firewall-service

          (service prometheus-node-exporter-service-type
                   (prometheus-node-exporter-configuration
                     (web-listen-address ":9100")))

            (service slim-service-type
                     (slim-configuration
                      (auto-login? #t)
                      (default-user "ds")
                      ;; (auto-login-session #f)
                      (xorg-configuration
                       (xorg-configuration
                        (drivers '("modesetting"))
                       ))
                       ))

            (remove (lambda (service)
                      (eq? (service-kind service) avahi-service-type))
                    (remove (lambda (service)
                              (eq? (service-kind service) gdm-service-type))

                            (modify-services %desktop-services
                                             (network-manager-service-type
                                              config => (network-manager-configuration
                                                         (inherit config)
                                                         (dns "dnsmasq")
                                                         (vpn-plugins (list network-manager-openconnect))
                                                         ))
                                             (udev-service-type
                                              config => (udev-configuration
                                                         (inherit config)
                                                         (rules (append (udev-configuration-rules config)
                                                                        (list %backlight-udev-rule android-udev-rules kmonad)))))
                                             (login-service-type
                                              config => (login-configuration
                                                         (inherit config)
                                                         (motd %motd)))))))))
--8<---------------cut here---------------end--------------->8---

^ permalink raw reply	[flat|nested] 28+ messages in thread

* Getting network-manager-openconnect to work
@ 2020-04-22 12:25 divan
  0 siblings, 0 replies; 28+ messages in thread
From: divan @ 2020-04-22 12:25 UTC (permalink / raw)
  To: Help guix

Hi Guixers,

There is also a bug report about this query.

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37369

I'm not having any luck getting network-manager-openconnect to work for
me.

For one, using nm-connection-editor on cli or via exwm program launcher,
and creating a new connection tells me:

Insufficient privileges

Apr 12 21:32:20 swift NetworkManager[385]: <info>  [1586719940.8362] audit: op="connection-add" pid=2616 uid=1000 result="fail" reason="Insufficient privileges."

$ id
uid=1000(ds) gid=998(users) groups=998(users),972(docker),975(libvirt),978(adbusers),984(kvm),986(cdrom),989(lp),990(netdev),991(audio),992(video),993(input),999(wheel)

Full system config is pasted below[1].

My groups appear fine. Perhaps some issue with polkit?

polkit is running though.

polkitd    864     1  0 12:33 ?        00:00:00 /gnu/store/mw57n9nj3y20bfm9ijcbpm16gpsik6sg-polkit-0.116/lib/polkit-1/polkitd --no-debug

Not sure if it's the way my desktop is started with exwm.

I am able to up / down connections via "nmcli con up id" and without
sudo.

I know others have sometimes complained about network manager
permissions as a user. It seems it works for some but not others.

Secondly, upping a openconnect network manager connection file which is
known to work on another distro results in this:

$ nmcli con up id my-vpn-2fa --ask
Error: openconnect failed: Could not find "openconnect" binary
A password is required to connect to 'my-vpn-2fa.
Gateway (vpn.secrets.gateway):

I notice that after about a minute the GUI form pops up. I then prompts
me for my 2FA meaning it passed the 1st authentication bit. After I
approve, it then dissapears and seems to disconnect.

Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.6929] agent-manager: req[0x1043510, :1.159/nmcli-connect/1000]: agent registered
Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.6976] audit: op="connection-activate" uuid="40441d34-5290-4631-8796-5fb57d0f1bf2" name="vpn-fnb-2fa" pid=12530 uid=1000 result="success"
Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.7034] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Started the VPN service, PID 12536
Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.7117] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Saw the service appear; activating connection
Apr 12 21:20:33 swift NetworkManager[360]: <info>  [1586719233.2173] settings-connection[0xecac80,40441d34-5290-4631-8796-5fb57d0f1bf2]: write: successfully committed (keyfile: update /etc/NetworkManager/system-connections/vpn-fnb-2fa (40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa"))
Apr 12 21:20:33 swift NetworkManager[360]: <error> [1586719233.2192] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: final secrets request failed to provide sufficient secrets
Apr 12 21:20:33 swift NetworkManager[360]: <info>  [1586719233.2234] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: VPN plugin: state changed: stopped (6)

Creating a new connecting via sudo and the starting it results in the
same.

Any idea?

