Attached is a new ebuild providing a plugin for networkmanager to make use of the openconnect VPN client. It is largely based on the existing net-misc/networkmanager-openvpn ebuild. You would need to install openconnect to make use of this plugin, it isn't currently in portage but an ebuild is available in bug #263097. Reproducible: Always
Created attachment 254989 [details] ebuild for openconnect plugin for networkmanager
Hello, The Gentoo Team would like to firstly thank you for your ebuild submission. We also apologize for not being able to accommodate you in a timely manner. There are simply too many new packages. Allow me to use this opportunity to introduce you to Gentoo Sunrise. The sunrise overlay[1] is a overlay for Gentoo which we allow trusted users to commit to and all users can have ebuilds reviewed by Gentoo devs for entry into the overlay. So, the sunrise team is suggesting that you look into this and submit your ebuild to the overlay where even *you* can commit to. =) Thanks, On behalf of the Gentoo Sunrise Team, Michał. [1]: http://www.gentoo.org/proj/en/sunrise/ [2]: http://overlays.gentoo.org/proj/sunrise/wiki/SunriseFaq
Does not work for me (using it with NetworkManager 0.8.2). net-misc/networkmanager-openconnect-0.8.2 It installs correctly (as far as I get it) but does not show up in the NetworkManager GUI. openvpn and other plugins show up but no "openconnect". I couldn't find the fault, but I must admit that I only took a short look. Cheers, Bjoern
I should have mentioned that I am using kde-misc/knetworkmanager-4.4.0_p20110415 as Frontend.
I don't see an openconnect VPN option in knetworkmanager either. I'm using: kde-misc/knetworkmanager-4.4.0_p20110415 net-misc/networkmanager-0.8-r1 net-misc/networkmanager-openconnect-0.8 FYI, when I start /etc/init.d/dbus, I see the following warning: Unknown username "nm-openconnect" in message bus configuration file
(In reply to comment #5) > I don't see an openconnect VPN option in knetworkmanager either. I'm using: > > kde-misc/knetworkmanager-4.4.0_p20110415 > net-misc/networkmanager-0.8-r1 > net-misc/networkmanager-openconnect-0.8 > > FYI, when I start /etc/init.d/dbus, I see the following warning: > > Unknown username "nm-openconnect" in message bus configuration file Just uncomment/delete the according policy section here: /etc/dbus-1/system.d/nm-openconnect-service.conf This section is not present in the vpn plugin so I guess it is not required here. Mine now looks like this: <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <policy user="root"> <allow own="org.freedesktop.NetworkManager.openconnect"/> <allow send_destination="org.freedesktop.NetworkManager.openconnect"/> </policy> <policy context="default"> <deny own="org.freedesktop.NetworkManager.openconnect"/> <deny send_destination="org.freedesktop.NetworkManager.openconnect"/> </policy> </busconfig> But this does not make any difference except that the error message you mentioned goes away. Cheers, Bjoern
By the way, a versionbump to networkmanager-openconnect-0.8.4.ebuild fails now with main.c:39:32: fatal error: gconf/gconf-client.h: No such file or directory compilation terminated. openconnect-3.02-r1 ebuild (attachment 274161 [details]) is required to install networkmanager-openconnect-0.8.4 at all and see this error. See bug 263097, comment #29 Cheers, Bjoern
Created attachment 274165 [details] networkmanager-openconnect-0.8.4.ebuild As long as it is configured with gnome it compiles: USE="gnome" emerge --nodeps --jobs=1 -v networkmanager-openconnect removing GNOME from the useflags (./configure --without-gnome) the compilation fails with: main.c:39:32: fatal error: gconf/gconf-client.h: No such file or directory compilation terminated. Does anyone have a clue about the real runtime/compiletime dependencies? I didn't check if it is visible in NetworkManger. I first want to clean out this stuff... Cheers, Bjoern
Created attachment 274167 [details, diff] nm-openconnect-service.patch nm-openconnect-service.patch Patch to remove the offending lines from nm-openconnect-service.conf Cheers, Bjoern
I don't get it: May 21 00:20:19 larry NetworkManager[3416]: <info> VPN: loaded org.freedesktop.NetworkManager.openconnect but nothing visible in the KDE NetworkManager...
Where to start? ... Please make the 0.8.4 ebuild require openconnect v3.02. That provides the libopenconnect library that is needed to build the auth-dialog. The build failure when building without GNOME is my fault; it shouldn't be trying to build the auth-dialog in that case. For now add --without-authdlg alongside --without-gnome in the configure args, if ! use gnome. But that does leave you without an authentication dialog at all. See https://bugs.kde.org/show_bug.cgi?id=226028 for the corresponding KDE bug (RFE). Want to help fix that? Now that openconnect exports its auth stuff in a library, it should mostly be a case of cut/paste from the KDE vpnc or openvpn bits...
