Re: VPN connections in NetworkManager have strange behaviour - FINAL WORDS !
On Fri, 2009-05-29 at 18:09 +0200, Axel wrote: > Le 22/05/2009 18:58, Dan Williams a écrit : > > On Fri, 2009-05-22 at 15:37 +0200, Axel wrote: > > > > > > That is really weird. I would not expect this to fail given the dumps > > you've shown here. Are you sure 'iptables' is off? > > > > Dan > > > > > > > > Hello > I (in fact my network engineer :D ) have resolved my problem by > modifying another NAT traversal setting. It was set on "Cisco UDP", > and I changed it to "NAT-T". Anyway, this setting was not mentionned > in my vpnc configuration file, maybe vpnc command line tool defaults > to NAT-T or chooses the NAT traversal type by himself. > > Thanks again for your help and sorry for the time loss on this thread. No problem; now we know what it is. That's quite useful. The current client defaults to Cisco UDP if the setting is not modified during import or configuration. Unfortunately, this is just another of the things that the hapless user has to know... :( Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: VPN connections in NetworkManager have strange behaviour - FINAL WORDS !
Le 22/05/2009 18:58, Dan Williams a écrit : On Fri, 2009-05-22 at 15:37 +0200, Axel wrote: That is really weird. I would not expect this to fail given the dumps you've shown here. Are you sure 'iptables' is off? Dan Hello I (in fact my network engineer :D ) have resolved my problem by modifying another NAT traversal setting. It was set on "Cisco UDP", and I changed it to "NAT-T". Anyway, this setting was not mentionned in my vpnc configuration file, maybe vpnc command line tool defaults to NAT-T or chooses the NAT traversal type by himself. Thanks again for your help and sorry for the time loss on this thread. Axel ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: VPN connections in NetworkManager have strange behaviour
Le 18/05/2009 18:02, Dan Williams a écrit : Ugh. Since it is a TUN device, we probably should be defaulting to a /32 in NetworkManager-vpnc. Any chance you could ask your admin to fix the VPN settings? Technically it is a bug in the setup; no way to know what the netmask is if the admin doesn't pass one. Dan Should not NetworkManager reproduce the vpnc behaviour, since it works (at least in my case) ? Anyway, it seems to be not the only problem. (or maybe not this problem at all). I modified the script (described in your first answer) to use 255.255.255.255 as the netmask, given with the INTERNAL_IP4_NETMASK variable. Using vpnc : [r...@axel-asus libexec]# LANG="C" netstat -aren Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 62.39.X.X 192.168.246.254 255.255.255.255 UGH 0 00 eth0 192.168.246.0 0.0.0.0 255.255.255.0 U 1 00 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 00 virbr0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 00 tun0 [r...@axel-asus libexec]# ifconfig tun0 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet adr:10.240.200.10 P-t-P:10.240.200.10 Masque:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1412 Metric:1 [r...@axel-asus libexec]# ping 10.240.62.13 PING 10.240.62.13 (10.240.62.13) 56(84) bytes of data. 64 bytes from 10.240.62.13: icmp_seq=1 ttl=121 time=22.5 ms ^C --- 10.240.62.13 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 550ms rtt min/avg/max/mdev = 22.578/22.578/22.578/0.000 ms And using NetworkManager, the routes are the same. The interface configuration is the same too now, with the same netmask. [r...@axel-asus libexec]# LANG="C" netstat -aren Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 62.39.X.X 192.168.246.254 255.255.255.255 UGH 0 00 eth0 192.168.246.0 0.0.0.0 255.255.255.0 U 1 00 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 00 virbr0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 00 tun0 [r...@axel-asus libexec]# ifconfig tun0 tun0 inet adr:10.240.200.10 P-t-P:10.240.200.10 Masque:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1412 Metric:1 [r...@axel-asus libexec]# ping 10.240.62.13 PING 10.240.62.13 (10.240.62.13) 56(84) bytes of data. ^C --- 10.240.62.13 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3406ms So, with same routes, same interface configuration, the results are different. Is there something I could do to debug that ? (tcpdump traces, debug level to enable, and so on..) Thanks Axel ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: VPN connections in NetworkManager have strange behaviour