[1]: (trimmed slightly)

--8<---------------cut here---------------start------------->8---
(use-modules
 (gnu)
 (gnu packages admin)
 (gnu packages android)                 ;for android-udev-rules
 (gnu packages certs)
 (gnu packages cups)
 (gnu packages gnome)
 (gnu packages gnupg)
 (gnu packages haskell-apps)
 (gnu packages linux)
 (gnu packages shells)
 (gnu packages suckless)
 (gnu packages virtualization)
 (gnu packages wm)
 (gnu packages xorg)
 (gnu services avahi)
 (gnu services cups)
 (gnu services desktop)
 (gnu services dns)
 (gnu services docker)
 (gnu services monitoring)
 (gnu services networking)
 (gnu services pm)
 (gnu services shepherd)
 (gnu services sound)
 (gnu services ssh)
 (gnu services sysctl)
 (gnu services virtualization)
 (gnu services xorg)
 (gnu system nss)
 (gnu system shadow)                    ;for user-group
 (guix build-system trivial)
 (guix download)                        ;for url-fetch
 (guix git-download)
 (guix packages)                        ;for origin
 (nongnu packages linux)
 (srfi srfi-1)                          ;for 'remove'
 )

(define %extra-linux-modules
  '("fuse"                      ; for sshfs
    "nbd"                       ; to mount qcow2 images
    ))

(operating-system
 (host-name "swift")
 (timezone "Africa/Johannesburg")
 (locale "en_US.utf8")
 (locale-libcs (list glibc-2.28 (canonical-package glibc)))

 (hosts-file (local-file "/home/ds/src/ds-config/.config/guix/etc/hosts"))
 (sudoers-file (local-file "/home/ds/src/ds-config/.config/guix/etc/sudoers"))

 (kernel-arguments
  (list
   (string-append "resume_offset=106602496")
   (string-append "modprobe.blacklist=" "pcspkr,snd_pcsp")
   (string-append "net.ifnames=0")
   (string-append "kvm_intel.nested=1")))

 (kernel linux-4.19)
 (firmware (cons* linux-firmware %base-firmware))

 (initrd (lambda (fs . args)
           (apply base-initrd fs
                  #:extra-modules %extra-linux-modules
                  args)))

 (bootloader (bootloader-configuration
              (bootloader grub-efi-bootloader)
              (target "/boot/efi")
              ))

 (mapped-devices (list (mapped-device
                        (source (uuid "3e7beb3b-1037-4ee8-9048-5e048afafbd0"))
                        (target "crypt")
                        (type luks-device-mapping))))

 (file-systems (cons* (file-system
                       (device "/dev/nvme0n1p1")
                       (type "msdos")
                       (mount-point "/boot/efi"))
                      (file-system
                       (device "/dev/mapper/crypt")
                       (mount-point "/")
                       (type "ext4")
                       (dependencies mapped-devices))
                      %base-file-systems))

 (swap-devices '("/mnt/swapfile"))

 (users (cons (user-account
               (name "ds")
               (comment "Divan Santana")
               (group "users")
               (supplementary-groups
                '("adbusers"            ;for adb
                  "wheel" "kvm" "audio" "video" "lp"
                  "docker"
                  "libvirt"
                  "input"
                  ;; "lpadmin"
                  "cdrom" "netdev"))
               (home-directory "/home/ds"))
              %base-user-accounts))

 (groups (cons (user-group (system? #t) (name "adbusers"))
               %base-groups))

