search

theinvisible / openfortigui

VPN-GUI to connect to Fortigate-Hardware, based on openfortivpn
https://hadler.me/linux/openfortigui/
GNU General Public License v3.0
491 stars 54 forks source link

Unable to connect. Username and password dialog not showing #158

Open rhelms opened 2 years ago

rhelms commented 2 years ago

Hi

I'm running Xubuntu 21.04 with i3, and attempting to use openFortiGUI 0.9.5 installed from the https://apt.iteas.at/ repo.

When I try to connect to the configured VPN, the username and password dialogue does not show.

This is from the logs.

==> logs/openfortigui.log <==
Oct 7 17:46:07 openfortiGUI::Debug: "start-main::"
Oct 7 17:46:07 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddVPN_clicked()
Oct 7 17:46:07 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteVPN_clicked()
Oct 7 17:46:07 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditVPN_clicked()
Oct 7 17:46:07 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyVPN_clicked()
Oct 7 17:46:07 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddGroup_clicked()
Oct 7 17:46:07 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteGroup_clicked()
Oct 7 17:46:07 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditGroup_clicked()
Oct 7 17:46:07 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyGroup_clicked()
Oct 7 17:46:07 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished()
Oct 7 17:46:07 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished()
Oct 7 17:46:07 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/reuben-local/.openfortigui/vpnprofiles/OTW.conf"
Oct 7 17:46:07 openfortiGUI::Debug: MainWindow::refreshVpnProfileList() -> vpnprofiles found:: "OTW"
Oct 7 17:46:07 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/reuben-local/.openfortigui/vpnprofiles/OTW.conf"
Oct 7 17:46:07 openfortiGUI::Debug: OS not affected by SUDO-Preserve-Env fix or no supported OS found, osname:: "hirsute"
Oct 7 17:46:16 openfortiGUI::Debug: active-tab:: 0
Oct 7 17:46:16 openfortiGUI::Debug: start vpn: "OTW" active-tab:: 0
Oct 7 17:46:16 openfortiGUI::Debug: Start vpn:: "OTW"
Oct 7 17:46:16 openfortiGUI::Debug: add logger "/home/reuben-local/.openfortigui/main.conf"
Oct 7 17:46:16 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/reuben-local/.openfortigui/vpnprofiles/OTW.conf"
Oct 7 17:46:16 openfortiGUI::Debug: "start-vpn process::" "OTW"
Oct 7 17:46:16 openfortiGUI::Debug: "start-vpn process::config_file::" "/home/reuben-local/.openfortigui/main.conf"
Oct 7 17:46:16 openfortiGUI::Warning: "QLocalSocket::connectToServer: Invalid name"
Oct 7 17:46:16 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/reuben-local/.openfortigui/vpnprofiles/OTW.conf"
Oct 7 17:46:16 openfortiGUI::Warning: Socket not open
Oct 7 17:46:46 openfortiGUI::Warning: Socket not open
Oct 7 17:46:46 openfortiGUI::Debug: shutting down vpn process:: "OTW"
Oct 7 17:46:46 openfortiGUI::Debug: VPN process  "OTW"  finished!

However, when I run as root, or rather, via sudo openfortigui from the command line, everything works fine.

I do have the SUDO -E Option selected, but as you can see from the log, it may not be kicking in, or it may be totally unrelated.

I use this successfully on Xubuntu 20.04 running i3, although I'm on version 0.9.0, and I don't want to risk it not working by upgrading.

rhelms commented 2 years ago

C++ isn't really my thing, but I've tried to follow the code, and what I think is happening is calls to apiServer.connectToServer(openfortigui_config::name) are failing due to "Invalid name" and the subsequent check to see if the socket is open is failing, hence "Socker not open".

In my install, I can see a socket getting created at /tmp/user/1000/openfortiGUI when the application is opened. While the socket file itself and the directory is owned by my local user, the parent directory is owned by root and does not allow group or other read access. This is likely a default of the Xubuntu setup. There is also a config-err-KATMCo file in the same directory that is rw by my user only.

In my 20.04 install, the same socket file is located under /tmp. Understandabley, the /tmp direct has rwx for ug and rwt for owner.

I wonder if a lack of read access by root (group) to /tmp/user/1000, and possibly execute, is causing the issue. I'll try some incremental changes to the permissions of those directories and see what happens.

rhelms commented 2 years ago

Nope, that did not work. I tried changing the group of /tmp/user/1000 to be reuben-local and even fully opened permissions to rwx for /tmp/user/1000, but no dice. There must be something going on in connectToServer, rather than just testing that the socket is open.

rhelms commented 2 years ago

Small update. The VPN side of things is working. If I supply the password in the config, then when I ask the GUI to Connect, and I complete the MFA side of things that the VPN server requires, the pppd session is started and works a treat. However, the GUI doesn't get any feedback about this, and the logs/openfortigui.log file has "openfortiGUI::Warning: Socket not open" spammed into it (every 2 seconds).