On Fri, 2009-05-15 at 09:35 +0200, Axel wrote: > Le 14/05/2009 23:13, Dan Williams a écrit : > > Is the remote VPN server passing the netmask down to the client? vpnc > > should export the netmask in the environment of the handler it runs > > after connecting, in the INTERNAL_IP4_NETMASK variable. > > NetworkManager-vpnc looks for that, and if its found, it will use that > > value. So it could be a misconfiguration of your vpn concentrator. > > > > If that value is *not* present, NM will default to a /24, which could be > > what's happening here. That may be wrong, yes. But first lets verify > > what the VPN client is returning. One way to do this is to > > move /usr/libexec/nm-vpnc-service-vpnc-helper > > to /usr/libexec/nm-vpnc-service-vpnc-helper.ORIG, then put a small > > wrapper script at /usr/libexec/nm-vpnc-service-vpnc-helper that contains > > something like: > > > > #!/bin/sh > > env> /tmp/vpn-env > > /usr/libexec/nm-vpnc-service-vpnc-helper.ORIG $@ > > > > and make that script executable, then connect. That should dump the > > environment to the file /tmp/vpn-env which will allow us to figure this > > out. > > > > Dan > > > > > > > > Here is the content of the generated file : > > TERM=linux > reason=connect > TUNDEV=tun0 > PATH=/sbin:/usr/sbin:/bin:/usr/bin > runlevel=5 > RUNLEVEL=5 > _=/bin/env > UPSTART_EVENT=runlevel > LANGSH_SOURCED=1 > PWD=/ > VPNGATEWAY=62.39.X.X > LANG=fr_FR.UTF-8 > previous=N > PREVLEVEL=N > CONSOLETYPE=vt > SHLVL=5 > UPSTART_JOB=rc5 > INTERNAL_IP4_ADDRESS=10.240.200.10 > UPSTART_JOB_ID=10 Ugh. Since it is a TUN device, we probably should be defaulting to a /32 in NetworkManager-vpnc. Any chance you could ask your admin to fix the VPN settings? Technically it is a bug in the setup; no way to know what the netmask is if the admin doesn't pass one. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: VPN connections in NetworkManager have strange behaviour
Le 14/05/2009 23:13, Dan Williams a écrit : Is the remote VPN server passing the netmask down to the client? vpnc should export the netmask in the environment of the handler it runs after connecting, in the INTERNAL_IP4_NETMASK variable. NetworkManager-vpnc looks for that, and if its found, it will use that value. So it could be a misconfiguration of your vpn concentrator. If that value is *not* present, NM will default to a /24, which could be what's happening here. That may be wrong, yes. But first lets verify what the VPN client is returning. One way to do this is to move /usr/libexec/nm-vpnc-service-vpnc-helper to /usr/libexec/nm-vpnc-service-vpnc-helper.ORIG, then put a small wrapper script at /usr/libexec/nm-vpnc-service-vpnc-helper that contains something like: #!/bin/sh env> /tmp/vpn-env /usr/libexec/nm-vpnc-service-vpnc-helper.ORIG $@ and make that script executable, then connect. That should dump the environment to the file /tmp/vpn-env which will allow us to figure this out. Dan Here is the content of the generated file : TERM=linux reason=connect TUNDEV=tun0 PATH=/sbin:/usr/sbin:/bin:/usr/bin runlevel=5 RUNLEVEL=5 _=/bin/env UPSTART_EVENT=runlevel LANGSH_SOURCED=1 PWD=/ VPNGATEWAY=62.39.X.X LANG=fr_FR.UTF-8 previous=N PREVLEVEL=N CONSOLETYPE=vt SHLVL=5 UPSTART_JOB=rc5 INTERNAL_IP4_ADDRESS=10.240.200.10 UPSTART_JOB_ID=10 Indeed there is no INTERNAL_IP4_NETMASK variable. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: VPN connections in NetworkManager have strange behaviour