 (packages
  (append (map specification->package
               '(
                 "bash-completion"
                 "binutils"
                 "bridge-utils"
                 "dmidecode"
                 "dnsmasq"
                 "docker"
                 "docker-cli"
                 "docker-compose"
                 "dosfstools"
                 "dtach"
                 "ethtool"
                 "font-adobe-source-code-pro"
                 "font-adobe-source-sans-pro"
                 "font-adobe-source-serif-pro"
                 "font-adobe100dpi"
                 "font-adobe75dpi"
                 "font-awesome"
                 "font-bitstream-vera"
                 "font-dejavu"
                 "font-fantasque-sans"
                 "font-fira-code"
                 "font-fira-mono"
                 "font-fira-sans"
                 "font-gnu-freefont-ttf"
                 "font-google-roboto"
                 "font-hack"
                 "font-inconsolata"
                 "font-iosevka"
                 "font-liberation"
                 "font-misc-misc"
                 "font-tamzen"
                 "font-ubuntu"
                 ;; "font-symbola" ;; missing
                 "git"
                 ;; "arc-theme" ;; fixme, should be in core only
                 "gnome-themes-standard" ;; fixme, should be in core only
                 "iptables"
                 "light"
                 "lsof"
                 "mlocate"
                 "mobile-broadband-provider-info"
                 "modem-manager"
                 "neovim"
                 "netcat"
                 "network-manager-applet"
                 "network-manager-openconnect"
                 "network-manager-vpnc"
                 "net-tools"
                 "nss" ;; FIXME: is not providing certutil
                 "nss-certs"
                 "ntfs-3g"
                 "openconnect"
                 "openssh"
                 "parted"
                 "qemu"
                 "rsync"
                 "setxkbmap"
                 "slock"
                 "usb-modeswitch"
                 "usb-modeswitch-data"
                 "udiskie"
                 "xcape"
                 "xdotool" ;; simulate keyboard/mouse presses
                 "xev"
                 "xf86-input-libinput"
                 "xf86-input-synaptics"
                 "xf86-input-wacom"
                 "xf86-video-fbdev"
                 "xinit"
                 "xmodmap"
                 "xorg-server"
                 "xrandr"
                 "xrdb"
                 "xsel"
                 "xset"
                 "kmonad"
                 "xss-lock"
                 "xterm"
                 "xf86-video-intel"
                 ))
          %base-packages))

 (setuid-programs (cons (file-append qemu "/libexec/qemu-bridge-helper")
                        %setuid-programs))

 (services (cons*

            (service openssh-service-type
                     (openssh-configuration
                      (port-number 8444)
                      (permit-root-login 'without-password)
                      ))

            (service tor-service-type)

            (simple-service 'store-my-config
                            etc-service-type
                            `(("config.scm"
                               ,(local-file (assoc-ref
                                             (current-source-location)
                                             'filename)))))

            (service cups-service-type
                     (cups-configuration
                      (web-interface? #t)
                      (extensions
                       (list cups-filters hplip))))

            (screen-locker-service slock "slock")

            (service tlp-service-type
                     (tlp-configuration
                      ;; TODO: enable autosuspend and blacklist certian
                      ;; usb devices.
                      (usb-autosuspend? #f)))

            (service thermald-service-type)

            (service gpm-service-type)
            (service docker-service-type)

            (service libvirt-service-type
                     (libvirt-configuration
                      (unix-sock-group "libvirt")))

            (service virtlog-service-type)

            (service sysctl-service-type
                     (sysctl-configuration
                      (settings '(
                                  ("net.ipv4.ip_forward" . "1")
                                  ("vm.swappiness" . "05")
                                  ))))

            (extra-special-file "/usr/bin/env"
                                (file-append coreutils "/bin/env"))

            firewall-service

          (service prometheus-node-exporter-service-type
                   (prometheus-node-exporter-configuration
                     (web-listen-address ":9100")))

            (service slim-service-type
                     (slim-configuration
                      (auto-login? #t)
                      (default-user "ds")
                      ;; (auto-login-session #f)
                      (xorg-configuration
                       (xorg-configuration
                        (drivers '("modesetting"))
                       ))
                       ))

            (remove (lambda (service)
                      (eq? (service-kind service) avahi-service-type))
                    (remove (lambda (service)
                              (eq? (service-kind service) gdm-service-type))

                            (modify-services %desktop-services
                                             (network-manager-service-type
                                              config => (network-manager-configuration
                                                         (inherit config)
                                                         (dns "dnsmasq")
                                                         (vpn-plugins (list network-manager-openconnect))
                                                         ))
                                             (udev-service-type
                                              config => (udev-configuration
                                                         (inherit config)
                                                         (rules (append (udev-configuration-rules config)
                                                                        (list %backlight-udev-rule android-udev-rules kmonad)))))
                                             (login-service-type
                                              config => (login-configuration
                                                         (inherit config)
                                                         (motd %motd)))))))))
--8<---------------cut here---------------end--------------->8---

^ permalink raw reply	[flat|nested] 28+ messages in thread

* bug#37369: (no subject)
  2019-09-10 11:21 ` pelzflorian (Florian Pelz)
                     ` (5 preceding siblings ...)
  2020-04-12 19:46   ` divan
@ 2020-05-04 19:43   ` Divan Santana via web
  6 siblings, 0 replies; 28+ messages in thread
From: Divan Santana via web @ 2020-05-04 19:43 UTC (permalink / raw)
  To: 37369

Hi again,

I'm not having any luck getting network-manager-openconnect to work for
me.

