Gnome 3.25+ compatibility

[frol]

It seems that something around passwords storage has been changed in Gnome 3.25 (development branch, which is expected to be released as stable 3.26 in September). If I use either of "Store the password only for this user" or "Ask for this password every time", I get the following messages in my journal and the connection doesn't get established:

NetworkManager[3100]: <info>  [1501680681.0472] vpn-connection[0x1c3a690,00cc105b-5927-4720-8747-423d980c3107,"MyVPN",0]: Started the VPN service, PID 8139
NetworkManager[3100]: <info>  [1501680681.0520] vpn-connection[0x1c3a690,00cc105b-5927-4720-8747-423d980c3107,"MyVPN",0]: Saw the service appear; activating connection
gnome-shell[22864]: JS ERROR: error while reading VPN plugin output keyfile: GLib.KeyFileError: Key file does not have group “V”
                                             VPNRequestHandler<._showNewStyleDialog@resource:///org/gnome/shell/ui/components/networkAgent.js:522:29
                                             wrapper@resource:///org/gnome/gjs/modules/lang.js:178:22
                                             VPNRequestHandler<._readStdoutNewStyle/<@resource:///org/gnome/shell/ui/components/networkAgent.js:487:17
gnome-shell[22864]: JS ERROR: error while reading VPN plugin output keyfile: GLib.KeyFileError: Key file does not have group “V”
                                             VPNRequestHandler<._showNewStyleDialog@resource:///org/gnome/shell/ui/components/networkAgent.js:522:29
                                             wrapper@resource:///org/gnome/gjs/modules/lang.js:178:22
                                             VPNRequestHandler<._readStdoutNewStyle/<@resource:///org/gnome/shell/ui/components/networkAgent.js:487:17
NetworkManager[3100]: <error> [1501680681.1824] vpn-connection[0x1c3a690,00cc105b-5927-4720-8747-423d980c3107,"MyVPN",0]: Failed to request VPN secrets #3: No agents were available for this request.
NetworkManager[3100]: <info>  [1501680681.1854] vpn-connection[0x1c3a690,00cc105b-5927-4720-8747-423d980c3107,"MyVPN",0]: VPN plugin: state changed: stopped (6)

However, if I use "Store the password for all users", everything works fine.

Info:

• Arch Linux x64
• Kernel 4.12.3 (I tried 4.9.40 LTS kernel as well)
• Gnome 3.25.4 (third-party repo: https://softwareperonista.com.ar/repo/archlinux/gnome-devel/x86_64/)
• networkmanager 1.8.2
• libnm 1.8.2
• networkmanager-l2tp 1.2.8

[dkosovic]

I usually track the the upstream changes, in particular the closely related network-manager-pptp : https://git.gnome.org/browse/?q=network-manager

But so far only network-manager-openvpn seems to have changes that require libnma >= 1.8.0 and libnm-gtk >= 1.8.0.

I'm guessing the NetworkManager VPN plugins will have their next version numbers bumped up to 1.8.0 and a new nm-1-2 git branch created for NetworkManager >= 1.2.0 and < 1.8.0 compatibility, much like there is a nm-1-0 branch for NetworkManager 1.0 compatibilty.

I think the wisest thing is to sit back and see what the GNOME Project does with their VPN plugins. I'm more than happy to back port their changes.

[dkosovic]

I've been able to reproduce with NetworkManager 1.8.2, but not with NetworkManager 1.8.4.

I think the bug was in libnma which handles the password storage for the NetworkManager VPN plugins.

[OlliC]

I have the same problem with networkmanager 1.10 on current Arch Linux.

[frol]

I cannot reproduce this anymore on my latest Arch Linux with NM 1.10.

@OlliC I think, you should bring more details of your setup (versions, logs, etc) since it works for me now, which means that all my info is not relevant anymore.

[OlliC]

So installed the networkmanager-l2tp package from AUR on Arch Linux to connect to a Microsoft L2TP/IPsec vpn server. I had to manually adjust the used phase 1 and phase 2 algorithms, otherwise i would get the NO_PROPOSAL_CHOSEN error as described under Known Issues. It works fine as long as i use "Store the password for all users" and i don't open the settings dialog for this vpn connection.

Everytime i open the settings dialog for this vpn connection the password is gone and has to be reentered. The PreShared Key in IPsec Settings stays there and does not have to be reentered.

When i use "Store the password only for this user" or "Ask for this password every time" the connection does not work and i see following errors in the log:

Nov 29 16:51:08 viki org.gnome.bijiben.SearchProvider[4140]: Unable to load location /home/dchrist/.local/share/bijiben: Error opening directory '/home/dchrist/.local/share/bijiben': Datei oder Verzeichnis nicht gefunden
Nov 29 16:51:09 viki NetworkManager[518]: <info>  [1511970669.9944] audit: op="connection-activate" uuid="3d0a0ef1-f941-4a82-8e4e-132dae70b085" name="vpn1 L2TP/IPsec" pid=25374 uid=1000 result="success"
Nov 29 16:51:09 viki NetworkManager[518]: <info>  [1511970669.9976] vpn-connection[0x55918555e2d0,3d0a0ef1-f941-4a82-8e4e-132dae70b085,"vpn1 L2TP/IPsec",0]: Started the VPN service, PID 25732
Nov 29 16:51:10 viki NetworkManager[518]: <info>  [1511970670.0044] vpn-connection[0x55918555e2d0,3d0a0ef1-f941-4a82-8e4e-132dae70b085,"vpn1 L2TP/IPsec",0]: Saw the service appear; activating connection
Nov 29 16:51:10 viki gnome-shell[4179]: Invalid VPN service type (cannot find authentication binary)
Nov 29 16:51:10 viki gnome-shell[4179]: Invalid VPN service type (cannot find authentication binary)
Nov 29 16:51:10 viki NetworkManager[518]: <error> [1511970670.0547] vpn-connection[0x55918555e2d0,3d0a0ef1-f941-4a82-8e4e-132dae70b085,"vpn1 L2TP/IPsec",0]: Failed to request VPN secrets #3: No agents were available for this request.
Nov 29 16:51:10 viki NetworkManager[518]: <info>  [1511970670.0559] vpn-connection[0x55918555e2d0,3d0a0ef1-f941-4a82-8e4e-132dae70b085,"vpn1 L2TP/IPsec",0]: VPN plugin: state changed: stopped (6)

Arch Linux x86_64 with kernel 4.13.12-1-ARCH gnome-shell 3.26.2-1 networkmanager 1.10.0-1 libnm 1.10.0-1 networkmanager-l2tp 1.2.8-1

[OlliC]

Ok so i figured it out. Apparently it works if you restart Gnome Shell or just reboot. Seems like Gnome Shell does not pick up the new vpn provider until restart.

I have found this bug report that states the same: https://bugzilla.redhat.com/show_bug.cgi?id=1389107

[dkosovic]

Thanks for the feedback, sorry for not responding earlier.

I'll incorporate the passwords storage issue and fix in the known issues of the wiki hopefully in the next few days.