On Thu, 2009-05-14 at 16:08 +0200, Axel wrote: > Hello > > I have a problem when using NetworkManager to connect to VPN > connections, on an up to date fedora 11 system. > Packages versions are : > NetworkManager-gnome-0.7.1-4.git20090414.fc11.i586 > NetworkManager-vpnc-0.7.0.99-1.fc11.i586 > NetworkManager-0.7.1-4.git20090414.fc11.i586 > NetworkManager-openvpn-0.7.0.99-1.fc11.i586 > NetworkManager-pptp-0.7.0.99-1.fc11.i586 > NetworkManager-glib-0.7.1-4.git20090414.fc11.i586 > NetworkManager-glib-devel-0.7.1-4.git20090414.fc11.i586 > NetworkManager-devel-0.7.1-4.git20090414.fc11.i586 > > I previously (ubuntu gutsy) used to connect to a vpnc (VPN Compatible > Cisco) server with the command line tool. > > Using the command line still works with Fedora 11. When I try to switch > to the NetworkManager builtin VPN manager, I manage to connect to the > remote VPN server, but no network activity can be made. It s maybe a > problem with the routes. > > When connecting to the VPN with the vpnc command line tool, no specific > configuration (but the group & user login/password) is defined. No > specific routing configuration has been made. > > 192.168.246.254 is the gateway of the LAN. > 62.39.X.X is the remote VPN server. > Is the remote VPN server passing the netmask down to the client? vpnc should export the netmask in the environment of the handler it runs after connecting, in the INTERNAL_IP4_NETMASK variable. NetworkManager-vpnc looks for that, and if its found, it will use that value. So it could be a misconfiguration of your vpn concentrator. If that value is *not* present, NM will default to a /24, which could be what's happening here. That may be wrong, yes. But first lets verify what the VPN client is returning. One way to do this is to move /usr/libexec/nm-vpnc-service-vpnc-helper to /usr/libexec/nm-vpnc-service-vpnc-helper.ORIG, then put a small wrapper script at /usr/libexec/nm-vpnc-service-vpnc-helper that contains something like: #!/bin/sh env > /tmp/vpn-env /usr/libexec/nm-vpnc-service-vpnc-helper.ORIG $@ and make that script executable, then connect. That should dump the environment to the file /tmp/vpn-env which will allow us to figure this out. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
RE: Vpn Connections.
On Tue, 28 Oct 2008, Dan Williams wrote: Seriously, /usr/bin/cisco-decrypt is the easiest solution by far. If you have vpnc installed, you have cisco-decrypt (or else your distros vpnc maintainer should be shot). You don't even need network access for it, and your group secret doesn't escape outside your machine. It would make sense to split it off in a separate package, since people not using vpnc or NM but using IPsec directly (openswan, stringswan, ipsec-tools) might also want to use it for deobfuscating their company cisco information. Paul ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Vpn Connections.
On Mon, 2008-10-27 at 11:24 +0100, Martinsson Patrik wrote: > Hello all ! > > Im using NetworkManager 0.7 in Fedora 9 and seems to have problem with > the vpn connections, which is a shame because that is basicly the > function i want to use :) > > Anyway, the question. > How does NetworkManagaer handle the import of cisco pcf file ? > What im really interested in is if it uses all the settings i have in > that file ? > > Settings im wondering about is, > > SaveUserPassword=0 > SaveGroupPwd=1 > enc_GroupPwd=[hash] > > Why im wondering this is because when i make a connection to my vpn > network and i type in the right password, everything works well, but > if i disconnect and then make second try to connect i want to type in > a new password (couse we have these RSA secureID tags where we get our > passwords from for each connection), however i never get > asked/prompted to type in the password again, it seems like it tries > to connect with the old password, which of course is not successful..I > look at the debug messages and what I get is this, NM-vpnc doesn't yet support the RSA secureID tags. We'll be doing this soon (post 0.7) but at the moment, we cannot handle the challenge/response very well. There are patches in Fedora to "only save the group password in the keyring" which you might be able to use, but upstream we'll fix this in a better manner. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
RE: Vpn Connections.