For one, using nm-connection-editor on cli or via exwm program launcher,
and creating a new connection tells me:

Insufficient privileges

Apr 12 21:32:20 swift NetworkManager[385]: <info>  [1586719940.8362] audit: op="connection-add" pid=2616 uid=1000 result="fail" reason="Insufficient privileges."

$ id
uid=1000(ds) gid=998(users) groups=998(users),972(docker),975(libvirt),978(adbusers),984(kvm),986(cdrom),989(lp),990(netdev),991(audio),992(video),993(input),999(wheel)

Full system config is pasted below[1].

My groups appear fine. Perhaps some issue with polkit?

polkit is running though.

polkitd    864     1  0 12:33 ?        00:00:00 /gnu/store/mw57n9nj3y20bfm9ijcbpm16gpsik6sg-polkit-0.116/lib/polkit-1/polkitd --no-debug

Not sure if it's the way my desktop is started with exwm.

I am able to up / down connections via "nmcli con up id" and without
sudo.

Secondly, upping a openconnect network manager connection file which is
known to work on another distro results in this:

$ nmcli con up id my-vpn-2fa --ask
Error: openconnect failed: Could not find "openconnect" binary
A password is required to connect to 'my-vpn-2fa.
Gateway (vpn.secrets.gateway):

I notice that after about a minute the GUI form pops up. I then prompts
me for my 2FA meaning it passed the 1st authentication bit. After I
approve, it then dissapears and seems to disconnect.

Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.6929] agent-manager: req[0x1043510, :1.159/nmcli-connect/1000]: agent registered
Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.6976] audit: op="connection-activate" uuid="40441d34-5290-4631-8796-5fb57d0f1bf2" name="vpn-fnb-2fa" pid=12530 uid=1000 result="success"
Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.7034] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Started the VPN service, PID 12536
Apr 12 21:18:38 swift NetworkManager[360]: <info>  [1586719118.7117] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: Saw the service appear; activating connection
Apr 12 21:20:33 swift NetworkManager[360]: <info>  [1586719233.2173] settings-connection[0xecac80,40441d34-5290-4631-8796-5fb57d0f1bf2]: write: successfully committed (keyfile: update /etc/NetworkManager/system-connections/vpn-fnb-2fa (40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa"))
Apr 12 21:20:33 swift NetworkManager[360]: <error> [1586719233.2192] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: final secrets request failed to provide sufficient secrets
Apr 12 21:20:33 swift NetworkManager[360]: <info>  [1586719233.2234] vpn-connection[0x10d4330,40441d34-5290-4631-8796-5fb57d0f1bf2,"vpn-fnb-2fa",0]: VPN plugin: state changed: stopped (6)

Creating a new connecting via sudo and the starting it results in the
same.

Any idea?

[1]: (trimmed slightly)

--8<---------------cut here---------------start------------->8---
;; My laptop guix system configuration.

(use-modules
 (gnu)
 (gnu packages admin)
 (gnu packages android)                 ;for android-udev-rules
 (gnu packages certs)
 (gnu packages cups)
 (gnu packages gnome)
 (gnu packages gnupg)
 (gnu packages haskell-apps)
 (gnu packages linux)
 (gnu packages shells)
 (gnu packages suckless)
 (gnu packages virtualization)
 (gnu packages wm)
 (gnu packages xorg)
 (gnu services avahi)
 (gnu services cups)
 (gnu services desktop)
 (gnu services dns)
 (gnu services docker)
 (gnu services monitoring)
 (gnu services networking)
 (gnu services pm)
 (gnu services shepherd)
 (gnu services sound)
 (gnu services ssh)
 (gnu services sysctl)
 (gnu services virtualization)
 (gnu services xorg)
 (gnu system nss)
 (gnu system shadow)                    ;for user-group
 (guix build-system trivial)
 (guix download)                        ;for url-fetch
 (guix git-download)
 (guix packages)                        ;for origin
 (nongnu packages linux)
 (srfi srfi-1)                          ;for 'remove'
 )

(define %extra-linux-modules
  '("fuse"                      ; for sshfs
    "nbd"                       ; to mount qcow2 images
    ))

(operating-system
 (host-name "swift")
 (timezone "Africa/Johannesburg")
 (locale "en_US.utf8")
 (locale-libcs (list glibc-2.28 (canonical-package glibc)))

 (hosts-file (local-file "/home/ds/src/ds-config/.config/guix/etc/hosts"))
 (sudoers-file (local-file "/home/ds/src/ds-config/.config/guix/etc/sudoers"))

