Open wandering-tales opened 3 years ago
angela-d
commented
3 years ago I recently just upgraded from stretch to buster and found simply having the SUDO -E option had no effect.
My /etc/sudoers wasn't taking /etc/sudoers.d into effect, perhaps the same issue for you?
I posted my openfortigui notes - maybe it will be of some help?
k-dahl
commented
3 years ago On Linux Mint 20/Cinnamon I am not seeing any effect when clicking on Connect, nothing in logs at all, nothing in the shell that the app is launched from. No difference with sudo.
angela-d
commented
3 years ago If you run openfortigui in terminal, what happens?
(Type it into a command-line terminal, don't use the GUI button)
theinvisible
commented
3 years ago I'm actually using OpenFortiGUI v0.9.2-1 on my Debian testing "Bullseye" system, installed from the https://apt.iteas.at/iteas APT repository for "buster" distribution.
Clicking on "Connect" button does not have any effect. The underlying cause can be found in the logs:
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helperThis looks like a long time recurrent error in Debian and Debian based distros (e.g. Ubuntu), and I detected its occurrence is intermittent between versions: the errors seems to be fixed in certain versions and then reappears in new ones.
The setting "SUDO -E Option" is already enabled. It is enabled by default.
I already tried several times to clean up the program configuration in my home dir.
This sudo message simply mean there is no matching sudo rule for openfortigui found and so it trys to ask for a password interactively which is not possible in this case as there is no input terminal available.
In short: Something is wrong with your sudo configuration. You can try to copy the contents of /etc/sudoers.d/openfortigui into /etc/sudoers and try again. But as Bullseye is not really released now it can also be some OS bug.
k-dahl
commented
3 years ago If you run
openfortiguiin terminal, what happens?(Type it into a command-line terminal, don't use the GUI button)
I was running it in the command line terminal, there was just no output there whatsoever. I did find the logs though. I suspect this issue may be because Linux Mint 20 changes the name of the release to no longer match Ubuntu (it's 'ulyana' now but based on Ubuntu 'focal'). This was just starting the gui and clicking on connect on the one entry I have added:
Sep. 10 09:29:01 openfortiGUI::Debug: "start-main::"
Sep. 10 09:29:01 openfortiGUI::Debug: using qt5ct plugin
Sep. 10 09:29:01 openfortiGUI::Debug: D-Bus global menu: no
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddVPN_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteVPN_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditVPN_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyVPN_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddGroup_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteGroup_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditGroup_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyGroup_clicked()
Sep. 10 09:29:01 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished()
Sep. 10 09:29:01 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished()
Sep. 10 09:29:01 openfortiGUI::Debug: D-Bus system tray: yes
Sep. 10 09:29:01 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/blitzd/.openfortigui/vpnprofiles/work.conf"
Sep. 10 09:29:01 openfortiGUI::Debug: MainWindow::refreshVpnProfileList() -> vpnprofiles found:: "work"
Sep. 10 09:29:01 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/blitzd/.openfortigui/vpnprofiles/work.conf"
Sep. 10 09:29:01 openfortiGUI::Debug: OS not affected by SUDO-Preserve-Env fix or no supported OS found, osname:: "ulyana"
Sep. 10 09:29:05 openfortiGUI::Debug: active-tab:: 0
Sep. 10 09:29:05 openfortiGUI::Debug: start vpn: "work" active-tab:: 0
Sep. 10 09:29:05 openfortiGUI::Debug: Start vpn:: "work"
Sep. 10 09:29:05 openfortiGUI::Debug: add logger "/home/blitzd/.openfortigui/main.conf"
Sep. 10 09:29:05 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/blitzd/.openfortigui/vpnprofiles/work.conf"
Sep. 10 09:29:05 openfortiGUI::Debug: vpnManager::onClientConnected()
Sep. 10 09:29:05 openfortiGUI::Debug: client api helo command:: 0 ::name:: "work"
Sep. 10 09:29:05 openfortiGUI::Debug: client disconnected:: "work"
Sep. 10 09:29:05 openfortiGUI::Debug: vpnManager::onClientVPNStatusChanged() "work" status 0
Sep. 10 09:29:05 openfortiGUI::Debug: MainWindow::onClientVPNStatusChanged:: "work" ::status:: 0
Sep. 10 09:29:05 openfortiGUI::Debug: VPN process "work" error occurred!
Sep. 10 09:29:05 openfortiGUI::Debug: VPN process "work" finished!There was no effect within the GUI, and the VPN didn't connect.
I am otherwise able to connect openfortivpn with the same values I am using via the CLI.
k-dahl
commented
3 years ago I suspect for Mint 20 this list also needs to include 'ulyana':
Output of lsb_release -c on Mint 20:
No LSB modules are available.
Distributor ID: Linuxmint
Description: Linux Mint 20
Release: 20
Codename: ulyanaThey used to mirror the Ubuntu releases they were based on, but it appears they stopped doing that somewhere along the way.
angela-d
commented
3 years ago From your logs:
OS not affected by SUDO-Preserve-Env fix or no supported OS found, osname:: "ulyana"
@blitzd I've not used Mint with Openfortigui, but what theinvisible posted to OP may affect you, as well.