Well, the problem in my case wasnt the decrypting. I was just a bit curios how it handled it, but that part worked out as expected. Did anybody by chance had a look at the problem i described yesterday ? >This is what not seems to be working, at least in my case. >When im entering a key that is not valid, if i let say by mistake typed in >wrong key it will say something like "Cant connect to vpn etc." which is fine, >but then when im trying to connect again, i don't get prompted for another >password, it just uses the old one and quickly tells me "Cant connect to vpn >etc." >However, if i successfully connects to a vpn network (when i typed in the >right key ofcourse) and then disconnects and then again connect to it, it will >ask me for a password, which is the way it should behave. /Patrik > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Vpn Connections. > Date: Tue, 28 Oct 2008 08:43:42 + > CC: [EMAIL PROTECTED]; networkmanager-list@gnome.org > > > > > > Subject: Re: Vpn Connections. > > From: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > Date: Mon, 27 Oct 2008 13:01:28 -0400 > > CC: [EMAIL PROTECTED]; networkmanager-list@gnome.org > > > > On Mon, 2008-10-27 at 12:34 -0400, Paul Wouters wrote: > >> On Mon, 27 Oct 2008, Martinsson Patrik wrote: > >> > >>> How does NetworkManagaer handle the import of cisco pcf file ? > >>> What im really interested in is if it uses all the settings i have in > >>> that file ? > >> > >> Openswan has a pcf2os.pl script on contrib/ that can convert pcf files to > >> openswan > >> config files. However, the pcf file can contain an obfuscated group PSK. I > >> don't know > >> if anyone ever wrote a proper deobfuscation program. There used to be > >> something at > >> http://femto.cs.uiuc.edu/~sbond/vpnc/ which basically amounted to running > >> the > >> cisco client through ltrace -i and read it from a memcpy statement. > > > > It's been completely handled now, vpnc ships a 'cisco-decrypt' in the > > tarball which doesn't depend on the binary cisco client. There are some > > patches awaiting my review that will automatically decrypt the group > > password on import. > > > > Dan > > In fact, it's even easier. vpnc runs a web form to decode encrypted group > password. You just have to type in the encrypted password and click decode: > http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode > > > >>> NetworkManager: VPN connection 'Connection to SMHI' (Connect) reply > >>> received. > >>> /usr/sbin/vpnc: noninteractive can't reuse password > >> > >> If this is using XAUTH, Openswan now supports storing the XAUTH password > >> in its > >> /etc/ipsec.secrets file (though I know NM would like to be able to just > >> pass all > >> arguments to openswan) > >> > >> Paul, who wishes he had more cycles to spend on integrating NM and > >> openswan. > >> ___ > >> NetworkManager-list mailing list > >> NetworkManager-list@gnome.org > >> http://mail.gnome.org/mailman/listinfo/networkmanager-list > > > > ___ > > NetworkManager-list mailing list > > NetworkManager-list@gnome.org > > http://mail.gnome.org/mailman/listinfo/networkmanager-list > > _ > Store, manage and share up to 5GB with Windows Live SkyDrive. > http://skydrive.live.com/welcome.aspx?provision=1?ocid=TXT_TAGLM_WL_skydrive_102008 > ___ > NetworkManager-list mailing list > NetworkManager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list _ Senaste sportnyheterna & rykande färska resultat! http://sport.msn.se/___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
RE: Vpn Connections.
On Tue, 2008-10-28 at 08:43 +, New Acct wrote: > > > > Subject: Re: Vpn Connections. > > From: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > Date: Mon, 27 Oct 2008 13:01:28 -0400 > > CC: [EMAIL PROTECTED]; networkmanager-list@gnome.org > > > > On Mon, 2008-10-27 at 12:34 -0400, Paul Wouters wrote: > >> On Mon, 27 Oct 2008, Martinsson Patrik wrote: > >> > >>> How does NetworkManagaer handle the import of cisco pcf file ? > >>> What im really interested in is if it uses all the settings i have in > >>> that file ? > >> > >> Openswan has a pcf2os.pl script on contrib/ that can convert pcf files to > >> openswan > >> config files. However, the pcf file can contain an obfuscated group PSK. I > >> don't know > >> if anyone ever wrote a proper deobfuscation program. There used to be > >> something at > >> http://femto.cs.uiuc.edu/~sbond/vpnc/ which basically amounted to running > >> the > >> cisco client through ltrace -i and read it from a memcpy statement. > > > > It's been completely handled now, vpnc ships a 'cisco-decrypt' in the > > tarball which doesn't depend on the binary cisco client. There are some > > patches awaiting my review that will automatically decrypt the group > > password on import. > > > > Dan > > In fact, it's even easier. vpnc runs a web form to decode encrypted group > password. You just have to type in the encrypted password and click decode: > http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode Um, that's sort of insecure :) Seriously, /usr/bin/cisco-decrypt is the easiest solution by far. If you have vpnc installed, you have cisco-decrypt (or else your distros vpnc maintainer should be shot). You don't even need network access for it, and your group secret doesn't escape outside your machine. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
RE: Vpn Connections.