 (kernel-arguments
  (list
   (string-append "resume_offset=106602496")
   (string-append "modprobe.blacklist=" "pcspkr,snd_pcsp")
   (string-append "net.ifnames=0")
   (string-append "kvm_intel.nested=1")))

 (kernel linux-4.19)
 (firmware (cons* linux-firmware %base-firmware))

 (initrd (lambda (fs . args)
           (apply base-initrd fs
                  #:extra-modules %extra-linux-modules
                  args)))

 (bootloader (bootloader-configuration
              (bootloader grub-efi-bootloader)
              (target "/boot/efi")
              ))

 (mapped-devices (list (mapped-device
                        (source (uuid "3e7beb3b-1037-4ee8-9048-5e048afafbd0"))
                        (target "crypt")
                        (type luks-device-mapping))))

 (file-systems (cons* (file-system
                       (device "/dev/nvme0n1p1")
                       (type "msdos")
                       (mount-point "/boot/efi"))
                      (file-system
                       (device "/dev/mapper/crypt")
                       (mount-point "/")
                       (type "ext4")
                       ;; this is breaking
                       ;; (options "noatime,nodiratime")
                       (dependencies mapped-devices))
                      %base-file-systems))

 (swap-devices '("/mnt/swapfile"))

 (users (cons (user-account
               (name "ds")
               (comment "Divan Santana")
               (group "users")
               (supplementary-groups
                '("adbusers"            ;for adb
                  "wheel" "kvm" "audio" "video" "lp"
                  "docker"
                  "libvirt"
                  "input"
                  ;; "lpadmin"
                  "cdrom" "netdev"))
               (home-directory "/home/ds"))
              %base-user-accounts))

 (groups (cons (user-group (system? #t) (name "adbusers"))
               %base-groups))

 (packages
  (append (map specification->package
               '(
                 "bash-completion"
                 "binutils"
                 "bridge-utils"
                 "dmidecode"
                 "dnsmasq"
                 "docker"
                 "docker-cli"
                 "docker-compose"
                 "dosfstools"
                 "dtach"
                 "ethtool"
                 "font-adobe-source-code-pro"
                 "font-adobe-source-sans-pro"
                 "font-adobe-source-serif-pro"
                 "font-adobe100dpi"
                 "font-adobe75dpi"
                 "font-awesome"
                 "font-bitstream-vera"
                 "font-dejavu"
                 "font-fantasque-sans"
                 "font-fira-code"
                 "font-fira-mono"
                 "font-fira-sans"
                 "font-gnu-freefont-ttf"
                 "font-google-roboto"
                 "font-hack"
                 "font-inconsolata"
                 "font-iosevka"
                 "font-liberation"
                 "font-misc-misc"
                 "font-tamzen"
                 "font-ubuntu"
                 ;; "font-symbola" ;; missing
                 "git"
                 ;; "arc-theme" ;; fixme, should be in core only
                 "gnome-themes-standard" ;; fixme, should be in core only
                 "iptables"
                 "light"
                 "lsof"
                 "mlocate"
                 "mobile-broadband-provider-info"
                 "modem-manager"
                 "neovim"
                 "netcat"
                 "network-manager-applet"
                 "network-manager-openconnect"
                 "network-manager-vpnc"
                 "net-tools"
                 "nss" ;; FIXME: is not providing certutil
                 "nss-certs"
                 "ntfs-3g"
                 "openconnect"
                 "openssh"
                 "parted"
                 "qemu"
                 "rsync"
                 "setxkbmap"
                 "slock"
                 "usb-modeswitch"
                 "usb-modeswitch-data"
                 "udiskie"
                 "xcape"
                 "xdotool" ;; simulate keyboard/mouse presses
                 "xev"
                 "xf86-input-libinput"
                 "xf86-input-synaptics"
                 "xf86-input-wacom"
                 "xf86-video-fbdev"
                 "xinit"
                 "xmodmap"
                 "xorg-server"
                 "xrandr"
                 "xrdb"
                 "xsel"
                 "xset"
                 "kmonad"
                 "xss-lock"
                 "xterm"
                 "xf86-video-intel"
                 ))
          %base-packages))

 (setuid-programs (cons (file-append qemu "/libexec/qemu-bridge-helper")
                        %setuid-programs))

 (services (cons*

            (service openssh-service-type
                     (openssh-configuration
                      (port-number 8444)
                      (permit-root-login 'without-password)
                      ))