Have you checked my notes? We may be on a different system, but I fiddle with my overall setup quite a bit so what affects me may be similar for others with non standard/"supported" setups, too.
edmundlaugasson
commented
3 years ago Having same issue:
Any solution?
At the same time Linux Mint 19.3 MATE it works. I also notice, that trusted certification is not available in Linux Mint 20 Cinnamon.
Currently found a workaround:
wandering-tales
commented
3 years ago @angela-d Sorry for the late reply. I retried again today after a long time and the error disappeared. I'm still not able to connect to my VPN because the program doesn't prompt me to insert the OTP, but that's another issue.
I checked my sudoers file, as you suggested, and the sudoers dir is correctly included:
# See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.dIn my /etc/sudoers.d/ dir I have a openfortigui file with the following content:
%sudo ALL=NOPASSWD:SETENV: /usr/bin/openfortigui --start-vpn *My current openfortigui version is 0.9.3.
scrlkx
commented
2 years ago I'm not sure we're are in the same problem, but a workaround that works for me is start it from the command line with sudo, like: sudo openfortigui. Plus I let the SUDO -E Option setting enabled.
No other way works for me, and it seems to be something specific with openfortigui.
edmundlaugasson
commented
2 years ago Strange, but when SUDO -E Option setting enabled, it will not query certificate. So I first disable that option, then I get certificate. But even I run sudo openfortigui, in logs I get message sudo: Sorry, you are not allowed to use this solution. Besides, I tried also so, that logged in as root firstly (sudo -i) and then started openfortigui, still same issue... Openfortigui Version 0.9.5 is used from this repository. Is original website not updated? I see there still 0.9.4 version...
theinvisible
commented
2 years ago Indeed, was a bit late to update project site. There is now 0.9.5 available, also a real build .deb package for bullseye is now available: http://apt.iteas.at/iteas/pool/main/o/openfortigui/openfortigui_0.9.5-1_amd64_bullseye.deb
scrlkx
commented
2 years ago Just to keep the thread,
In the latest version, when trying to connect as a regular user, I get the following logs.
Sep 1 09:10:27 sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is requiredThis means your sudo ist not configured correctly for your user, best is to start with this sample configuration and adjust to your system: https://github.com/theinvisible/openfortigui/blob/master/openfortigui/sudo/openfortigui
edmundlaugasson
commented
2 years ago No, my sudo is working fine (it is autoconfigured by Openfortigui), just VPN certificate was outdated. Now it works again. Haven't fully tested everything. I'm just user and not VPN-server admin.
Episodio1
commented
2 years ago Hi!
Debian 11 bookworm (in "testing" release)
Running nonGUI with "sudo openfortivpn" connects OK. (v.1.17)
Running GUI (v 0.9.5) with/without sudo opens OK, but when connnecting to VPN nothing happens and error shows up in "journalctl":
debian kernel: openfortigui[14058]: segfault at 80 ip 00007fe8122ef2f0 sp 00007ffc5b7b3a08 error 4 in libQt5Core.so.5.15.2[7fe8121b7000+301000]
Episodio1
commented
2 years ago Running GUI (v 0.9.5) with/without sudo opens OK, but when connnecting to VPN nothing happens and error shows up in "journalctl":
Oops! Enabling checkbox: FILE -> SETTINGS >> SUDO -E . fixed the issue.
alexmcwi
commented
2 years ago Thank you @edmundlaugasson ! This works.
Having same issue:
* used https://apt.iteas.at/ repository, as we need a repository to update software in a more trusted and faster way * having Linux Mint 20 Cinnamon * nothing happens, when trying to connect * OpenFortiGUI v0.9.3 * logs are empty, even after trying to connectAny solution?
At the same time Linux Mint 19.3 MATE it works. I also notice, that trusted certification is not available in Linux Mint 20 Cinnamon.
Currently found a workaround:
* run OpenFortiGUI via sudo (with root permissions) * configure connection * connect - now it asks certificate properly and connects * run OpenFortiGUI again as regular user * now it connects also here * then used SUDO -E option from OpenFortiGUI settings and then also certificate as regular user received and now works also as regular user * then you can delete all configuration, profiles under sudo permissions and use these under regular user only as it should be
Trikenstein
commented
11 months ago Solved in Debian 12, using apt install openfortivpn which is a package supported by Debian
Solution with screenshot in https://github.com/theinvisible/openfortigui/issues/189
theinvisible
commented
11 months ago Solved in Debian 12, using
apt install openfortivpnwhich is a package supported by DebianSolution with screenshot in #189
Thats a NetworkManager plugin and has nothing to do whit OpenfortiGUI
I'm actually using OpenFortiGUI v0.9.2-1 on my Debian testing "Bullseye" system, installed from the https://apt.iteas.at/iteas APT repository for "buster" distribution.
Clicking on "Connect" button does not have any effect. The underlying cause can be found in the logs:
This looks like a long time recurrent error in Debian and Debian based distros (e.g. Ubuntu), and I detected its occurrence is intermittent between versions: the errors seems to be fixed in certain versions and then reappears in new ones.
The setting "SUDO -E Option" is already enabled. It is enabled by default.
I already tried several times to clean up the program configuration in my home dir.