Ubuntu
network-manager-openconnect package

network-manager-openconnect doesn't work with new nm-connection-editor

Bug #1571300 reported by Jottess
This bug report is a duplicate of:  Bug #1576726: [SRU] network-manager 1.2.0. Edit Remove
314
This bug affects 63 people
Affects Status Importance Assigned to Milestone
network-manager-openconnect (Ubuntu)
Fix Released
High
Unassigned
Nominated for Xenial by Gunnar Hjalmarsson
Nominated for Yakkety by Rolf Leggewie

Bug Description

[Impact]
The version of network-manager-openconnect is 1.0.2-1build1. That version does not seem to work with the Xenial network-manager package 1.1.93.

If you want to create a new vpn network connection, you don't see the option "Cisco AnyConnect compatible VPN (openconnect)" to select. With a manual build of the network-manager-openconnect in the corresponding version 1.1.93 everything works fine.

[Test Case]
* Use a new installation of Ubuntu 16.04 (not an upgraded)
* Install the package network-manager-openconnect
* try to add a new VPN-Connection
* there you should be able to chose "Cisco AnyConnect compatible VPN (openconnect)" which is not possible / not existing as option

[Regression Potential]
* package is unusable at the moment, can't get worse

[Other Info]
Seems to affect many other packages like:
network-manager-openconnect-gnome
network-manager-strongswan
network-manager-ssh
network-manager-iodine

Not confirmed, but all these packages are just copied from wiley to xenial in the same version. So they may have the same problem that the editor plugins were ported to new libnm library in NetworkManager 1.2 and doesn't work with old plugins.

See original description
Tags: xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openconnect (Ubuntu):
status: New → Confirmed
Revision history for this message
Max Waterman (b-ubuntuone) wrote :

Any guidance on how to manually build network-manager-openconnect? I downloaded it ok, but there's no instructions...I tried ./configure, but lots of dependencies that put me off.

Mike Miller (mtmiller)
summary: - old version doesn't work with new network-manager
+ network-manager-openconnect doesn't work with new nm-connection-editor
Revision history for this message
Nacho Larrateguy (lilarrateguy) wrote :

I found this on the logs:

/var/log/syslog

Apr 22 09:48:13 laptop dbus-daemon[768]: Unknown username "nm-openconnect" in message bus configuration file

$ grep -i nm /etc/passwd
nm-openvpn:x:123:131:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/bin/false
nm-openconnect:x:122:130:NetworkManager OpenConnect plugin,,,:/var/lib/NetworkManager:/bin/false

Revision history for this message
Jottess (jott-ess) wrote :

A guidance how to manually build it you can find here (but only in german):
https://forum.ubuntuusers.de/topic/openconnect-networkmanager-funktioniert-nicht/

Revision history for this message
tomtomtom (tomtomtom) wrote :

Translated in english (as far as I can):

http://tomtomtom.org/networkmanager-openconnect/

NOTE: Just a workaround, not a permanent fix!

Revision history for this message
Eloy Paris (peloy-chapus) wrote :

https://wiki.gnome.org/Projects/NetworkManager/VPN says this:

"Plugin compatibility note

NetworkManager generally gets released together with the new versions of VPN plugins. However, it maintains backward compatibility with older plugin versions. That means that the plugin version 0.9.10.0 will work with later NetworkManager versions, such as 1.2.

There's one exception to this: the editor plugins were ported to new libnm library in NetworkManager 1.2. The older version of the library can not coexist in a single process. Thus, the newer libnm-based nm-connection-editor will not be able to edit the VPN connections unless you also upgrade the VPN plugin."

The last paragraph explains the issue -- the plugin will work with the new NetworkManager but nm-connection-editor will not be able to edit VPN connections.

Mike Miller (mtmiller)
no longer affects: network-manager-openconnect (Debian)
Revision history for this message
Viktor Pal (deere) wrote :

I can create and edit connections in Gnome from the network settings GUI it just does not connect when I enter my Username and PASSCODE in the Connection window.
No error message or similar it just doesn't connect.

Revision history for this message
Julien Olivier (julo) wrote :

I confirm deere's post: can edit, add or delete openconnect VPN connections from NetworkManager, but, when I login, I get an error message saying that it couldn't connect. But this connection used to work perfectly well until the upgrade.

Revision history for this message
Mike Miller (mtmiller) wrote :

Julien, please see bug #1575354 for the bug that it sounds like you are encountering, and please provide debug logs there if possible.

This bug is about the inability to create or edit OpenConnect VPN connections, which will be fixed with an updated version 1.2.0.

Revision history for this message
Mike Miller (mtmiller) wrote :

Any users affected by this bug can test network-manager-openconnect 1.2.0-1, which is now in the yakkety-proposed repository. This version of the package should fix the errors reported here, please confirm.

Changed in network-manager-openconnect (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Mike Miller (mtmiller) wrote :

The updated packages are now released in the yakkety repository, marking as fixed.

If you would like to see these packages backported to Ubuntu 16.04, please take a look at the procedure for requesting a stable release update at https://wiki.ubuntu.com/StableReleaseUpdates, and file a new bug to do so.