> Subject: Re: Vpn Connections. > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Date: Mon, 27 Oct 2008 13:01:28 -0400 > CC: [EMAIL PROTECTED]; networkmanager-list@gnome.org > > On Mon, 2008-10-27 at 12:34 -0400, Paul Wouters wrote: >> On Mon, 27 Oct 2008, Martinsson Patrik wrote: >> >>> How does NetworkManagaer handle the import of cisco pcf file ? >>> What im really interested in is if it uses all the settings i have in that >>> file ? >> >> Openswan has a pcf2os.pl script on contrib/ that can convert pcf files to >> openswan >> config files. However, the pcf file can contain an obfuscated group PSK. I >> don't know >> if anyone ever wrote a proper deobfuscation program. There used to be >> something at >> http://femto.cs.uiuc.edu/~sbond/vpnc/ which basically amounted to running the >> cisco client through ltrace -i and read it from a memcpy statement. > > It's been completely handled now, vpnc ships a 'cisco-decrypt' in the > tarball which doesn't depend on the binary cisco client. There are some > patches awaiting my review that will automatically decrypt the group > password on import. > > Dan In fact, it's even easier. vpnc runs a web form to decode encrypted group password. You just have to type in the encrypted password and click decode: http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode > >>> NetworkManager: VPN connection 'Connection to SMHI' (Connect) reply >>> received. >>> /usr/sbin/vpnc: noninteractive can't reuse password >> >> If this is using XAUTH, Openswan now supports storing the XAUTH password in >> its >> /etc/ipsec.secrets file (though I know NM would like to be able to just pass >> all >> arguments to openswan) >> >> Paul, who wishes he had more cycles to spend on integrating NM and openswan. >> ___ >> NetworkManager-list mailing list >> NetworkManager-list@gnome.org >> http://mail.gnome.org/mailman/listinfo/networkmanager-list > > ___ > NetworkManager-list mailing list > NetworkManager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list _ Store, manage and share up to 5GB with Windows Live SkyDrive. http://skydrive.live.com/welcome.aspx?provision=1?ocid=TXT_TAGLM_WL_skydrive_102008 ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Vpn Connections.
On Mon, 2008-10-27 at 12:34 -0400, Paul Wouters wrote: > On Mon, 27 Oct 2008, Martinsson Patrik wrote: > > > How does NetworkManagaer handle the import of cisco pcf file ? > > What im really interested in is if it uses all the settings i have in that > > file ? > > Openswan has a pcf2os.pl script on contrib/ that can convert pcf files to > openswan > config files. However, the pcf file can contain an obfuscated group PSK. I > don't know > if anyone ever wrote a proper deobfuscation program. There used to be > something at > http://femto.cs.uiuc.edu/~sbond/vpnc/ which basically amounted to running the > cisco client through ltrace -i and read it from a memcpy statement. It's been completely handled now, vpnc ships a 'cisco-decrypt' in the tarball which doesn't depend on the binary cisco client. There are some patches awaiting my review that will automatically decrypt the group password on import. Dan > > NetworkManager: VPN connection 'Connection to SMHI' (Connect) reply > > received. > > /usr/sbin/vpnc: noninteractive can't reuse password > > If this is using XAUTH, Openswan now supports storing the XAUTH password in > its > /etc/ipsec.secrets file (though I know NM would like to be able to just pass > all > arguments to openswan) > > Paul, who wishes he had more cycles to spend on integrating NM and openswan. > ___ > NetworkManager-list mailing list > NetworkManager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
RE: Vpn-Connections
As a matter of fact i tried with that just before i went home, a mistakes from my side that i didn't think of that earlier today. It works ALMOST as expected. This is what not seems to be working, at least in my case. When im entering a key that is not valid, if i let say by mistake typed in wrong key it will say something like "Cant connect to vpn etc." which is fine, but then when im trying to connect again, i don't get prompted for another password, it just uses the old one and quickly tells me "Cant connect to vpn etc." However, if i successfully connects to a vpn network (when i typed in the right key ofcourse) and then disconnects and then again connect to it, it will ask me for a password, which is the way it should behave. Maybe im missing something here ? Thanks in advance. Patrik > Subject: Re: > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > CC: networkmanager-list@gnome.org > Date: Mon, 27 Oct 2008 12:14:33 -0400 > > On Mon, 2008-10-27 at 10:39 +, Patrik Martinsson wrote: >> Hello all ! >> >> Im using NetworkManager 0.7 in Fedora 9 and seems to have problem with the >> vpn connections, which is a shame because that is basicly the function i >> want to use :) >> >> Anyway, the question. >> How does NetworkManagaer handle the import of cisco pcf file ? >> What im really interested in is if it uses all the settings i have in that >> file ? >> >> Settings im wondering about is, >> >> SaveUserPassword=0 >> SaveGroupPwd=1 >> enc_GroupPwd=[hash] >> >> Why im wondering this is because when i make a connection to my vpn network >> and i type in the right password, everything works well, but if i disconnect >> and then make second try to connect i want to type in a new password (couse >> we have these RSA secureID tags where we get our passwords from for each >> connection), however i never get asked/prompted to type in the password >> again, it seems like it tries to connect with the old password, which of >> course is not successful..I look at the debug messages and what I get is >> this, > > Are you checking the "Only save group password in the keyring" box in > the auth dialog? > > Dan > > _ Senaste sportnyheterna & rykande färska resultat! http://sport.msn.se/ ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: Vpn Connections.
