GNOME Bugzilla – Bug 527061
interactive authentication not working
Last modified: 2008-11-21 16:23:40 UTC
Please describe the problem: Getting the following error when attempting to authenticate with two-factor passcode: VPN Connect Failure. Could not start the VPN connection 'XXXXXXXX' due to a connection error. The VPN login failed because the VPN program could not connect to the VPN server. Steps to reproduce: Authenticate using two-factor passcode (such as SecureID). Actual results: I stopped Network-Manager and started it manually so I could look at the output. Here it is. Sensitive information has been "X'd" out. NetworkManager: <info> Will activate VPN connection 'XXXXXXXXX', service 'org.freedesktop.NetworkManager.vpnc', user_name 'xxxx', vpn_data 'IPSec gateway / xxx.xxx.xxx.xxx / IPSec ID / xxxxxx xxxxxxxxxx / Xauth username / xxxxxxx', route ''. NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 1 of 4 (Connection Prepare) scheduled... NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 1 of 4 (Connection Prepare) ran VPN service daemon org.freedesktop.NetworkManager.vpnc (PID 6454) NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 1 of 4 (Connection Prepare) complete. NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 2 of 4 (Connection Prepare Wait) scheduled... NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' signaled state change 1 -> 6. NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 2 of 4 (Connection Prepare Wait) waiting... NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 2 of 4 (Connection Prepare Wait) complete. NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 3 of 4 (Connect) scheduled... NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 3 of 4 (Connect) sending connect request. NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 3 of 4 (Connect) request sent, waiting for reply... NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' signaled state change 6 -> 3. ** Message: <information> vpnc started with pid 6457 /usr/sbin/vpnc: warning: unknown configuration directive in stdin at line 2 /usr/sbin/vpnc: warning: unknown configuration directive in stdin at line 3 /usr/sbin/vpnc: warning: unknown configuration directive in stdin at line 9 NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 3 of 4 (Connect) reply received. NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 4 of 4 (IP Config Get) timeout scheduled... NetworkManager: <info> VPN Activation (XXXXXXXXX) Stage 3 of 4 (Connect) complete, waiting for IP configuration... Passcode for VPN xxxxxxx@xxx.xxx.xxx.xxx: ** Message: <information> Terminated vpnc daemon with PID 6457. NetworkManager: <WARN> nm_vpn_service_process_signal(): VPN failed for service 'org.freedesktop.NetworkManager.vpnc', signal 'ConnectFailed', with message 'The VPN login failed because the VPN program could not connect to the VPN server.'. NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' signaled state change 3 -> 5. NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' signaled state change 5 -> 6. NetworkManager: <WARN> nm_vpn_service_stop_connection(): (VPN Service org.freedesktop.NetworkManager.vpnc): could not stop connection 'XXXXXXXXX' because service was 6. NetworkManager: <debug> [1207708477.904701] nm_dbus_signal_filter(): NetworkManagerInfo triggered update of VPN connection 'XXXXXXXXX' ** (process:6454): WARNING **: <WARNING> vpnc_watch_cb (): vpnc died with signal 15 After running vpnc manually, I found out that it is prompting like so: ~$ sudo vpnc example Enter password for xxxxxxx@xxx.xxx.xxx.xxx: Passcode for VPN xxxxxxx@xxx.xxx.xxx.xxx: Connect Banner: | Blah blah blah...Legaleze. Some more blah. | VPNC started in background (pid: 6705)... :~$ sudo vpnc-disconnect Terminating vpnc daemon (pid: 6705) If I leave the password prompt blank, then enter my passcode at the passcode prompt, I am able to connect. Notice in the output from Network Manger, it also prompts for "Passcode", but never recieves a prompt as the dialog has already and sent it's information to the password section. After a little more digging, apparently to allow passcode authentication in one shot, you need to use the "Xauth Interactive" option. I do not see any option to allow this in gconf nor in any notes or settings within Network Manager VPNC plugin. Expected results: NM:VPNC would have a setting or gconf entry for "Xauth interactive" option in use by vpnc. Does this happen every time? Yes Other information: Running: ~$ lsb_release -rd Description: Ubuntu hardy (development branch) Release: 8.04 And using network-manager-vpnc_0.6.4svn2422-0ubuntu5 along with vpnc_0.5.1r275-1 See Ubuntu Bug report #214405 for the rehash of the same report: https://bugs.launchpad.net/ubuntu/+source/network-manager-vpnc/+bug/214405
I also have this problem. I need the xauth interactive feature to work.
It's going to be a bit complicated since vpnc doesn't provide a nice mechanism for asking questions except for printing them out on stdout. So this is definitely something that we'd like to support, but it may need work in vpnc itself to fix.
Actually, I found that by adding the lines: <li type="string"> <stringvalue>Xauth</stringvalue> </li> <li type="string"> <stringvalue>interactive</stringvalue> </li> to the file: ~/.gconf/system/networking/vpn_connections/VPNNAME/%gconf.xml (change VPNNAME) allowed network-manager-vpnc to work. It did display a message from the company in a gtk window once I got in... It seems like after running the Xauth in the above line was changed to Domain, though. Perhaps, typing interactive in the Domain field would be enough?
jdeslip, I was actually going the route of adding it via the gconf GUI which caused network-manager to bomb when attempting to connect via vpnc plugin. I did try what you suggested. The problem still persists. My whole issue is even more complicated because we have two concentrators behind a css. So the hostname I send comes back with a different server IP response. As Dan Williams mentions, it is pretty difficult since Xauth Interactive in vpnc asks a question from stdout and expects a response from stdin; not from a configuration file. I would like to make mention that this issue is fixed in fedora 9. I believe they are running version .7 of network-manager and the vpnc plugin. I only played with it on a friend's machine, so I don't have the exact versions of network-manager, network-manager-vpnc, or vpnc from F9. (NOTE: I added the same comment to the Ubuntu bug as well.)
*** This bug has been marked as a duplicate of 346547 ***
This is not a duplicate of 346547. 346547 is a feature request for saving just the group password versus an error attempting to login as described in this bug.
This is fixed in nm 0.7.0 and later.