Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
sudo nmcli connection up id nl2-nodecentral-udp-udp
A password is required to connect to 'nl2-nodecentral-udp-udp'.
Warning: password for 'vpn.secrets.password' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
The link originally shared gives me a couple of options
Trying to connect with the above script may still fail with NetworkManager-dispatcher.service complaining about 'no valid VPN secrets', because of the way VPN secrets are stored. Fortunately, there are different options to give the above script access to your VPN password.
1: One of them requires editing the VPN connection configuration file to make NetworkManager store the secrets by itself rather than inside a keyring that will be inaccessible for root: open up /etc/NetworkManager/system-connections/name of your VPN connection and change the password-flags and secret-flags from 1 to 0.
If that alone does not work, you may have to create a passwd-file in a safe location with the same permissions and ownership as the dispatcher script,
2: Alternatively, change the password-flags and put the password directly in the configuration file adding the section vpn-secrets:
Do you have any Idea why I have to store my credentials again, when I already have the username and password for the nl2.nodecentral-utp-utp VPN configuration stored in the Network Manager UI under ‘Identity’ ?
Looking under the NetworkManager/system-connections/ folder I have two connections listed.
They look like they relate to the two connections I have listed on the Network Manager UI?
Unfortunately I can’t open the nmconnection file via the UI, it states that the file is of an unknown file type, but could the user/password be in there?
If it doesn't work by using the GUI, check the file contents through your terminal.
What is the value of 'password-flags' and 'secret-flags'?
If both are set to '0', follow the guide from the arch Wiki you mentioned before:
create a passwd-file in a safe location (/path/to/passwd-file) with the same permissions and ownership as the dispatcher script, containing the following:
School-boy error - I had been checking/changing the vpn name to try out other connections, and it looks like the one in up-vpn.sh was slightly different, and that looks like it was the issue.
I’m noticing that the automatic turning on of the vpn, often fails and I think it’s because it occurs too quickly - as running it again it normally works.
Is there a way to slightly delay the execution of the up-vpn.sh script ?
Or is there maybe a way it could retry the connection again, if first unsuccessful (e.g try up to 5 times if needed before reporting a failure?)
I’m noticing that the automatic turning on of the vpn, often fails and I think it’s because it occurs too quickly - as running it again it normally works.
It cannot start too quickly as the script is only started when the interface is up and running (issued by event).
oliverm wrote:
I have the same problems.I’m really interested in all VPN world, so would be great if you do more this type of question and answers about how/where/when to use a VPN
There's not much more to go on here, we have to enable extra logging.
Edit the file '/etc/NetworkManager/NetworkManager.conf' and add (or change to INFO):
# http://forums.debian.net/viewtopic.php?f=10&t=145355
#!/bin/sh
VPN_NAME="nl2-nodecentral-udp-udp"
interface=$1 status=$2
case $status in
up|vpn-down)
nmcli connection up id "$VPN_NAME"
;;
down)
if nmcli connection show --active | grep "$VPN_NAME"; then
nmcli connection down id "$VPN_NAME"
fi
;;
esac
# Also to enable dispatcher, run:
# sudo systemctl enable NetworkManager-dispatcher.service
#!/bin/sh
LAN_INTERFACE="ens3"
VPN_NAME="nl2-nodecentral-udp-udp"
interface=$1 status=$2
if [ "$1" = "$LAN_INTERFACE" ]; then
case $status in
up|vpn-down)
nmcli connection up id "$VPN_NAME"
;;
down)
if nmcli connection show --active | grep "$VPN_NAME"; then
nmcli connection down id "$VPN_NAME"
fi
;;
esac
fi
#!/bin/sh -e
# Script to dispatch NetworkManager events
#
# Runs ifupdown scripts when NetworkManager fiddles with interfaces.
# See NetworkManager(8) for further documentation of the dispatcher events.
# We do not handle connectivity-change events in ifupdown so simply exit at
# this point
if [ "$2" = "connectivity-change" ]; then
exit 0;
fi
if [ -z "$1" ]; then
echo "$0: called with no interface" 1>&2
exit 1;
fi
if [ -n "$IP4_NUM_ADDRESSES" ] && [ "$IP4_NUM_ADDRESSES" -gt 0 ]; then
ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet"
fi
if [ -n "$IP6_NUM_ADDRESSES" ] && [ "$IP6_NUM_ADDRESSES" -gt 0 ]; then
ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet6"
fi
# If we have a VPN connection ignore the underlying IP address(es)
if [ "$2" = "vpn-up" ] || [ "$2" = "vpn-down" ]; then
ADDRESS_FAMILIES=""
fi
if [ -n "$VPN_IP4_NUM_ADDRESSES" ] && [ "$VPN_IP4_NUM_ADDRESSES" -gt 0 ]; then
ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet"
fi
if [ -n "$VPN_IP6_NUM_ADDRESSES" ] && [ "$VPN_IP6_NUM_ADDRESSES" -gt 0 ]; then
ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet6"
fi
# We're probably bringing the interface down.
[ -n "$ADDRESS_FAMILIES" ] || ADDRESS_FAMILIES="inet"
# Fake ifupdown environment
export IFACE="$1"
export LOGICAL="$1"
export METHOD="NetworkManager"
export VERBOSITY="0"
for i in $ADDRESS_FAMILIES; do
export ADDRFAM="$i"
# Run the right scripts
case "$2" in
up|vpn-up)
export MODE="start"
export PHASE="post-up"
run-parts /etc/network/if-up.d
;;
down|vpn-down)
export MODE="stop"
export PHASE="post-down"
run-parts /etc/network/if-post-down.d
;;
# pre-up/pre-down not implemented. See
# https://bugzilla.gnome.org/show_bug.cgi?id=387832
# pre-up)
# export MODE="start"
# export PHASE="pre-up"
# run-parts /etc/network/if-pre-up.d
# ;;
# pre-down)
# export MODE="stop"
# export PHASE="pre-down"
# run-parts /etc/network/if-down.d
# ;;
hostname|dhcp4-change|dhcp6-change)
# Do nothing
;;
*)
echo "$0: called with unknown action \`$2'" 1>&2
exit 1
;;
esac
done
And I’ve updated the up-vpn.sh to be as you suggested.
#!/bin/sh
LAN_INTERFACE="ens3"
VPN_NAME="nl2-nodecentral-udp-udp"
interface=$1 status=$2
if [ "$1" = "$LAN_INTERFACE" ]; then
case $status in
up|vpn-down)
nmcli connection up id "$VPN_NAME"
;;
down)
if nmcli connection show --active | grep "$VPN_NAME"; then
nmcli connection down id "$VPN_NAME"
fi
;;
esac
fi