On Mon, 27 Oct 2008, Martinsson Patrik wrote: > How does NetworkManagaer handle the import of cisco pcf file ? > What im really interested in is if it uses all the settings i have in that > file ? Openswan has a pcf2os.pl script on contrib/ that can convert pcf files to openswan config files. However, the pcf file can contain an obfuscated group PSK. I don't know if anyone ever wrote a proper deobfuscation program. There used to be something at http://femto.cs.uiuc.edu/~sbond/vpnc/ which basically amounted to running the cisco client through ltrace -i and read it from a memcpy statement. > NetworkManager: VPN connection 'Connection to SMHI' (Connect) reply > received. > /usr/sbin/vpnc: noninteractive can't reuse password If this is using XAUTH, Openswan now supports storing the XAUTH password in its /etc/ipsec.secrets file (though I know NM would like to be able to just pass all arguments to openswan) Paul, who wishes he had more cycles to spend on integrating NM and openswan. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: VPN Connections and DNS configurations
From: "pedro hrfpeixoto gmail com" To: networkmanager-list gnome org Subject: VPN Connections and DNS configurations Date: Mon, 28 May 2007 15:32:21 -0300 Hi there, I'd like to know if theres is a way to manualy enter DNS server names and domains when using M$ PPTP and OpenVPN connections under Network Manager. Can i do that editing each connections configuration file? where are theese files located? Thanks in advance Hi in there, You could always make a script that will update /etc/resolv.conf when you estabilish a connection... Regards, Tomas ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: vpn connections grayed out in nm-applet
Vinay I've configured NetworkManager to start at boot time and manage eth0, my wired connection. The VPN connections are no longer grayed out and are now active! I selected one to start and /var/log/messages says it failed. However, it may be due to my being inside my company's firewall. I will try it again from outside the firewall, discuss the results with my network admin and post the results. Thanks very much for the help. Mark On 5/22/06, Vinay <[EMAIL PROTECTED]> wrote: Hi, You dont need to turn off the Network establishment during system boot. Does NetworkManager starts on system boot ?? Or you launch the NetworkManager after logging in?? If you are launching the NetworkManager, launch it using 'NetworkManager --no-daemon'. Then check if you get a message "Connection Established". If you dont get this message and NM will be trying to establish it, then you will see all the vpn connections grayed out. Please check the above and get back to me if you face any problem. Regards, Vinay -- http://www.geocities.com/juszczec/shawJCCkarate.html ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: vpn connections grayed out in nm-applet
Hi, VPN Connections are grayed out till your Network Connection is not up. Is your Network Connection established through NetworkManager ? nm-applet shows you the list of VPN Connections you have configured ( All of them, Cisco, OpenVPN, NovellVPN ) and it is not a problem with Novell Extensions. Thanks. With Regards, Vinay Mark juszczec wrote: > Hello all > > I'm running NetworkManager (as root) with the Novell extensions to > allow connectivity with a Nortel Contivity switch. > > I've configured 2 connections (again as root) via the "VPN Connection" > option called "Configure VPN" > > Both of these connection names are grayed out. I cannot select them. > > Is this a permission problem with the files containing the connection > information? Is it a Gnome problem? Is it a problem with the Novell > extensions? Is it some other kind of misconfiguration? Has anyone > had a problem like this? > > Any advice or suggestions will be greatly appreciated. > > Mark > ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list