For completeness, another log

Oct 11 18:16:24 openfortiGUI::Debug: "start-main::"
Oct 11 18:16:25 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddVPN_clicked()
Oct 11 18:16:25 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteVPN_clicked()
Oct 11 18:16:25 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditVPN_clicked()
Oct 11 18:16:25 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyVPN_clicked()
Oct 11 18:16:25 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnAddGroup_clicked()
Oct 11 18:16:25 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnDeleteGroup_clicked()
Oct 11 18:16:25 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnEditGroup_clicked()
Oct 11 18:16:25 openfortiGUI::Warning: QMetaObject::connectSlotsByName: No matching signal for on_btnCopyGroup_clicked()
Oct 11 18:16:25 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished()
Oct 11 18:16:25 openfortiGUI::Warning: QObject::connect: No such signal vpnLogger::finished()
Oct 11 18:16:25 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/reuben-local/.openfortigui/vpnprofiles/OTW.conf"
Oct 11 18:16:25 openfortiGUI::Debug: MainWindow::refreshVpnProfileList() -> vpnprofiles found:: "OTW"
Oct 11 18:16:25 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/reuben-local/.openfortigui/vpnprofiles/OTW.conf"
Oct 11 18:16:25 openfortiGUI::Debug: OS not affected by SUDO-Preserve-Env fix or no supported OS found, osname:: "hirsute"
Oct 11 18:16:37 openfortiGUI::Debug: active-tab:: 0
Oct 11 18:16:37 openfortiGUI::Debug: start vpn: "OTW" active-tab:: 0
Oct 11 18:16:37 openfortiGUI::Debug: Start vpn:: "OTW"
Oct 11 18:16:37 openfortiGUI::Debug: add logger "/home/reuben-local/.openfortigui/main.conf"
Oct 11 18:16:37 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/reuben-local/.openfortigui/vpnprofiles/OTW.conf"
Oct 11 18:16:37 openfortiGUI::Debug: "start-vpn process::" "OTW"
Oct 11 18:16:37 openfortiGUI::Debug: "start-vpn process::config_file::" "/home/reuben-local/.openfortigui/main.conf"
Oct 11 18:16:37 openfortiGUI::Warning: "QLocalSocket::connectToServer: Invalid name"
Oct 11 18:16:38 openfortiGUI::Debug: tiConfVpnProfile::readVpnProfiles() -> vpnprofile found: "/home/reuben-local/.openfortigui/vpnprofiles/OTW.conf"
Oct 11 18:16:38 openfortiGUI::Debug: vpnWorker::process::slot
Oct 11 18:16:38 openfortiGUI::Debug: 1633940198223 bytes avail:: 52
Oct 11 18:16:38 openfortiGUI::Debug: vpnProcess::onObserverUpdate::status_update "OTW" state 1
Oct 11 18:16:38 openfortiGUI::Debug: vpnProcess::onObserverUpdate::status_update2 "OTW" state 1
Oct 11 18:16:38 openfortiGUI::Warning: Socket not open
Oct 11 18:16:47 openfortiGUI::Debug: 1633940207899 bytes avail:: 118
Oct 11 18:16:48 openfortiGUI::Debug: 1633940208100 bytes avail:: 242
Oct 11 18:16:50 openfortiGUI::Debug: 1633940210589 bytes avail:: 291
Oct 11 18:16:51 openfortiGUI::Debug: vpnProcess::onObserverUpdate::status_update "OTW" state 2
Oct 11 18:16:51 openfortiGUI::Debug: vpnProcess::onObserverUpdate::status_update2 "OTW" state 2 ppp-interface:: ppp0
Oct 11 18:16:51 openfortiGUI::Warning: Socket not open
Oct 11 18:16:52 openfortiGUI::Warning: Socket not open

When I hit the Disconnect button, the UI crashes and I have to kill the background --start-vpn process.

oviron commented 2 years ago

Got exatly the same issue with Ubuntu 21.10

I could provide log if needed, but every detail is the same.

rhelms commented 2 years ago

No. I ended up running openfortivpn directly in a shell and then I use KDocker to hide the terminal in the background. I haven't looked back.

Regards Reuben Helms

On Tue, Jun 21, 2022 at 3:28 AM wojciechcwek @.***> wrote:

Hi @rhelms https://github.com/rhelms, I've got the same problem on ubuntu 22.04. Fortigui for a one month worked good, but today the issue, you described on 11th October, occurs to me. Have you found solution?

— Reply to this email directly, view it on GitHub https://github.com/theinvisible/openfortigui/issues/158#issuecomment-1160691805, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGHGB7UN7224AHCNFA6QBDVQCS3NANCNFSM5FQT4FYQ . You are receiving this because you were mentioned.Message ID: @.***>