search

danfruehauf / NetworkManager-ssh

SSH VPN integration for NetworkManager
Other
253 stars 40 forks source link

Error: Connection activation failed: No valid secrets #104

Open Thomas-Walker-Lynch opened 3 years ago

Thomas-Walker-Lynch commented 3 years ago

Here is the client machine which is running Gnome and the Network Manager.

[ClientUser@ClientHostName ~]$ lsb_release -a
LSB Version:    :core-4.1-amd64:core-4.1-noarch
Distributor ID: Fedora
Description:    Fedora release 33 (Thirty Three)
Release:    33
Codename:   ThirtyThree

I edited the client /etc/ssh/ssh_config:

$ grep unnel /etc/ssh/ssh_config
Tunnel yes
#   TunnelDevice any:any

And edited the server /etc/ssh/sshd_config:

# grep unnel /etc/ssh/sshd_config 
# To disable tunneled clear text passwords, change to no here!
PermitTunnel yes

Showing that SSH to the server works fine. The server is running Debian. 

[ClientUser@ClientHostName ~]$ ssh root@<server-domain-name>
Linux <server-domain-name> 4.19.0-13-cloud-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Feb 28 17:04:16 2021 from 90.78.7.14

2021-02-28T17:06:09Z root@<server-hostname>§~§
# exit
logout
Connection to <server-domain-name> closed.

Bringing up the SSH-agent VPN, and getting the dreaded 'No valid secrets' error:

[ClientUser@ClientHostName ~]$ eval ssh-agent $SHELL
[ClientUser@ClientHostName ~]$ ssh-add ~/.ssh/vpn_test
Identity added: /home/ClientUser/.ssh/vpn_test (ClientUser@ClientHostName)
[ClientUser@ClientHostName ~]$ nmcli con
NAME                UUID                                  TYPE      DEVICE      
Wired connection 1  f5afc77e-4a39-3391-8071-eb9db2c439fb  ethernet  enp0s20f0u3 
TLatRTVPN           c46cebc0-db10-4bb8-afbf-3a4f01807110  vpn       --          
[ClientUser@ClientHostName ~]$ nmcli con up id TLatRTVPN
Error: Connection activation failed: No valid secrets
Hint: use 'journalctl -xe NM_CONNECTION=c46cebc0-db10-4bb8-afbf-3a4f01807110 + NM_DEVICE=enp0s20f0u3' to get more details.

The VPN configuration file. This is pretty much just the defaults. The only thing I had to add was the server name. Whenever I put in the server name the Network Manager translated that to the 4 quad IP address, as we seen in the configuration. DNS did not lie, it is the correct address.

[ClientUser@ClientHostName ~]$ sudo cat /etc/NetworkManager/system-connections/VPN\ 1.nmconnection 
[sudo] password for ClientUser: 
[connection]
id=TLatRTVPN
uuid=c46cebc0-db10-4bb8-afbf-3a4f01807110
type=vpn
autoconnect=false
permissions=user:ClientUser:;

[vpn]
auth-type=ssh-agent
local-ip=172.16.40.2
netmask=255.255.255.252
remote=<server-ip-quad>
remote-ip=172.16.40.1
service-type=org.freedesktop.NetworkManager.ssh

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

[proxy]
[ClientUser@ClientHostName ~]$

As promised, the log file on the client has a bit more information. I do not show the logs on the server, because I can not find that there are any messages there. It is as if the like the client never tried to contact the server.

[ClientUser@ClientHostName ~]$ journalctl -f
-- Logs begin at Sun 2021-02-28 08:10:09 EST. --
...
Feb 28 12:11:12 ClientHostName NetworkManager[1142]: <info>  [1614532272.3404] audit: op="connection-activate" uuid="c46cebc0-db10-4bb8-afbf-3a4f01807110" name="TLatRTVPN" pid=14564 uid=1000 result="success"
Feb 28 12:11:12 ClientHostName NetworkManager[1142]: <info>  [1614532272.3527] vpn-connection[0x56225df78700,c46cebc0-db10-4bb8-afbf-3a4f01807110,"TLatRTVPN",0]: Started the VPN service, PID 14628
Feb 28 12:11:12 ClientHostName NetworkManager[1142]: <info>  [1614532272.3738] vpn-connection[0x56225df78700,c46cebc0-db10-4bb8-afbf-3a4f01807110,"TLatRTVPN",0]: Saw the service appear; activating connection
Feb 28 12:11:12 ClientHostName NetworkManager[1142]: <error> [1614532272.4822] vpn-connection[0x56225df78700,c46cebc0-db10-4bb8-afbf-3a4f01807110,"TLatRTVPN",0]: final secrets request failed to provide sufficient secrets
Feb 28 12:11:12 ClientHostName NetworkManager[1142]: <info>  [1614532272.4851] vpn-connection[0x56225df78700,c46cebc0-db10-4bb8-afbf-3a4f01807110,"TLatRTVPN",0]: VPN plugin: state changed: stopped (6)

Any tips on how to get this running would very much be appreciated, I have been mucking with it for the better of two days with no luck at getting past the 'No valid secrets' error. Folks on freenode #fedora could not think of anything more to be done either.

mostafabarmshory commented 1 year ago

I have faced the same issue on OpenSuse. Do you fix this?

brotherJ4mes commented 1 year ago

Same issue here....

Would love to hear if anyone has resolved this.

0xj0hn commented 3 months ago

Same issue. Waiting to fix.