            (service tor-service-type)

            (simple-service 'store-my-config
                            etc-service-type
                            `(("config.scm"
                               ,(local-file (assoc-ref
                                             (current-source-location)
                                             'filename)))))

            (service cups-service-type
                     (cups-configuration
                      (web-interface? #t)
                      (extensions
                       (list cups-filters hplip))))

            (screen-locker-service slock "slock")

            (service tlp-service-type
                     (tlp-configuration
                      ;; TODO: enable autosuspend and blacklist certian
                      ;; usb devices.
                      (usb-autosuspend? #f)))

            (service thermald-service-type)

            (service gpm-service-type)
            (service docker-service-type)

            (service libvirt-service-type
                     (libvirt-configuration
                      (unix-sock-group "libvirt")))

            (service virtlog-service-type)

            (service sysctl-service-type
                     (sysctl-configuration
                      (settings '(
                                  ("net.ipv4.ip_forward" . "1")
                                  ("vm.swappiness" . "05")
                                  ))))

            (extra-special-file "/usr/bin/env"
                                (file-append coreutils "/bin/env"))

            firewall-service

          (service prometheus-node-exporter-service-type
                   (prometheus-node-exporter-configuration
                     (web-listen-address ":9100")))

            (service slim-service-type
                     (slim-configuration
                      (auto-login? #t)
                      (default-user "ds")
                      ;; (auto-login-session #f)
                      (xorg-configuration
                       (xorg-configuration
                        (drivers '("modesetting"))
                       ))
                       ))

            (remove (lambda (service)
                      (eq? (service-kind service) avahi-service-type))
                    (remove (lambda (service)
                              (eq? (service-kind service) gdm-service-type))

                            (modify-services %desktop-services
                                             (network-manager-service-type
                                              config => (network-manager-configuration
                                                         (inherit config)
                                                         (dns "dnsmasq")
                                                         (vpn-plugins (list network-manager-openconnect))
                                                         ))
                                             (udev-service-type
                                              config => (udev-configuration
                                                         (inherit config)
                                                         (rules (append (udev-configuration-rules config)
                                                                        (list %backlight-udev-rule android-udev-rules kmonad)))))
                                             (login-service-type
                                              config => (login-configuration
                                                         (inherit config)
                                                         (motd %motd)))))))))
--8<---------------cut here---------------end--------------->8---






^ permalink raw reply	[flat|nested] 28+ messages in thread

end of thread, other threads:[~2020-05-04 19:54 UTC | newest]

Thread overview: 28+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-10  9:57 Getting network-manager-openconnect to work Divan Santana
2019-09-10 11:21 ` pelzflorian (Florian Pelz)
2019-09-11  7:38   ` bug#37369: " Efraim Flashner
2019-09-11  7:38   ` Efraim Flashner
2019-09-11 11:39     ` pelzflorian (Florian Pelz)
2019-09-11 11:39     ` pelzflorian (Florian Pelz)
2019-09-11 20:46   ` Ludovic Courtès
2019-09-12  5:34     ` pelzflorian (Florian Pelz)
2019-09-16 15:57       ` Ludovic Courtès
2019-09-16 16:06         ` pelzflorian (Florian Pelz)
2019-09-27 16:37           ` bug#37369: " pelzflorian (Florian Pelz)
2019-09-28 14:00             ` Divan Santana
2019-09-28 14:00             ` Divan Santana
2019-09-28 14:16             ` Divan Santana
2019-09-28 14:16             ` Divan Santana
2019-09-28 15:34               ` pelzflorian (Florian Pelz)
2019-09-29  7:54                 ` pelzflorian (Florian Pelz)
2019-09-29  7:54                 ` pelzflorian (Florian Pelz)
2019-09-28 15:34               ` pelzflorian (Florian Pelz)
2019-09-28 16:47               ` pelzflorian (Florian Pelz)
2019-10-03 11:51                 ` Divan Santana
2019-10-03 11:51                 ` Divan Santana
2019-09-28 16:47               ` pelzflorian (Florian Pelz)
2019-09-16 11:53   ` pelzflorian (Florian Pelz)
2019-09-16 11:53   ` pelzflorian (Florian Pelz)
2020-04-12 19:46   ` divan
2020-05-04 19:43   ` bug#37369: (no subject) Divan Santana via web
  -- strict thread matches above, loose matches on Subject: below --
2020-04-22 12:25 Getting network-manager-openconnect to work divan

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.