(In reply to comment #5) > Unknown username "nm-openconnect" in message bus configuration file NetworkManager wants to run openconnect as its own unprivileged user, not as root. This is a security feature. If you do not have a local 'nm-openconnect' user, it looks like it'll try to run openconnect as root. This fallback path is not well-tested, and is very much not recommended. Please have the ebuild create the corresponding local user. I'd happily take a patch to make that username configurable at build time, which would autogenerate the nm-openconnect-service.conf file with the appropriate username. I might even take a version of that which allows you to disable the use of a separate user, as long as it clearly shouts DO NOT DO THIS if you try to use it :)
Thanks for the comments, I'll incorporate your suggestions and see what happens. Cheers, Bjoern
Created attachment 274203 [details] networkmanager-openconnect-0.8.4.ebuild proper - added nm-openconnect user - added --without-authdlg when USE="-gnome" - removed patch Nevertheless it does not show up in the KDE NetworkManager applet... Cheers, Bjoern
(In reply to comment #14) > Created attachment 274203 [details] > networkmanager-openconnect-0.8.4.ebuild proper > > - added nm-openconnect user > - added --without-authdlg when USE="-gnome" > - removed patch All looks good; thanks. I've committed a fix upstream to remove the need for that --without-authdlg. > Nevertheless it does not show up in the KDE NetworkManager applet... I'll be happy to help you fix that... :)
(In reply to comment #15) > (In reply to comment #14) > > Created attachment 274203 [details] > > networkmanager-openconnect-0.8.4.ebuild proper > > > > - added nm-openconnect user > > - added --without-authdlg when USE="-gnome" > > - removed patch > > All looks good; thanks. I've committed a fix upstream to remove the need for > that --without-authdlg. > Okay, just let me know when the flag can be removed. > > Nevertheless it does not show up in the KDE NetworkManager applet... > > I'll be happy to help you fix that... :) > Do you have any clue why it does not show up? Cheers, Bjoern
(In reply to comment #16) > Okay, just let me know when the flag can be removed. The fix is in the upstream network-manager-openconnect git repository already. The next release will have it, or you can apply that patch to your own builds. > > > Nevertheless it does not show up in the KDE NetworkManager applet... > > Do you have any clue why it does not show up? The KDE NetworkManager applet does not use any of the same UI code for the VPNs. It has its *own* support for the various types of VPN... but not for openconnect. Someone will need to add support for openconnect. Mostly you can cut and paste the vpnc or openvpn support to get started, and change the names. See https://bugs.kde.org/show_bug.cgi?id=226028
(In reply to comment #17) > (In reply to comment #16) > > Okay, just let me know when the flag can be removed. > > The fix is in the upstream network-manager-openconnect git repository already. > The next release will have it, or you can apply that patch to your own builds. > I'll go for the next release since I mainly use openconnect as a service and not at all via NetworkManager. I just wanted to fix the ebuild _quickly_ :-( > > > > Nevertheless it does not show up in the KDE NetworkManager applet... > > > > Do you have any clue why it does not show up? > > The KDE NetworkManager applet does not use any of the same UI code for the > VPNs. It has its *own* support for the various types of VPN... but not for > openconnect. > > Someone will need to add support for openconnect. Mostly you can cut and paste > the vpnc or openvpn support to get started, and change the names. See > https://bugs.kde.org/show_bug.cgi?id=226028 > Okay, I see. I'll take a look, but since I have no clue how NetworkManager works, I am not sure if I can afford the time fixing this... as much as I wish I could :-( Anyone else around here? Cheers, Bjoern
I'll take over maintenance of this package and add it to the tree shortly.
Thanks! And as I can see, openconnect has been integrated into NM upstream, that makes things a lot easier. Cheers, Bjoern
I've now added networkmanager-openconnect plugins for NM-0.8 and NM-0.9 Unfortunately due to lack of hardware, I cannot test either of them except build issues.
You can configure and point it at a publicly known VPN server such as ucbvpn.berkeley.edu, and get as far as being told to sod off because you don't have a valid username/password. That's quite a useful test, and you will at least be able to install the n-m-openconnect support, configure and run it, and then file a bug against NetworkManager itself if the auth-dialog doesn't pop up. (Rebooting after installing n-m-openconnect will probably fix that bug, fwiw)
Testing with suggested method, I can see NM spawning helper process and asking for username and passsword: Aug 17 13:40:02 [kernel] [89400.340993] NetworkManager[374]: <info> Starting VPN service 'openconnect'... Aug 17 13:40:02 [kernel] [89400.342118] NetworkManager[374]: <info> VPN service 'openconnect' started (org.freedesktop.NetworkManager.openconnect), PID 5107 Aug 17 13:40:02 [kernel] [89400.353065] NetworkManager[374]: <info> VPN service 'openconnect' appeared; activating connections I can also see all groups available in dropdown menu (using KDE plasma frontend and NM-0.9). That makes me believe it should work just fine.
Can't test it. Gentoo x86_64: net-misc/networkmanager-openconnect-0.8.4 !!! dodoc: README does not exist dodoc failed