Changed in network-manager-openconnect (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Jottess (jott-ess) wrote :

Will do so. Thx, for your efforts!

Revision history for this message
Carroarmato0 (carroarmato0) wrote :

I've tested the packages from Yaketi and they work for me.

Revision history for this message
Karol Woźniak (karolwozniak91) wrote :

The same issue applies to network-manager-strongswan package on ubuntu 16.04.

Revision history for this message
Tiger!P (ubuntu-tigerp) wrote : Re: [Bug 1571300] Re: network-manager-openconnect doesn't work with new nm-connection-editor

It is also a problem for network-manager-ssh and network-manager-iodine.

--
Tiger!P
A random quote:
What was not spoken of did not have te be lied over.

Revision history for this message
Eric Hartmann (hartmann-eric) wrote :

I confirm that the packages from yakketi repository works for me.

Jottess (jott-ess)
description: updated
description: updated
Revision history for this message
Seydon (seydon) wrote :

As noted by reply #11, I'd like to request a Stable Release update for this fix, however, I am not sure I fully understand the process to complete that request. I am not a developer. I do use Ubuntu but now, cannot remote connect to my office because of this bug. How do I see if a request has already been submitted?

Revision history for this message
CodeHike (gerardlevergen) wrote :

Hi,

I installed the yakkety package:

$ apt-cache policy network-manager-openconnect
network-manager-openconnect:
  Installed: 1.2.0-1build1
  Candidate: 1.2.0-1build1
  Version table:
 *** 1.2.0-1build1 500
        500 http://mx.archive.ubuntu.com/ubuntu yakkety/universe amd64 Packages
        100 /var/lib/dpkg/status
     1.0.2-1build1 500
        500 http://mx.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages

but openconnect is not yet showing up in network-manager, should I also install netwotk-manager from yakkety?

Revision history for this message
tomtomtom (tomtomtom) wrote :

To use the graphical interface you need to install the network-manager-openconnect-gnome plugin, too.

And be carefull with yakkety-repos in your xenial system.

Revision history for this message
CodeHike (gerardlevergen) wrote :

ahhh, thanks tomtomtom, I can now see the openconnect option in the GUI, but now it complains about the CA file, though my vpn does not use a CA file.. still unusable for me..

Mathew Hodson (mhodson)
Changed in network-manager-openconnect (Ubuntu):
importance: Undecided → High
Jottess (jott-ess)
information type: Public → Public Security
information type: Public Security → Public
Revision history for this message
Nick (nick-power) wrote :

Same problem with Xubuntu 16.04

Revision history for this message
tomtomtom (tomtomtom) wrote :

It is the same package so it is the same issue. All *buntus uses the same repos.

You will find the bigfix above.

Revision history for this message
Mark Adams (kramsmada) wrote :

Hi all,

Can someone confirm that a request for a SRU has been submitted on this bug for 16.04?

Thanks!

Revision history for this message
Hawk (beehock) wrote :

Tried and submitted SRU for 16.04
https://bugs.launchpad.net/ubuntu/+source/network-manager-openconnect/+bug/1579284

Revision history for this message
Dmitry-a-durnev (dmitry-a-durnev) wrote :

Upgraded both packages(Ubuntu 16.04, just DL from YY repo & installed 2 packages)

apt-cache policy network-manager-openconnect*

network-manager-openconnect-gnome:
  Installed: 1.2.0-1build1
  Candidate: 1.2.0-1build1
  Version table:
 *** 1.2.0-1build1 100
        100 /var/lib/dpkg/status
     1.0.2-1build1 500
        500 http://mirror.timeweb.ru/ubuntu xenial/universe amd64 Packages
network-manager-openconnect:
  Installed: 1.2.0-1build1
  Candidate: 1.2.0-1build1
  Version table:
 *** 1.2.0-1build1 100
        100 /var/lib/dpkg/status
     1.0.2-1build1 500
        500 http://mirror.timeweb.ru/ubuntu xenial/universe amd64 Packages

I confirm that now I can add & edit Cisco Annyconnect type connections, but still is unable to connect, on connection attempt I see the following error in syslog:

final secrets request failed to provide sufficient secrets

While I'm able to connect using plain openconnect CLI, just providing host, authgroup, username & password.(no additional keys or options are required). Maybe another bug?

Revision history for this message
Julien Olivier (julo) wrote :

Yes, the bug about the impossibility to connect to the VPN is there: https://bugs.launchpad.net/ubuntu/+source/network-manager-openconnect/+bug/1575354

Maybe one of those bugs should be marked as a duplicate of the other...

Revision history for this message
Scott Howard (showard314) wrote :

Looks like we need network manager 1.2. We're stuck at 1.1.93 until 1.2 gets out of -proposed. Right now 1.2 in -proposed is broken, see:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1576726/comments/19

Revision history for this message
Scott Howard (showard314) wrote :

on closer inspection, it looks like everything is in progress here:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1576726
network manager 1.2 will have to go first, then the -openconnect plugin will go. Please follow bug #1576726 so that you can test the proposed package once it is available.

Mathew Hodson (mhodson)
tags: added: xenial
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.